2d3495e5-4163-45f1-9133-80cc1c64257e 1 Pending 0001-01-01T00:00:00 5000 EUR 2023-03-14T13:13:35.0073036 2023-05-03T12:03:14.0632393 26da3fdf-2e39-466d-a28d-ba4648fbdca8 2d3495e5-4163-45f1-9133-80cc1c64257e In-house developed SW 20 1 3 2023-03-14T13:48:52.9739328 2023-05-03T12:02:21.8509183 596e92dd-0635-42e2-ac10-6951b6b23751 26da3fdf-2e39-466d-a28d-ba4648fbdca8 Intrusion in in-house developed SW code 7.2 5 10 9.01 10 010056c9-6ab5-496f-ba7b-e5ef0daba6ed 2023-03-14T16:23:09.4276689 2023-03-14T16:23:09.427669 00498dd8-e114-4ffb-b367-0638700e7234 596e92dd-0635-42e2-ac10-6951b6b23751 0bef1421-ae67-4c45-b80f-a8e95d0ead74 Prevention 0.2 3d9bcc0a-0be6-4b12-ac9b-bbd6727a320e 596e92dd-0635-42e2-ac10-6951b6b23751 0835c1d3-d591-497e-9f76-e3acbe73a4e1 Barrier 0.2 49d8bf38-952f-4cf8-98f5-d7ae76371b30 596e92dd-0635-42e2-ac10-6951b6b23751 380a4a33-31cc-41cf-bd82-5a8538710bfd Prevention 0.06 6684e50b-b31f-4a7a-80c6-ce5ab502731c 596e92dd-0635-42e2-ac10-6951b6b23751 1b22631c-de10-4650-ac0e-168f6aa01be9 Prevention 0.2 7eb2da24-47e5-46bb-9d45-fcc68d0b37f9 596e92dd-0635-42e2-ac10-6951b6b23751 925b0f9c-aa7b-47da-931e-19646c08e0e4 Prevention 0.05 967849fd-d8d6-459d-bc56-166ef1b52d02 596e92dd-0635-42e2-ac10-6951b6b23751 bd5d85c3-b7c8-4151-9bbd-325d90231cef Prevention 0.2 ab429e07-cdbd-4d44-b774-c62c7dcf2f9c 596e92dd-0635-42e2-ac10-6951b6b23751 33cb48c5-907a-4371-a79c-3a5515a2cf05 Barrier 1 cd9c2ade-ee7a-4d65-94db-ebe878ad7fb2 596e92dd-0635-42e2-ac10-6951b6b23751 fde3b948-e7ed-419a-84bf-3e8b208e7bcf Prevention 0.2 e63fce95-abf4-41a0-9959-bf52952f2d8a 596e92dd-0635-42e2-ac10-6951b6b23751 38c30d18-46cb-47a7-ac1b-8a981a397b68 Prevention 0.2 ee73be4a-8aa1-46a9-8d53-64c3da4730b8 596e92dd-0635-42e2-ac10-6951b6b23751 045634a3-8516-4449-b3e7-5bcbe49a4d37 Prevention 0.2 11d75054-b17f-4ccf-9e61-209bfa328e02 596e92dd-0635-42e2-ac10-6951b6b23751 Software design does not respect cybersecurity standards 2023-03-14T16:23:09.4330144 2023-03-14T16:23:09.4330145 360 0 0 true true true 0 0 0 1 29c5cc53-a0dd-43b9-a904-49803bfd2397 2d3495e5-4163-45f1-9133-80cc1c64257e Service provides 100 1 6 2023-03-14T14:05:44.8930103 2023-03-14T14:08:36.2593758 010565bd-edbd-4eaa-8493-ab7b07378d32 29c5cc53-a0dd-43b9-a904-49803bfd2397 Supply-chain intrusion aimed to service unavailability 9.01 10 10 9.01 10 cbf8b0b9-f882-4ad3-aa37-504e0803525c 2023-03-14T16:06:58.0228206 2023-03-14T16:06:58.0228208 10d9e4cf-d7fd-4457-a7f0-443127704690 010565bd-edbd-4eaa-8493-ab7b07378d32 5afb5f59-04b8-4f44-b45a-9409d6e164c5 Prevention 0.2 7a9372c6-739c-49eb-aa3a-fb83816c74a0 010565bd-edbd-4eaa-8493-ab7b07378d32 d562a81b-5dd5-4911-ac67-00757ee1b638 Barrier 0.2 84cc90e2-5196-4516-a00e-04e899f3f117 010565bd-edbd-4eaa-8493-ab7b07378d32 c9394a26-198f-45cc-bb0f-d6c0ded6c86a Prevention 0.06 8ab4e6d9-e7c0-482d-b59c-b2c2c42bc1ea 010565bd-edbd-4eaa-8493-ab7b07378d32 1b22631c-de10-4650-ac0e-168f6aa01be9 Prevention 0.2 97018484-e418-440c-b136-e0dc4f6dec22 010565bd-edbd-4eaa-8493-ab7b07378d32 fe49eda4-503c-483a-ad5a-7981c41264c5 Prevention 0.2 a5c1dfe9-3808-4915-b26a-fc311d1c25db 010565bd-edbd-4eaa-8493-ab7b07378d32 78dc9631-2447-47ce-a86f-02dbd469a235 Barrier 1 b8a3a94b-8fb0-43e6-bfee-6e24ba2ee360 010565bd-edbd-4eaa-8493-ab7b07378d32 fc63e109-2338-4681-b508-813ef3ca1228 Prevention 0.2 c18c3d20-50c7-42eb-a299-3c00fb1ef527 010565bd-edbd-4eaa-8493-ab7b07378d32 045634a3-8516-4449-b3e7-5bcbe49a4d37 Prevention 0.2 c932b2c7-c388-4125-8e37-b268ff602ea0 010565bd-edbd-4eaa-8493-ab7b07378d32 29bddcbd-f4fc-4235-aff9-c2c84d55ce15 Prevention 0.2 f80e61ca-4573-492a-b618-819652de987c 010565bd-edbd-4eaa-8493-ab7b07378d32 5ff93b1c-b369-42c9-9818-349e2677db66 Barrier 0.2 7231e341-08f1-4472-9ddf-0e6705162284 010565bd-edbd-4eaa-8493-ab7b07378d32 0835c1d3-d591-497e-9f76-e3acbe73a4e1 Barrier 0.2 e37a7bb1-693f-4469-90bf-c2a91b37db62 010565bd-edbd-4eaa-8493-ab7b07378d32 Supplier fails to behave safely; vulnerability in supplier's system 2023-03-14T16:06:58.0303224 2023-03-14T16:06:58.0303224 901 0 0 true true true 0 0 0 2 794fd911-6725-4e31-be93-161261efa283 29c5cc53-a0dd-43b9-a904-49803bfd2397 Supply-chain intrusion aimed to data leak 9.01 5 10 9.01 10 010056c9-6ab5-496f-ba7b-e5ef0daba6ed 2023-03-14T14:07:03.2807754 2023-03-14T14:07:03.2807756 24dffc45-1dc0-46cb-a3d6-3b202b038936 794fd911-6725-4e31-be93-161261efa283 045634a3-8516-4449-b3e7-5bcbe49a4d37 Prevention 0.2 3f197466-58af-4e3d-9130-9ed59524883b 794fd911-6725-4e31-be93-161261efa283 18a8ebd2-7816-4a98-b080-6b7361c9a926 Barrier 1 68758b26-a381-4f5c-9d52-14be929f6d22 794fd911-6725-4e31-be93-161261efa283 1b22631c-de10-4650-ac0e-168f6aa01be9 Prevention 0.2 a3599391-8ed0-4b53-ab72-e71cdf67f2f7 794fd911-6725-4e31-be93-161261efa283 29bddcbd-f4fc-4235-aff9-c2c84d55ce15 Prevention 0.2 aa530480-9aa6-4a77-b22a-c5737358889e 794fd911-6725-4e31-be93-161261efa283 2dbc1800-656c-4b88-b7f5-ac8ab00a1121 Prevention 0.06 e41ade89-2198-4bd3-9ed5-4e207fe75252 794fd911-6725-4e31-be93-161261efa283 0835c1d3-d591-497e-9f76-e3acbe73a4e1 Barrier 0.2 aed6d581-0a09-49d9-8da6-2c4a1a16d5e0 794fd911-6725-4e31-be93-161261efa283 Supplier fails to behave safely; vulnerability in supplier systems 2023-03-14T14:07:03.2859569 2023-03-14T14:07:03.2859569 450.5 0 0 true true true 0 0 0 1 6f8e3509-b268-4770-a766-8c52f876f9d2 2d3495e5-4163-45f1-9133-80cc1c64257e Reputation 100 1 4 2023-03-14T13:49:04.0220921 2023-03-14T13:49:04.0220921 ef6bc2be-6b6a-4ab4-88cb-5c4436102c49 6f8e3509-b268-4770-a766-8c52f876f9d2 Misinformation about institution's services 9.01 3 10 9.01 10 af3b2389-7b5a-4978-ac11-31cafa5a55f8 2023-03-14T16:17:26.3779535 2023-03-14T16:19:40.8910331 1fe88865-c97d-4eff-8b65-8c0d053fc719 ef6bc2be-6b6a-4ab4-88cb-5c4436102c49 18a81989-4ffe-4331-84bc-7deb5b4c15c8 Barrier 1 27b5148b-27a9-41d3-a998-7eeca7b899ce ef6bc2be-6b6a-4ab4-88cb-5c4436102c49 1b22631c-de10-4650-ac0e-168f6aa01be9 Prevention 0.2 4aa59a88-7035-489a-b1e1-c0755a7642d0 ef6bc2be-6b6a-4ab4-88cb-5c4436102c49 731a369b-a676-48e9-9849-ceb114742ec4 Barrier 0.05 4bf0e0ec-f94a-4b58-a203-fc35d02b4ba4 ef6bc2be-6b6a-4ab4-88cb-5c4436102c49 21682ac5-1099-4602-b46e-0622bf874cd9 Prevention 0.05 79f1c14a-a47f-458a-855f-5231aac3fb46 ef6bc2be-6b6a-4ab4-88cb-5c4436102c49 a182f5c6-0f8a-4087-a0c9-b097338e8da6 Prevention 0.05 d4897c7b-d1ef-46af-90ce-2b3b229443e1 ef6bc2be-6b6a-4ab4-88cb-5c4436102c49 cbb65692-77d8-46dd-a8e7-73fa0d43077d Prevention 0.06 d84a1526-c58a-46dc-9f88-290e1263e15c ef6bc2be-6b6a-4ab4-88cb-5c4436102c49 No monitoring of social media and news; uncontrolled outflow of information 2023-03-14T16:17:26.382841 2023-03-14T16:17:26.382841 270.3 0 0 true true true 0 0 0 1 a639b0de-39fa-4332-9380-4024f33b3023 2d3495e5-4163-45f1-9133-80cc1c64257e Staff 100 1 1 2023-03-14T13:24:34.4946051 2023-03-14T13:24:34.4946051 5bc58d7d-a9da-4ddd-af89-f60709f70167 a639b0de-39fa-4332-9380-4024f33b3023 Social engineering intrusion aimed to service unavailability 7.2 10 10 9.01 10 cbf8b0b9-f882-4ad3-aa37-504e0803525c 2023-03-14T13:39:47.6072003 2023-03-14T13:39:47.6072005 12824a72-0b4c-4886-b43e-73fa124b9331 5bc58d7d-a9da-4ddd-af89-f60709f70167 08cc4022-42c2-43cf-8efb-771a49c8085e Barrier 0.2 21e1e972-71d1-4d7c-8dca-51913f0c687f 5bc58d7d-a9da-4ddd-af89-f60709f70167 5b0cb7a1-2dd0-44f4-83b2-1ec6eb10ce00 Prevention 0.2 3b5d658a-7b53-4f69-83a6-721403758b0c 5bc58d7d-a9da-4ddd-af89-f60709f70167 0835c1d3-d591-497e-9f76-e3acbe73a4e1 Barrier 0.2 550d3c8c-3ca5-4a30-842e-fa09c89bbb33 5bc58d7d-a9da-4ddd-af89-f60709f70167 c844114d-6a97-453e-bb52-4fd0e7b9b5b9 Barrier 0.2 6001e639-9c2b-4bea-a52b-f7577c9136bb 5bc58d7d-a9da-4ddd-af89-f60709f70167 29bddcbd-f4fc-4235-aff9-c2c84d55ce15 Prevention 0.2 6930f1e2-e515-4cf9-9bd9-ed50fe53027c 5bc58d7d-a9da-4ddd-af89-f60709f70167 0f2c50f1-5c6f-4c27-929c-a5c6df01f879 Barrier 0.2 6d96be39-656d-44d4-a7f7-29a124005fc0 5bc58d7d-a9da-4ddd-af89-f60709f70167 c08e1a23-0305-4f06-a398-4274f9fe4191 Barrier 1 70965988-1fb2-4444-8f54-10d3846ca2cf 5bc58d7d-a9da-4ddd-af89-f60709f70167 0b61dd5e-28c0-42b5-b29f-6b0da0167b91 Prevention 0.2 7acb0814-25ae-4e1f-99bc-4341ab1af0dd 5bc58d7d-a9da-4ddd-af89-f60709f70167 1b22631c-de10-4650-ac0e-168f6aa01be9 Prevention 0.2 80f2a558-deec-4623-8b82-7bbbe2db0696 5bc58d7d-a9da-4ddd-af89-f60709f70167 29719fd0-a875-4431-8a73-b5a4c12e50e4 Prevention 0.06 93de8f1b-7af5-4ab4-8d81-c600d436a14f 5bc58d7d-a9da-4ddd-af89-f60709f70167 c49b99ef-6ad1-48e4-b7c8-a2c9b51ca14f Barrier 0.2 b4220ace-ed41-4942-b55c-adc24b6feaa0 5bc58d7d-a9da-4ddd-af89-f60709f70167 2e09f1f5-8331-4d15-a206-4de443fdeaa6 Prevention 0.2 b9c85bb2-6546-4bd7-b2fd-73ff010ee28f 5bc58d7d-a9da-4ddd-af89-f60709f70167 045634a3-8516-4449-b3e7-5bcbe49a4d37 Prevention 0.2 c4c4233f-a1b0-4d10-b9c5-43d329d89694 5bc58d7d-a9da-4ddd-af89-f60709f70167 55f0cc21-391b-4cff-a8d1-210a41daa7b6 Prevention 0.2 c81fb668-3655-42ac-9516-37971bbffbf4 5bc58d7d-a9da-4ddd-af89-f60709f70167 3cf84e4f-c52e-4423-a1d8-f35faee99b76 Prevention 0.2 dd190008-6785-4121-97a3-2376e8851096 5bc58d7d-a9da-4ddd-af89-f60709f70167 08ac5c2a-eb5f-45b5-93a6-34e018dc2539 Prevention 0.2 e20f29b5-e8dd-4cfb-989e-3d2e5e36c1a9 5bc58d7d-a9da-4ddd-af89-f60709f70167 8cfec508-ed24-44fa-ba70-469c77f311ea Prevention 0.2 fa91ae10-ed54-4431-ae36-0e54c8e7fb6e 5bc58d7d-a9da-4ddd-af89-f60709f70167 3222f0de-07d4-43bd-9107-7a26e8672c58 Barrier 0.2 fcfa2953-83d1-4e24-a107-bc89df335204 5bc58d7d-a9da-4ddd-af89-f60709f70167 4be50be7-5100-45a0-a720-3709ce47e4f0 Prevention 0.2 faa2e72e-d783-43f5-8e84-7cd19f6f5951 5bc58d7d-a9da-4ddd-af89-f60709f70167 057c7070-67d5-4346-83ed-e3f431e656b6 Prevention 0.2 f62ee36c-464b-4e18-8b13-e9eb864d3f23 5bc58d7d-a9da-4ddd-af89-f60709f70167 Staff do not follow security procedures 2023-03-14T13:39:47.6123988 2023-03-14T13:39:47.6123988 720 0 0 true true true 0 0 0 2 af1fe587-b25f-4155-96be-9ffc3abe7734 a639b0de-39fa-4332-9380-4024f33b3023 Social engineering intrusion aimed to data leak 9.01 5 10 9.01 10 010056c9-6ab5-496f-ba7b-e5ef0daba6ed 2023-03-14T13:26:59.2812517 2023-03-14T13:28:07.7855227 0b93fd5d-6d79-4711-8205-711d47f09bd9 af1fe587-b25f-4155-96be-9ffc3abe7734 08ac5c2a-eb5f-45b5-93a6-34e018dc2539 Prevention 0.2 129ad64a-ca3b-4918-86cc-f08a44b6afdf af1fe587-b25f-4155-96be-9ffc3abe7734 3cf84e4f-c52e-4423-a1d8-f35faee99b76 Prevention 0.2 1703238d-f5af-46ea-acf9-38ad6350b0d1 af1fe587-b25f-4155-96be-9ffc3abe7734 045634a3-8516-4449-b3e7-5bcbe49a4d37 Prevention 0.2 18089711-b76c-4b1c-a5c9-feadf2a582cb af1fe587-b25f-4155-96be-9ffc3abe7734 4be50be7-5100-45a0-a720-3709ce47e4f0 Prevention 0.2 4b1b0d2b-e83d-41d0-8916-df0ec0e6e068 af1fe587-b25f-4155-96be-9ffc3abe7734 0835c1d3-d591-497e-9f76-e3acbe73a4e1 Barrier 0.2 578ced42-a850-4f47-a434-bd91742dff78 af1fe587-b25f-4155-96be-9ffc3abe7734 29bddcbd-f4fc-4235-aff9-c2c84d55ce15 Prevention 0.2 6014ee94-a25c-41fe-9b05-7e35fc262f33 af1fe587-b25f-4155-96be-9ffc3abe7734 1b22631c-de10-4650-ac0e-168f6aa01be9 Prevention 0.2 6af9e861-2999-4f87-97c4-d267c46f8b78 af1fe587-b25f-4155-96be-9ffc3abe7734 35ec75bf-67af-496d-b648-757c04295a2b Prevention 0.06 708b301a-ca2b-4ddd-b5c1-e7d51410b2e4 af1fe587-b25f-4155-96be-9ffc3abe7734 55f0cc21-391b-4cff-a8d1-210a41daa7b6 Prevention 0.2 c9e6f696-da88-4ccd-a239-dbc0827ca0d7 af1fe587-b25f-4155-96be-9ffc3abe7734 057c7070-67d5-4346-83ed-e3f431e656b6 Prevention 0.2 ca6268ce-86df-4fdd-8cfe-9b8497e4038d af1fe587-b25f-4155-96be-9ffc3abe7734 2e09f1f5-8331-4d15-a206-4de443fdeaa6 Prevention 0.2 d431bcbf-e323-4680-91b6-28026ea5902f af1fe587-b25f-4155-96be-9ffc3abe7734 8e0800d8-c418-4867-8f31-befc293c2572 Prevention 0.2 d5fcab50-82a9-453f-a3c2-9403ab9bb8cc af1fe587-b25f-4155-96be-9ffc3abe7734 84feb8bc-a4e1-42a1-b7b2-19768b42bced Barrier 0.2 e70010b5-5440-4058-942b-dcaeea1a0d25 af1fe587-b25f-4155-96be-9ffc3abe7734 c844114d-6a97-453e-bb52-4fd0e7b9b5b9 Barrier 0.2 fae8d45d-0c32-474b-a3bf-4e69a8a8bffc af1fe587-b25f-4155-96be-9ffc3abe7734 74f86da9-2e56-4d24-b6d3-7019b258b12b Barrier 1 18befdee-2d72-42e7-98bc-b198de9bae0d af1fe587-b25f-4155-96be-9ffc3abe7734 Staff do not follow security procedures 2023-03-14T13:26:59.362428 2023-03-14T13:26:59.3624282 450.5 0 0 true true true 0 0 0 1 d03a66f7-3dce-4b6b-ac85-adeb0fd1cfb7 2d3495e5-4163-45f1-9133-80cc1c64257e Commercial HW & SW 100 1 2 2023-03-14T13:48:38.8856397 2023-03-14T13:48:38.8856398 04b7b5db-70f1-48c9-bad4-e8471dddac07 d03a66f7-3dce-4b6b-ac85-adeb0fd1cfb7 Malware installation aimed to service unavailability 7.2 10 10 9.01 10 cbf8b0b9-f882-4ad3-aa37-504e0803525c 2023-03-14T13:56:34.3134285 2023-03-14T13:56:34.3134287 081163d4-0227-4a79-a67f-181cd095553b 04b7b5db-70f1-48c9-bad4-e8471dddac07 6a82306d-1f47-46cb-8e50-23f67b0d2332 Barrier 1 0a06c22c-4c03-4b13-b05a-5615e90dec51 04b7b5db-70f1-48c9-bad4-e8471dddac07 045634a3-8516-4449-b3e7-5bcbe49a4d37 Prevention 0.2 0e5e8492-6c3b-4f53-998c-514bf1410c2c 04b7b5db-70f1-48c9-bad4-e8471dddac07 08cc4022-42c2-43cf-8efb-771a49c8085e Barrier 0.2 1808a5df-6023-4be9-a6b7-f90af29af35e 04b7b5db-70f1-48c9-bad4-e8471dddac07 0b61dd5e-28c0-42b5-b29f-6b0da0167b91 Prevention 0.2 28fed4b5-b115-41a7-a604-6b75cec33dc7 04b7b5db-70f1-48c9-bad4-e8471dddac07 8cfec508-ed24-44fa-ba70-469c77f311ea Prevention 0.2 303115be-14e8-4246-a492-a2df8cdaf73b 04b7b5db-70f1-48c9-bad4-e8471dddac07 0f2c50f1-5c6f-4c27-929c-a5c6df01f879 Barrier 0.2 33e428a8-66db-4044-91a8-03de762adb16 04b7b5db-70f1-48c9-bad4-e8471dddac07 c844114d-6a97-453e-bb52-4fd0e7b9b5b9 Barrier 0.2 3e49bd5b-d5ad-458d-859e-899f55062780 04b7b5db-70f1-48c9-bad4-e8471dddac07 8e0800d8-c418-4867-8f31-befc293c2572 Prevention 0.2 4546e4ec-1bf3-4633-9066-9981be1d3879 04b7b5db-70f1-48c9-bad4-e8471dddac07 5b0cb7a1-2dd0-44f4-83b2-1ec6eb10ce00 Prevention 0.2 95a4ef7b-1018-40b4-8d33-0af28f365d5b 04b7b5db-70f1-48c9-bad4-e8471dddac07 3cf84e4f-c52e-4423-a1d8-f35faee99b76 Prevention 0.2 a035a273-4733-4fe7-96d7-5b73a35abde4 04b7b5db-70f1-48c9-bad4-e8471dddac07 c49b99ef-6ad1-48e4-b7c8-a2c9b51ca14f Barrier 0.2 a0867c6c-87d9-41cf-9c73-0d10022a3bd0 04b7b5db-70f1-48c9-bad4-e8471dddac07 cf17fc6b-25f4-4ed5-9d6b-91b203f23659 Prevention 0.2 a9bc09bf-f3b2-433c-bedf-429798b8a3e0 04b7b5db-70f1-48c9-bad4-e8471dddac07 3222f0de-07d4-43bd-9107-7a26e8672c58 Barrier 0.2 c07eda9e-7a21-4d22-8bf3-f73e0779db7b 04b7b5db-70f1-48c9-bad4-e8471dddac07 2e09f1f5-8331-4d15-a206-4de443fdeaa6 Prevention 0.2 c8e07500-952e-44d0-b6ff-968e9067d4ee 04b7b5db-70f1-48c9-bad4-e8471dddac07 94cfb8de-2fd1-4605-865f-f03fdea3bd08 Prevention 0.06 e7fbdbba-4d1a-4d68-bafd-1a9bbfcf755d 04b7b5db-70f1-48c9-bad4-e8471dddac07 1b22631c-de10-4650-ac0e-168f6aa01be9 Prevention 0.2 ed154fae-a237-4680-841f-a0b4f2ceb974 04b7b5db-70f1-48c9-bad4-e8471dddac07 29bddcbd-f4fc-4235-aff9-c2c84d55ce15 Prevention 0.2 fffdd2a4-337e-48d5-8746-9ab418cfe33b 04b7b5db-70f1-48c9-bad4-e8471dddac07 0835c1d3-d591-497e-9f76-e3acbe73a4e1 Barrier 0.2 6769620c-bbdd-4b27-b69a-345230b05493 04b7b5db-70f1-48c9-bad4-e8471dddac07 Staff do not follows security procedures; system vulnerability 2023-03-14T13:56:34.3191471 2023-03-14T13:56:34.3191471 720 0 0 true true true 0 0 0 2 588937d1-dd92-4716-a824-d1af88487953 d03a66f7-3dce-4b6b-ac85-adeb0fd1cfb7 Malware installation aimed to data leak 9.01 5 10 9.01 10 010056c9-6ab5-496f-ba7b-e5ef0daba6ed 2023-03-14T13:50:21.0065156 2023-03-14T13:50:21.0065157 099b9b87-dbac-41a6-8a2d-d73e71274dfd 588937d1-dd92-4716-a824-d1af88487953 cf17fc6b-25f4-4ed5-9d6b-91b203f23659 Prevention 0.2 09a61c47-746e-4180-a13a-5517db6a260c 588937d1-dd92-4716-a824-d1af88487953 3222f0de-07d4-43bd-9107-7a26e8672c58 Barrier 0.2 0f1e07f6-1f20-48d4-9e4f-140931be1d5b 588937d1-dd92-4716-a824-d1af88487953 0835c1d3-d591-497e-9f76-e3acbe73a4e1 Barrier 0.2 1c782097-e519-40f4-a857-611286b6a1d6 588937d1-dd92-4716-a824-d1af88487953 0b61dd5e-28c0-42b5-b29f-6b0da0167b91 Prevention 0.2 2b7e480f-51b9-48aa-82c1-19d764db0aa4 588937d1-dd92-4716-a824-d1af88487953 c844114d-6a97-453e-bb52-4fd0e7b9b5b9 Barrier 0.2 2db30aaf-a56f-442a-9a70-da19cc914852 588937d1-dd92-4716-a824-d1af88487953 3cf84e4f-c52e-4423-a1d8-f35faee99b76 Prevention 0.2 3590c354-061c-42e2-81d0-126e4489bc8f 588937d1-dd92-4716-a824-d1af88487953 0f2c50f1-5c6f-4c27-929c-a5c6df01f879 Barrier 0.2 4716d1f2-5af4-481d-afc7-9d5d973826e4 588937d1-dd92-4716-a824-d1af88487953 c226244d-588f-44dd-9c84-d43e32c7c852 Prevention 0.06 55a174ba-322d-430b-8501-58e5d49c9868 588937d1-dd92-4716-a824-d1af88487953 c49b99ef-6ad1-48e4-b7c8-a2c9b51ca14f Barrier 0.2 7ac4d34b-84d3-4c24-902d-457cfc35b234 588937d1-dd92-4716-a824-d1af88487953 1b22631c-de10-4650-ac0e-168f6aa01be9 Prevention 0.2 84b93316-b4af-49a9-911d-fdb0d5ea7d76 588937d1-dd92-4716-a824-d1af88487953 8e0800d8-c418-4867-8f31-befc293c2572 Prevention 0.2 a09ec701-c3be-4639-978b-c624fbc7f61f 588937d1-dd92-4716-a824-d1af88487953 045634a3-8516-4449-b3e7-5bcbe49a4d37 Prevention 0.2 bfa9c027-224e-4a57-87b7-aeee08091f4a 588937d1-dd92-4716-a824-d1af88487953 84feb8bc-a4e1-42a1-b7b2-19768b42bced Barrier 0.2 cd6d7f59-626a-4887-a305-f9136bb1f598 588937d1-dd92-4716-a824-d1af88487953 2e09f1f5-8331-4d15-a206-4de443fdeaa6 Prevention 0.2 d2b43981-69c7-4160-bff9-c8396a3794df 588937d1-dd92-4716-a824-d1af88487953 29bddcbd-f4fc-4235-aff9-c2c84d55ce15 Prevention 0.2 dfa4353f-5e1f-4668-baa6-171229dacba6 588937d1-dd92-4716-a824-d1af88487953 411b1a9a-60f9-4f71-b250-8c2f107d9e11 Barrier 1 07960ac1-e427-4cd1-9d4d-de68b20774ca 588937d1-dd92-4716-a824-d1af88487953 Staff do not follow safety procedures; system vulnerability 2023-03-14T13:50:21.0125 2023-03-14T13:50:21.0125001 450.5 0 0 true true true 0 0 0 1 ef60c35b-8dda-4f62-8a56-f46c1c1327d7 2d3495e5-4163-45f1-9133-80cc1c64257e AI models (local training) 20 1 5 2023-03-14T13:49:08.4366578 2023-05-03T12:02:30.2873767 af5fb0ce-5931-4023-a2f1-96b6ece8876c ef60c35b-8dda-4f62-8a56-f46c1c1327d7 Poisoning of AI training data 9.01 10 10 9.01 10 cbf8b0b9-f882-4ad3-aa37-504e0803525c 2023-03-14T16:12:12.2762266 2023-03-14T16:12:12.2762268 05af73e7-d415-4a61-aba1-b675afaaee99 af5fb0ce-5931-4023-a2f1-96b6ece8876c 6fe144ed-67ac-48ae-8c84-a11a3340cb81 Barrier 1 2ca137ed-3290-474c-bc96-d0280867bf14 af5fb0ce-5931-4023-a2f1-96b6ece8876c 909fc344-ba5c-460d-9024-21cb0a46d3d1 Barrier 0.2 72697141-ee10-49bb-ace8-b0cc3da29395 af5fb0ce-5931-4023-a2f1-96b6ece8876c 045634a3-8516-4449-b3e7-5bcbe49a4d37 Prevention 0.2 96c596fe-9c19-4545-92f8-99d1153937a8 af5fb0ce-5931-4023-a2f1-96b6ece8876c 8d8cd80c-3b63-4e2a-9efe-495cae16289b Prevention 0.06 a5a0b23f-c224-46de-ab28-7ef2b387c497 af5fb0ce-5931-4023-a2f1-96b6ece8876c a3adafe5-e4dc-47bb-8bdd-0632b2747bdb Barrier 0.2 3a447c2e-c3f9-47e6-ba0e-d0eee8a10d62 af5fb0ce-5931-4023-a2f1-96b6ece8876c Vulnerability of AI system; unsafe conduct of AI expert 2023-03-14T16:12:12.2818696 2023-03-14T16:12:12.2818696 901 0 0 true true true 0 0 0 1 045634a3-8516-4449-b3e7-5bcbe49a4d37 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 50000 10000 Assets inventory. Maintain an updated inventory of your assets ("digital footprint"). Include HW (e.g., servers), service provides and SW applications). Ensure your assets are inventoried, managed, and under control. Document protections and tests implemented for critical elements (e.g. servers, services and applications). If possible, have this inventory automatically checked. false Added 0.2 2023-03-14T13:32:01.209465 2023-05-03T11:38:20.7467193 057c7070-67d5-4346-83ed-e3f431e656b6 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 50000 20000 >Preventively register domains that resemble your organisation's name and assets, including alternative TLDs (top level domains). >Regularly review your domain settings to support anti-spoofing and authentication mechanisms to filter e-mail. >Subscribe to a feed of issued certificates (certificate transparency feed) and alert on names resembling your name or assets. >Monitor newly issued domains for names resembling your name or assets. >Subscribe to alerts from data breach monitoring sites. >Subscribe to alerts of the organisation assets being published on criminal forums. >Consider the use of the AIL (analysis information leak) framework false Added 0.2 2023-03-14T13:33:40.8822322 2023-05-03T11:47:15.2885225 0835c1d3-d591-497e-9f76-e3acbe73a4e1 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 0 50000 Review, update and possibly test the incident response plans: >Establish protocols for vulnerability disclosure, incident notification and communications with external stakeholders during incidents. >Ensure that your infrastructure is "forensic ready" (i.e., logs are collected to support incident response investigations). >Identify measures for operational continuity. The ransomware Response Checklist from CISA (Cybersecurity & infrastructure security agency) and the FIRST guidelines can help you. false Added 0.2 2023-03-14T13:30:10.3793013 2023-05-03T11:43:36.4502477 08ac5c2a-eb5f-45b5-93a6-34e018dc2539 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 0 50000 Simulate the hacker. Appoint someone to do regular OSINT (Open Source Investigation) research on your organisation taking on the role of an "outsider" looking for intrusion pathways. Apply this information for network intrusion prevention, web access and e-mail filtering. false Added 0.2 2023-03-14T13:32:30.5676735 2023-05-03T11:53:30.0316269 08cc4022-42c2-43cf-8efb-771a49c8085e 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 50000 10000 Monitor process execution to detect anomalies. >Track asset activity on and between internal networks (user, system and services logs, network data such as DNS queries and NetFlow, etc.). >Monitor process execution to detect anomalies. >Respond to suspicious activities. false Added 0.2 2023-03-14T13:46:30.7218456 2023-05-03T11:50:01.5788229 0b61dd5e-28c0-42b5-b29f-6b0da0167b91 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 0 10000 Keep SW up to date. >Perform regular vulnerability scanning to identify and address vulnerabilities. >Install updates and patches regularly, per your patch policy. Update and patch should become a mantra. >Pay special attention to the internet facing infrastructure. For instance, Mozi botnet continues to rely on the same set of older vulnerabilities, even those that are eight years old. false Added 0.2 2023-03-14T13:43:30.9173172 2023-05-03T11:48:46.6924896 0bef1421-ae67-4c45-b80f-a8e95d0ead74 2d3495e5-4163-45f1-9133-80cc1c64257e Active 50000 10000 Isolate legacy systems and development ('non-production') systems in separate network segments. false Added 0.2 2023-03-14T16:26:37.8423963 2023-05-03T11:48:25.8367579 0f2c50f1-5c6f-4c27-929c-a5c6df01f879 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 50000 10000 DER/XDR. Deploy EDR (Endpoint detection and response)/XDR (extended detection and response) and ensure that the signatures are up to date. These tools can block and alert on malicious activity false Added 0.2 2023-03-14T13:45:50.3672562 2023-05-03T11:41:55.8120702 18a81989-4ffe-4331-84bc-7deb5b4c15c8 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 1 2023-03-14T16:17:26.3832424 2023-05-03T11:58:58.530397 18a8ebd2-7816-4a98-b080-6b7361c9a926 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 1 2023-03-14T14:07:03.2863621 2023-05-03T12:00:42.8115416 1b22631c-de10-4650-ac0e-168f6aa01be9 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 0 100000 Training about cybersecurity. 1) Organize awareness trainings against new social engineering trends. Consider tailoring for different departments (administration, clinical staff, IT...). For instance employees should be able to: >Assessing received e-mail and sms. >Definition and use of safe passwords (for instance a unique password to access the internal system shall not be used for services of suppliers. 2) Simulate attacks for phishing, ransomware, and other attack types (training follow up). false Added 0.2 2023-03-14T13:34:11.0294614 2023-05-03T11:54:20.7301012 21682ac5-1099-4602-b46e-0622bf874cd9 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 0 25000 Training: Modern Media Literacy. Staff must be trained on how to understand, expect, and recognize disinformation and misinformation to reduce unintentional spreading of misinformation. Work on media literacy should provide tools to support people in debunking fake news through source identification and news and information checking. false Added 0.05 2023-03-14T16:20:46.809992 2023-05-03T11:54:34.3836129 29719fd0-a875-4431-8a73-b5a4c12e50e4 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 0.06 2023-03-14T13:39:47.6124026 2023-05-03T11:56:23.8251184 29bddcbd-f4fc-4235-aff9-c2c84d55ce15 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 50000 10000 Safe login. >Safely configure remote access technology or other exposed services. >Enforce MFA (multi factor authentication) and use of strong passwords >Support the use of unique and strong passwords. It is easier for the user to make the password stronger if it is only one. Multiple, weak passwords are dangerous because each of them can be broken with brute force attacks. >Setup tight controls on access by suppliers. >Enforce the use of encrypted communications. false Added 0.2 2023-03-14T13:36:04.8647357 2023-05-03T11:52:51.402593 2dbc1800-656c-4b88-b7f5-ac8ab00a1121 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 0.06 2023-03-14T14:07:03.2859666 2023-05-03T11:59:58.5496845 2e09f1f5-8331-4d15-a206-4de443fdeaa6 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 0 50000 Collaborate with peers and authorities > Establish a contact with national CERT (computer emergency response team). > Use the tools available for sharing malware information and -mitigation e.g., MISP (Malware Information Sharing Platform). > Enforce compliance and certification. Follow best practice. >Perform data security auditing. Security audits can be performed either by security experts or by a third party (e.g., with a penetration test). false Added 0.2 2023-03-14T13:36:29.3229429 2023-05-03T11:39:25.5163525 3222f0de-07d4-43bd-9107-7a26e8672c58 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 200000 30000 Adopt SIEM (security incident and event management). These solutions provide real-time analysis of security alerts generated by applications and network hardware. false Added 0.2 2023-03-14T13:45:22.5616457 2023-05-03T11:34:16.200703 33cb48c5-907a-4371-a79c-3a5515a2cf05 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 1 2023-03-14T16:23:09.4334083 2023-05-03T12:01:08.6813292 35ec75bf-67af-496d-b648-757c04295a2b 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 0.06 2023-03-14T13:26:59.3633306 2023-05-03T11:56:46.5686837 380a4a33-31cc-41cf-bd82-5a8538710bfd 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 0.06 2023-03-14T16:23:09.4330172 2023-05-03T11:57:37.044015 38c30d18-46cb-47a7-ac1b-8a981a397b68 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 10000 2000 Scan and audit containers before putting them into production. Use container image signing. false Added 0.2 2023-03-14T16:26:00.4429221 2023-05-03T11:53:15.3616897 3cf84e4f-c52e-4423-a1d8-f35faee99b76 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 10000 2000 Restrict SW execution. >Do not permit users to allow third-party application access. >Review consented permissions for external applications on a regular basis. >Create an allowlist (white list) to blocking any unauthorized software execution. Only allow applications from verified publishers or for specific low-risk permissions. false Added 0.2 2023-03-14T13:35:03.3152857 2023-05-03T11:51:46.3374369 411b1a9a-60f9-4f71-b250-8c2f107d9e11 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 1 2023-03-14T13:50:21.0129658 2023-05-03T12:01:27.9398976 4be50be7-5100-45a0-a720-3709ce47e4f0 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 10000 2000 Monitor disk image files. Deploy detection rules that alert on the presence (or opening) of disk image files on systems where these file types are not commonly present. Block the use of disk images exchanged via e-mail false Added 0.2 2023-03-14T13:34:35.1698534 2023-05-03T11:49:23.2027238 55f0cc21-391b-4cff-a8d1-210a41daa7b6 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 50000 5000 Filter emails. >Routinely review mail server configurations, employee mail settings and forwarding rules. >Identifying abnormal connections to mail servers. >Enable strong e-mail protection filters to prevent phishing e-mails from reaching end users (e.g., filter e-mails containing executable files and macros) >Notify a user when an e-mail is being sent from a user they have not interacted with before. false Added 0.2 2023-03-14T13:35:25.5331106 2023-05-03T11:42:59.9345613 5afb5f59-04b8-4f44-b45a-9409d6e164c5 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 0 0 Apply 'one strike and you’re out' policies with respect to vendor products that are either counterfeit or do not match specifications as contractually agreed and/or documented. false Added 0.2 2023-03-14T16:10:22.3278746 2023-03-14T16:10:22.3278747 5b0cb7a1-2dd0-44f4-83b2-1ec6eb10ce00 2d3495e5-4163-45f1-9133-80cc1c64257e Active 200000 30000 Restrict physical access. There should be no gap between physical security and cybersecurity. Ensure that physical access to devices is restricted and authenticated. false Added 0.2 2023-03-14T13:46:57.5209455 2023-05-03T11:51:26.4073972 5ff93b1c-b369-42c9-9818-349e2677db66 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 10000 PSIRT of suppliers. Get insight into the functioning and services of the PSIRTs (Product security incident response) of key suppliers, possibly with the help of the FIRST PSIRT Services Framework. It is strongly recommended that vendors start a PSIRT (according to the FIRST PSIRT Services Framework) and coordinate security communications with customers via this PSIRT. false Added 0.2 2023-03-14T16:09:20.5706555 2023-05-03T11:51:13.4490326 6a82306d-1f47-46cb-8e50-23f67b0d2332 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 1 2023-03-14T13:56:34.3195645 2023-05-03T12:01:17.4584378 6fe144ed-67ac-48ae-8c84-a11a3340cb81 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 1 2023-03-14T16:12:12.2823188 2023-05-03T12:00:50.9940767 731a369b-a676-48e9-9849-ceb114742ec4 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 0 25000 Social networks monitoring. Social network detection and mitigation are among the most important technical approaches for disinformation management. Countermeasures include: >Report fake accounts. >Publish fact check and debunking of false stories false Added 0.05 2023-03-14T16:21:20.4248959 2023-05-03T11:53:48.3620962 74f86da9-2e56-4d24-b6d3-7019b258b12b 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 1 2023-03-14T13:26:59.3699924 2023-05-03T11:56:58.3899234 78dc9631-2447-47ce-a86f-02dbd469a235 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 1 2023-03-14T16:06:58.0308756 2023-05-03T12:00:33.8481097 84feb8bc-a4e1-42a1-b7b2-19768b42bced 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 50000 10000 Data sanitization. Secure and permanent erasure of sensitive data from datasets whre these data are not needed. Pay attention both to databases and end-of-life electronic devices. Sanitization can be achieved with different techniques, including anonymization, generalization, encryption, masking, filtering. false Added 0.2 2023-03-14T13:37:44.2021596 2023-05-03T11:41:16.2782567 8cfec508-ed24-44fa-ba70-469c77f311ea 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 0 20000 FW and driver security. Ensure boot integrity, and require firmware and driver security. Ensure that all firmware and drivers installed on servers or end-user equipment follow the necessary security requirements and have the documentation needed to prove their compliance. false Added 0.2 2023-03-14T13:47:17.2232619 2023-05-03T11:43:20.1465827 8d8cd80c-3b63-4e2a-9efe-495cae16289b 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 0.06 2023-03-14T16:12:12.2818714 2023-05-03T11:59:16.8206922 8e0800d8-c418-4867-8f31-befc293c2572 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 20000 20000 Inspect the SSL/TLS traffic. >Allow the firewall to decrypt what is being transmitted to and from websites, e-mail communications, and mobile applications. >Model traffic trends and profiles: create a baseline and detection of anomalies. > Filter network traffic to prohibit ingress and egress communications with known malicious Internet protocol addresses false Added 0.2 2023-03-14T13:36:53.2017038 2023-05-03T11:46:53.1104672 909fc344-ba5c-460d-9024-21cb0a46d3d1 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 50000 50000 Adversarial training. Adversarial training is important to protect a ML model against inference-time attacks. It builds on training set augmentation (adversarial training), where adversarial data points are added to the training set to increase the resilience of the model against malicious data points. false Added 0.2 2023-03-14T16:13:47.3351331 2023-05-03T11:34:50.5379975 925b0f9c-aa7b-47da-931e-19646c08e0e4 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 50000 10000 Monitor in-house SW development. Implement continuous monitoring of sources of vulnerabilities and the use of tools for automatic and manual reviews of code. false Added 0.05 2023-03-14T16:24:38.0085238 2023-05-03T11:49:41.5326595 94cfb8de-2fd1-4605-865f-f03fdea3bd08 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 0.06 2023-03-14T13:56:34.3191494 2023-05-03T11:57:28.4121631 a182f5c6-0f8a-4087-a0c9-b097338e8da6 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 0 100000 Support high-quality media information. It is key to debunk fake news and disinformation. A chain of trust should be grounded on trusted news organizations. false Added 0.05 2023-03-14T16:20:21.0202027 2023-05-03T11:54:04.9797927 a3adafe5-e4dc-47bb-8bdd-0632b2747bdb 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 50000 50000 Countermeasures against data poisoning. Data poisoning can compromise the validity of AI (artificial intelligence) models. Poisoned data points can be filtered out with techniques like data points removal, replacement and healing. false Added 0.2 2023-03-14T16:13:05.2131342 2023-05-03T11:40:00.0748919 bd5d85c3-b7c8-4151-9bbd-325d90231cef 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 10000 2000 Protect SW developers accounts. Enable MFA for access to developer accounts false Added 0.2 2023-03-14T16:25:08.6154709 2023-05-03T11:50:19.0890189 c08e1a23-0305-4f06-a398-4274f9fe4191 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 1 2023-03-14T13:39:47.6128456 2023-05-03T11:55:41.2553193 c226244d-588f-44dd-9c84-d43e32c7c852 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 0.06 2023-03-14T13:50:21.012502 2023-05-03T11:57:20.8537467 c49b99ef-6ad1-48e4-b7c8-a2c9b51ca14f 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 50000 10000 Apply principles of least privilege and separation of duties. >Review access privileges when users change position or leave the organization. >Review network segmentation and limit access based on least privilege principles false Added 0.2 2023-03-14T13:44:11.9009541 2023-05-03T11:38:41.0903418 c844114d-6a97-453e-bb52-4fd0e7b9b5b9 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 200000 30000 Data backups: Data backups are fundamental to support prompt recovery from attacks. Ideally backup sites should be geographically distributed and separated to avoid being tampered by the same attack. Geographical redundancy can also help in preventing damages originating from natural disasters and sudden power outages. The use of data backups should be: >Part of the incident response plan, so that they can be used to ensure operational continuity . >Regularly tested. false Added 0.2 2023-03-14T13:38:07.4005463 2023-05-03T11:41:00.671604 c9394a26-198f-45cc-bb0f-d6c0ded6c86a 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 0.06 2023-03-14T16:06:58.030325 2023-05-03T12:00:23.8996792 cbb65692-77d8-46dd-a8e7-73fa0d43077d 2d3495e5-4163-45f1-9133-80cc1c64257e Active false Initial 0.06 2023-03-14T16:17:26.3828433 2023-05-03T11:58:48.4024114 cf17fc6b-25f4-4ed5-9d6b-91b203f23659 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 100000 15000 Malware and virus detection. Implement malware detection for all inbound/outbound channels, including e-mail, network, web, and application systems on all applicable platforms (i.e., servers, network infrastructure, personal computers, and mobile devices).Set antivirus/antimalware programs to conduct regular scans of IT network assets using up-to-date signatures. false Added 0.2 2023-03-14T13:54:59.2961921 2023-05-03T11:49:02.4005673 d562a81b-5dd5-4911-ac67-00757ee1b638 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 50000 100000 Establish a formal C-SCRM (Cyber Supply Chain Risk Management) programme. If necessary, appoint a dedicated third-party risk manager. false Added 0.2 2023-03-14T16:08:59.1718886 2023-05-03T11:42:30.6500554 fc63e109-2338-4681-b508-813ef3ca1228 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 10000 1000 Include security requirements in all RFPs (Request for Proposal, typically an offer) and contracts. false Added 0.2 2023-03-14T16:10:52.8923234 2023-05-03T11:46:31.566696 fde3b948-e7ed-419a-84bf-3e8b208e7bcf 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 50000 10000 false Added 0.2 2023-03-14T16:25:26.5537468 2023-05-03T11:37:17.8431111 fe49eda4-503c-483a-ad5a-7981c41264c5 2d3495e5-4163-45f1-9133-80cc1c64257e Potential 0 50000 Audit suppliers. Use third-party assessments, site visits and formal certification to assess critical suppliers. Look beyond the software (or hardware) product and examine suppliers' approach towards cybersecurity. Trust, but verify.Review third-party services risks, specifically those related to remote access and IT management false Added 0.2 2023-03-14T16:09:51.6428453 2023-05-03T11:39:06.8858984 010056c9-6ab5-496f-ba7b-e5ef0daba6ed Remediation costs for data leak true 2000 2023-03-14T13:28:07.7861643 2023-03-14T13:28:07.7861644 2d3495e5-4163-45f1-9133-80cc1c64257e af3b2389-7b5a-4978-ac11-31cafa5a55f8 Damage related to worsening of reputation true 2000 2023-03-14T16:17:26.3828387 2023-03-14T16:17:26.3828388 2d3495e5-4163-45f1-9133-80cc1c64257e cbf8b0b9-f882-4ad3-aa37-504e0803525c Interruption of patients care true 2000 2023-03-14T13:39:47.612397 2023-03-14T13:39:47.6123971 2d3495e5-4163-45f1-9133-80cc1c64257e {"cells":[{"type":"app.Step","size":{"width":480,"height":240},"shapeType":"process","position":{"x":70,"y":35},"angle":0,"paperSize":{"width":90,"height":50},"id":"27bbf6c4-715f-4ce6-a053-2195a3b6f9c1","isInitialized":true,"z":1,"attrs":{"root":{"dataTooltipPosition":"left"},"body":{"refD":"M1.5 21.5h60v21h-60z"},"label":{"textWrap":{"width":"85%","text":""},"fontSize":12,"refX2":0,"refY2":0}}},{"type":"app.Step","size":{"width":230,"height":170},"shapeType":"process","position":{"x":100,"y":70},"angle":0,"paperSize":{"width":90,"height":50},"id":"b840ed5f-5216-4eca-a765-f90494487c09","isInitialized":true,"z":2,"attrs":{"root":{"dataTooltipPosition":"left"},"body":{"refD":"M1.5 21.5h60v21h-60z"},"label":{"textWrap":{"width":"85%","text":""},"refX2":0,"refY2":0}}},{"type":"app.Text","position":{"x":70,"y":-15},"size":{"width":160,"height":50},"angle":0,"paperSize":{"width":90,"height":50},"id":"747e5003-773e-4273-891e-42fcbbbecc39","z":3,"attrs":{"label":{"textWrap":{"text":"Cybersecurity relevant assets"},"fontSize":12},"root":{"dataTooltipPosition":"left"}}},{"type":"app.Text","position":{"x":120,"y":60},"size":{"width":90,"height":50},"angle":0,"paperSize":{"width":90,"height":50},"id":"be22cc3c-96f1-4dd1-b565-643bfce71b12","z":4,"attrs":{"label":{"textWrap":{"text":"HW & SW"},"fontSize":12},"root":{"dataTooltipPosition":"left"}}},{"type":"app.Step","size":{"width":180,"height":50},"shapeType":"process","position":{"x":120,"y":110},"angle":0,"paperSize":{"width":90,"height":50},"id":"9a9d7687-438f-4ec1-bb4f-32fa78d07197","isInitialized":true,"z":5,"attrs":{"root":{"dataTooltipPosition":"left"},"custom":{"template":"transparent","stepId":"d03a66f7-3dce-4b6b-ac85-adeb0fd1cfb7","stepDesc":"Commercial HW & SW","hasSubSteps":false,"subStepCount":0},"stepBody":{"display":""},"stepBodyText":{"display":""},"refBody":{"refWidth2":-90},"body":{"refD":"M1.5 21.5h60v21h-60z"},"label":{"textWrap":{"width":"85%","text":"2. Commercial HW & SW"},"fontSize":12,"refX2":0,"refY2":0},"tspanFR":{"text":"F: 100% R: 1"},"tspanNeff":{"text":"Neff: "},"tspanNeffNormal":{"text":""},"tspanNeffStrike":{"text":"360.00"},"tspanNeffPotential":{"text":" <0.01 "},"tspanFM":{"text":"Failure modes:"},"tspanAcceptable":{"text":" 0 "},"tspanTolerable":{"text":" 0 "},"tspanNotAcceptable":{"text":" 2"}}},{"type":"app.Step","size":{"width":180,"height":50},"shapeType":"process","position":{"x":120,"y":172},"angle":0,"paperSize":{"width":90,"height":50},"id":"be006264-6cc5-4a1f-b404-80275b1ce2eb","isInitialized":true,"z":6,"attrs":{"root":{"dataTooltipPosition":"left"},"custom":{"stepId":"26da3fdf-2e39-466d-a28d-ba4648fbdca8","stepDesc":"In-house developed SW","hasSubSteps":false,"subStepCount":0},"stepBody":{"display":""},"stepBodyText":{"display":""},"refBody":{"refWidth2":-90},"body":{"refD":"M1.5 21.5h60v21h-60z"},"label":{"textWrap":{"width":"85%","text":"3. In-house developed SW"},"fontSize":12,"refX2":0,"refY2":0},"tspanFR":{"text":"F: 20% R: 1"},"tspanNeff":{"text":"Neff: "},"tspanNeffNormal":{"text":""},"tspanNeffStrike":{"text":"12.00"},"tspanNeffPotential":{"text":" <0.01 "},"tspanFM":{"text":"Failure modes:"},"tspanAcceptable":{"text":" 0 "},"tspanTolerable":{"text":" 1 "},"tspanNotAcceptable":{"text":" 0"}}},{"type":"app.Step","size":{"width":180,"height":50},"shapeType":"process","position":{"x":352.5,"y":70},"angle":0,"paperSize":{"width":90,"height":50},"id":"beafb1db-dbe3-4d01-97b5-79089982253b","isInitialized":true,"z":7,"attrs":{"root":{"dataTooltipPosition":"left"},"custom":{"stepId":"ef60c35b-8dda-4f62-8a56-f46c1c1327d7","stepDesc":"AI models (local training)","hasSubSteps":false,"subStepCount":0},"stepBody":{"display":""},"stepBodyText":{"display":""},"refBody":{"refWidth2":-90},"body":{"refD":"M1.5 21.5h60v21h-60z"},"label":{"textWrap":{"width":"85%","text":"5. AI models (local training)"},"fontSize":12,"refX2":0,"refY2":0},"tspanFR":{"text":"F: 20% R: 1"},"tspanNeff":{"text":"Neff: "},"tspanNeffNormal":{"text":""},"tspanNeffStrike":{"text":"60.00"},"tspanNeffPotential":{"text":" 0.48 "},"tspanFM":{"text":"Failure modes:"},"tspanAcceptable":{"text":" 0 "},"tspanTolerable":{"text":" 0 "},"tspanNotAcceptable":{"text":" 1"}}},{"type":"app.Step","size":{"width":180,"height":50},"shapeType":"process","position":{"x":352.5,"y":130},"angle":0,"paperSize":{"width":90,"height":50},"id":"20d4387b-aece-4813-97d1-1aa46020a4f2","isInitialized":true,"z":8,"attrs":{"root":{"dataTooltipPosition":"left"},"custom":{"stepId":"a639b0de-39fa-4332-9380-4024f33b3023","stepDesc":"Staff","hasSubSteps":false,"subStepCount":0},"stepBody":{"display":""},"stepBodyText":{"display":""},"refBody":{"refWidth2":-90},"body":{"refD":"M1.5 21.5h60v21h-60z"},"label":{"textWrap":{"width":"85%","text":"1. Staff"},"fontSize":12,"refX2":0,"refY2":0},"tspanFR":{"text":"F: 100% R: 1"},"tspanNeff":{"text":"Neff: "},"tspanNeffNormal":{"text":""},"tspanNeffStrike":{"text":"360.00"},"tspanNeffPotential":{"text":" <0.01 "},"tspanFM":{"text":"Failure modes:"},"tspanAcceptable":{"text":" 0 "},"tspanTolerable":{"text":" 0 "},"tspanNotAcceptable":{"text":" 2"}}},{"type":"app.Step","size":{"width":180,"height":50},"shapeType":"process","position":{"x":352.5,"y":190},"angle":0,"paperSize":{"width":90,"height":50},"id":"8c2cb919-6629-4307-8fad-caf90fb03657","isInitialized":true,"z":9,"attrs":{"root":{"dataTooltipPosition":"left"},"custom":{"stepId":"6f8e3509-b268-4770-a766-8c52f876f9d2","stepDesc":"Reputation","hasSubSteps":false,"subStepCount":0},"stepBody":{"display":""},"stepBodyText":{"display":""},"refBody":{"refWidth2":-90},"body":{"refD":"M1.5 21.5h60v21h-60z"},"label":{"textWrap":{"width":"85%","text":"4. Reputation"},"fontSize":12,"refX2":0,"refY2":0},"tspanFR":{"text":"F: 100% R: 1"},"tspanNeff":{"text":"Neff: "},"tspanNeffNormal":{"text":""},"tspanNeffStrike":{"text":"300.00"},"tspanNeffPotential":{"text":" <0.01 "},"tspanFM":{"text":"Failure modes:"},"tspanAcceptable":{"text":" 0 "},"tspanTolerable":{"text":" 1 "},"tspanNotAcceptable":{"text":" 0"}}},{"type":"app.Step","size":{"width":180,"height":50},"shapeType":"process","position":{"x":593.5,"y":70},"angle":0,"paperSize":{"width":90,"height":50},"id":"65ca4827-752d-48ba-8951-4c52e91a8a2f","isInitialized":true,"z":10,"attrs":{"root":{"dataTooltipPosition":"left"},"custom":{"stepId":"29c5cc53-a0dd-43b9-a904-49803bfd2397","stepDesc":"Service provides","hasSubSteps":false,"subStepCount":0},"stepBody":{"display":""},"stepBodyText":{"display":""},"refBody":{"refWidth2":-90},"body":{"refD":"M1.5 21.5h60v21h-60z"},"label":{"textWrap":{"width":"85%","text":"6. Service provides"},"refX2":0,"refY2":0},"tspanFR":{"text":"F: 100% R: 1"},"tspanNeff":{"text":"Neff: "},"tspanNeffNormal":{"text":""},"tspanNeffStrike":{"text":"600.00"},"tspanNeffPotential":{"text":" 0.48 "},"tspanFM":{"text":"Failure modes:"},"tspanAcceptable":{"text":" 0 "},"tspanTolerable":{"text":" 0 "},"tspanNotAcceptable":{"text":" 2"}}},{"type":"app.Step","size":{"width":250,"height":240},"shapeType":"process","position":{"x":580,"y":35},"angle":0,"paperSize":{"width":90,"height":50},"id":"b8c706c5-725f-4df9-acee-fc57f0a0df88","isInitialized":true,"z":11,"attrs":{"root":{"dataTooltipPosition":"left"},"custom":{"template":"transparent"},"body":{"fill":"transparent","refD":"M1.5 21.5h60v21h-60z"},"label":{"textWrap":{"width":"85%","text":""},"refX2":0,"refY2":0}}},{"type":"app.Text","position":{"x":564.25,"y":-15},"size":{"width":90,"height":50},"angle":0,"paperSize":{"width":90,"height":50},"id":"6ac8c970-bbfd-4770-9137-f439a9cd2436","z":12,"attrs":{"label":{"textWrap":{"text":"Suppliers"},"fontSize":12},"root":{"dataTooltipPosition":"left"}}}]} EffectiveImpact 0001-01-01T00:00:00 1 2.8 20 25 Tolerable 2.8 4.6 20 25 Tolerable 4.6 6.4 20 25 NotAcceptable 6.4 8.2 20 25 NotAcceptable 8.2 10 20 25 NotAcceptable 1 2.8 15 20 Acceptable 2.8 4.6 15 20 Tolerable 4.6 6.4 15 20 Tolerable 6.4 8.2 15 20 NotAcceptable 8.2 10 15 20 NotAcceptable 1 2.8 10 15 Acceptable 2.8 4.6 10 15 Acceptable 4.6 6.4 10 15 Tolerable 6.4 8.2 10 15 Tolerable 8.2 10 10 15 NotAcceptable 1 2.8 5 10 Acceptable 2.8 4.6 5 10 Acceptable 4.6 6.4 5 10 Acceptable 6.4 8.2 5 10 Tolerable 8.2 10 5 10 NotAcceptable 1 2.8 0 5 Acceptable 2.8 4.6 0 5 Acceptable 4.6 6.4 0 5 Acceptable 6.4 8.2 0 5 Acceptable 8.2 10 0 5 Tolerable 2d3495e5-4163-45f1-9133-80cc1c64257e 5 false false false false false false false false false false false false false false false false false false v1 1.15.1.0