Risk Register
ISO 31000-aligned security risk management with treatment plans and review workflow.
Risk Heat Map
5×5 likelihood vs consequence matrix
Inadequate Security Governance
Lack of formal security governance structure leading to non-compliance with DISP requirements and potential loss of membership.
Security Risk Assessment Gaps
Failure to identify and assess security risks leading to unmitigated threats to Defence information.
Personnel Security Awareness Gaps
Personnel unaware of security obligations leading to inadvertent disclosure or mishandling of Defence information.
Inadequate Incident Response
Inability to detect, respond to, and report security incidents within the 24-hour DISP requirement.
Insider Threat
Personnel with access to Defence information acting maliciously or being compromised by external actors.
Unauthorised Physical Access
Unauthorised persons gaining access to areas where Defence information is stored or processed.
Ransomware / Malware Attack
Ransomware or malware compromising systems containing Defence information, causing data loss or exfiltration.
Credential Compromise / Phishing
User credentials compromised through phishing or social engineering, enabling unauthorised access.
Data Loss / Backup Failure
Loss of Defence information due to system failure, accidental deletion, or backup inadequacy.
Unpatched Systems
Exploitation of known vulnerabilities in unpatched applications or operating systems.
Supply Chain Compromise
Subcontractor or supplier security failure exposing Defence information or introducing vulnerabilities.
Business Continuity Failure
Inability to maintain Defence operations during a disruption (natural disaster, pandemic, key person loss).