205 lines
6.6 KiB
Markdown
205 lines
6.6 KiB
Markdown
# Risk Assessment
|
|
|
|
**Version:** 1.0
|
|
**Assessment Date:** February 2026
|
|
**Assessor:** Johan Jongsma
|
|
**Next Review:** February 2027
|
|
|
|
---
|
|
|
|
## 1. Purpose
|
|
|
|
Identify, assess, and document risks to Dealspace systems and data, and the controls in place to mitigate them.
|
|
|
|
---
|
|
|
|
## 2. Scope
|
|
|
|
- Dealspace production systems
|
|
- M&A deal data (financial documents, transaction details)
|
|
- Supporting infrastructure and processes
|
|
|
|
---
|
|
|
|
## 3. Risk Assessment Methodology
|
|
|
|
### Likelihood Scale
|
|
|
|
| Rating | Description | Frequency |
|
|
|--------|-------------|-----------|
|
|
| 1 - Rare | Unlikely to occur | < 1% annually |
|
|
| 2 - Unlikely | Could occur | 1-10% annually |
|
|
| 3 - Possible | Might occur | 10-50% annually |
|
|
| 4 - Likely | Will probably occur | 50-90% annually |
|
|
| 5 - Almost Certain | Expected to occur | > 90% annually |
|
|
|
|
### Impact Scale
|
|
|
|
| Rating | Description | Effect |
|
|
|--------|-------------|--------|
|
|
| 1 - Negligible | Minimal impact | Minor inconvenience |
|
|
| 2 - Minor | Limited impact | Some users affected, quick recovery |
|
|
| 3 - Moderate | Significant impact | Service degraded, data at risk |
|
|
| 4 - Major | Serious impact | Extended outage, data breach |
|
|
| 5 - Catastrophic | Severe impact | Complete data loss, regulatory action, criminal exposure |
|
|
|
|
### Risk Score
|
|
|
|
**Score = Likelihood x Impact** (Range: 1-25)
|
|
|
|
| Score | Level | Response |
|
|
|-------|-------|----------|
|
|
| 1-4 | Low | Accept |
|
|
| 5-9 | Medium | Monitor |
|
|
| 10-16 | High | Mitigate |
|
|
| 17-25 | Critical | Immediate action |
|
|
|
|
---
|
|
|
|
## 4. Risk Register
|
|
|
|
### 4.1 Security Risks
|
|
|
|
| ID | Risk | L | I | Score | Controls | Residual |
|
|
|----|------|---|---|-------|----------|----------|
|
|
| S1 | Unauthorized deal data access | 2 | 5 | 10 | RBAC, per-project encryption, JWT auth, audit logging | Low |
|
|
| S2 | Application vulnerability exploited | 2 | 5 | 10 | Parameterized queries, input validation, rate limiting | Low |
|
|
| S3 | Credential theft/phishing | 2 | 4 | 8 | MFA for IB users, short token expiry, session management | Low |
|
|
| S4 | Insider threat | 1 | 5 | 5 | Single operator, automated access controls | Low |
|
|
| S5 | Master key compromise | 1 | 5 | 5 | Separate storage, file permissions, key derivation | Low |
|
|
| S6 | DDoS attack | 3 | 3 | 9 | Rate limiting, UFW | Low |
|
|
| S7 | Ransomware | 2 | 5 | 10 | Off-site backups, OS hardening | Low |
|
|
| S8 | Email spoofing (fake deal messages) | 2 | 5 | 10 | DKIM verification, channel participants table | Low |
|
|
|
|
### 4.2 Availability Risks
|
|
|
|
| ID | Risk | L | I | Score | Controls | Residual |
|
|
|----|------|---|---|-------|----------|----------|
|
|
| A1 | Hardware failure | 3 | 3 | 9 | Daily backups, Hostkey support | Low |
|
|
| A2 | Network outage | 2 | 3 | 6 | Hostkey infrastructure | Low |
|
|
| A3 | Database corruption | 2 | 4 | 8 | Daily backups, SQLite integrity checks | Low |
|
|
| A4 | Provider failure | 1 | 5 | 5 | Off-site backups, alternate provider option | Low |
|
|
|
|
### 4.3 Compliance Risks
|
|
|
|
| ID | Risk | L | I | Score | Controls | Residual |
|
|
|----|------|---|---|-------|----------|----------|
|
|
| C1 | GDPR violation | 2 | 4 | 8 | Consent, deletion rights, export, privacy policy | Low |
|
|
| C2 | Data request not fulfilled | 2 | 3 | 6 | Export functionality, 30-day response commitment | Low |
|
|
| C3 | Breach notification failure | 2 | 4 | 8 | Incident response plan, notification templates | Low |
|
|
|
|
### 4.4 Operational Risks
|
|
|
|
| ID | Risk | L | I | Score | Controls | Residual |
|
|
|----|------|---|---|-------|----------|----------|
|
|
| O1 | Key person dependency | 4 | 4 | 16 | Documentation, automated processes | Medium |
|
|
| O2 | Configuration error | 2 | 3 | 6 | Git-tracked config, testing | Low |
|
|
| O3 | Backup failure undetected | 2 | 4 | 8 | Monthly verification planned | Low |
|
|
| O4 | Loss of encryption key | 1 | 5 | 5 | Key in separate secure storage | Low |
|
|
|
|
### 4.5 M&A-Specific Risks
|
|
|
|
| ID | Risk | L | I | Score | Controls | Residual |
|
|
|----|------|---|---|-------|----------|----------|
|
|
| M1 | Deal data leaked to competitor | 1 | 5 | 5 | Per-project encryption, watermarking, access controls | Low |
|
|
| M2 | Insider trading via leaked data | 1 | 5 | 5 | Audit logging, access restrictions, watermarking | Low |
|
|
| M3 | Competing bidder gains access | 1 | 5 | 5 | RBAC, invitation-only access, audit trail | Low |
|
|
|
|
---
|
|
|
|
## 5. Risk Treatment Plan
|
|
|
|
### High Priority
|
|
|
|
| Risk ID | Risk | Score | Treatment | Status |
|
|
|---------|------|-------|-----------|--------|
|
|
| O1 | Key person dependency | 16 | Document all procedures, automate where possible | In progress |
|
|
|
|
### Medium Priority (Monitoring)
|
|
|
|
| Risk ID | Treatment | Timeline |
|
|
|---------|-----------|----------|
|
|
| S1 | Continue audit logging implementation | Q1 2026 |
|
|
| S7 | Perform restore test to verify backup integrity | Q1 2026 |
|
|
| O3 | Implement backup monitoring alerts | Q1 2026 |
|
|
|
|
---
|
|
|
|
## 6. Control Summary
|
|
|
|
### Preventive Controls
|
|
|
|
| Control | Risks Mitigated |
|
|
|---------|-----------------|
|
|
| AES-256-GCM encryption (per-project) | S1, S5, S7, M1, M2, M3 |
|
|
| HKDF-SHA256 key derivation | S5 |
|
|
| Blind indexes (HMAC-SHA256) | S1 (prevents deterministic encryption attacks) |
|
|
| RBAC at data layer | S1, S4, M1, M3 |
|
|
| JWT with 1-hour expiry | S1, S3 |
|
|
| MFA for IB users | S3 |
|
|
| Rate limiting | S2, S6 |
|
|
| DKIM verification | S8 |
|
|
| UFW default deny | S2, S6 |
|
|
| AppArmor enforcement | S2 |
|
|
| Automatic security updates | S2 |
|
|
|
|
### Detective Controls
|
|
|
|
| Control | Risks Addressed |
|
|
|---------|-----------------|
|
|
| HTTP access logging | S1, S2, S6 |
|
|
| Audit logging | S1, S4, M1, M2 |
|
|
| Rate limiting alerts | S3, S6 |
|
|
| Anomaly detection | S1, S3 |
|
|
|
|
### Corrective Controls
|
|
|
|
| Control | Risks Addressed |
|
|
|---------|-----------------|
|
|
| Daily backups | A3, S7 |
|
|
| Off-site backups | A4, S7 |
|
|
| Incident response plan | S1-S8, C3 |
|
|
| Disaster recovery plan | A1-A4 |
|
|
|
|
---
|
|
|
|
## 7. Accepted Residual Risk
|
|
|
|
The following residual risks are formally accepted:
|
|
|
|
| Risk | Level | Rationale |
|
|
|------|-------|-----------|
|
|
| O1 - Key person dependency | Medium | Mitigated by documentation; acceptable for current scale |
|
|
| S4 - Insider threat | Low | Single operator with strong controls |
|
|
| S5 - Key compromise | Low | Multiple layers of protection |
|
|
| A4 - Provider failure | Low | Off-site backups with separate key storage |
|
|
|
|
**Accepted by:** Johan Jongsma
|
|
**Date:** February 28, 2026
|
|
|
|
---
|
|
|
|
## 8. Risk Monitoring
|
|
|
|
### Ongoing Monitoring
|
|
|
|
| Category | Method | Frequency |
|
|
|----------|--------|-----------|
|
|
| Security | Log review, rate limit alerts | Daily |
|
|
| Availability | Health checks | Continuous |
|
|
| Backups | Verification | Monthly |
|
|
| Compliance | Policy review | Quarterly |
|
|
|
|
### Risk Review Triggers
|
|
|
|
Re-assess risks when:
|
|
- New features or systems added
|
|
- Security incident occurs
|
|
- Regulatory changes
|
|
- Significant infrastructure changes
|
|
- Annually (minimum)
|
|
|
|
---
|
|
|
|
*Document end*
|