Risk Assessment
Version: 1.0
Assessment Date: January 2026
Assessor: Johan Jongsma
Next Review: January 2027
1. Purpose
Identify, assess, and document risks to inou systems and data, and the controls in place to mitigate them.
2. Scope
- inou production and staging systems
- User health data (medical imaging, labs, genome)
- Supporting infrastructure and processes
3. Risk Assessment Methodology
Likelihood Scale
| Rating |
Description |
Frequency |
| 1 - Rare |
Unlikely to occur |
< 1% annually |
| 2 - Unlikely |
Could occur |
1-10% annually |
| 3 - Possible |
Might occur |
10-50% annually |
| 4 - Likely |
Will probably occur |
50-90% annually |
| 5 - Almost Certain |
Expected to occur |
> 90% annually |
Impact Scale
| Rating |
Description |
Effect |
| 1 - Negligible |
Minimal impact |
Minor inconvenience |
| 2 - Minor |
Limited impact |
Some users affected, quick recovery |
| 3 - Moderate |
Significant impact |
Service degraded, data at risk |
| 4 - Major |
Serious impact |
Extended outage, data breach |
| 5 - Catastrophic |
Severe impact |
Complete data loss, regulatory action |
Risk Score
Score = Likelihood x Impact (Range: 1-25)
| Score |
Level |
Response |
| 1-4 |
Low |
Accept |
| 5-9 |
Medium |
Monitor |
| 10-16 |
High |
Mitigate |
| 17-25 |
Critical |
Immediate action |
4. Risk Register
4.1 Security Risks
| ID |
Risk |
L |
I |
Score |
Controls |
Residual |
| S1 |
Unauthorized data access |
2 |
5 |
10 |
RBAC, encryption, token auth, audit logging |
Low |
| S2 |
Application vulnerability exploited |
2 |
5 |
10 |
Parameterized queries, input validation, tarpit |
Low |
| S3 |
Credential theft/phishing |
2 |
4 |
8 |
Passwordless auth, short token expiry |
Low |
| S4 |
Insider threat |
1 |
5 |
5 |
Single operator, automated db access controls |
Low |
| S5 |
Master key compromise |
1 |
5 |
5 |
FDE, file permissions, network isolation, key in Proton Pass |
Low |
| S6 |
DDoS attack |
3 |
3 |
9 |
Rate limiting, tarpit, UFW, Starlink failover |
Low |
| S7 |
Ransomware |
2 |
5 |
10 |
FDE, off-site backups, network isolation |
Low |
| S8 |
Supply chain attack |
2 |
4 |
8 |
Minimal dependencies, Go standard library, FIPS module |
Low |
4.2 Availability Risks
| ID |
Risk |
L |
I |
Score |
Controls |
Residual |
| A1 |
Hardware failure |
3 |
3 |
9 |
ZFS RAID-Z2, UPS, generator |
Low |
| A2 |
Network outage |
2 |
3 |
6 |
Fiber + Starlink backup |
Low |
| A3 |
Power outage |
2 |
2 |
4 |
UPS + natural gas generator (11s failover) |
Low |
| A4 |
Database corruption |
2 |
4 |
8 |
Daily snapshots, off-site backups, integrity checks |
Low |
| A5 |
Site disaster |
1 |
5 |
5 |
Off-site backups (Google Drive), key in Proton Pass |
Low |
4.3 Compliance Risks
| ID |
Risk |
L |
I |
Score |
Controls |
Residual |
| C1 |
HIPAA violation |
2 |
5 |
10 |
Encryption, access controls, audit logging |
Low |
| C2 |
GDPR violation |
2 |
4 |
8 |
Consent, deletion rights, export, privacy policy |
Low |
| C3 |
Data request not fulfilled |
2 |
3 |
6 |
Export functionality, 30-day response commitment |
Low |
| C4 |
Breach notification failure |
2 |
4 |
8 |
Incident response plan, notification templates |
Low |
4.4 Operational Risks
| ID |
Risk |
L |
I |
Score |
Controls |
Residual |
| O1 |
Key person dependency |
4 |
4 |
16 |
Documentation, automated processes |
Medium |
| O2 |
Configuration error |
2 |
3 |
6 |
Staging environment, automated tests, check-db |
Low |
| O3 |
Backup failure undetected |
2 |
4 |
8 |
Monthly verification, monitoring planned |
Low |
| O4 |
Loss of encryption key |
1 |
5 |
5 |
Key in Proton Pass, separate from data backups |
Low |
5. Risk Treatment Plan
High Priority
| Risk ID |
Risk |
Score |
Treatment |
Status |
| O1 |
Key person dependency |
16 |
Document all procedures, automate where possible |
In progress |
Medium Priority (Monitoring)
| Risk ID |
Treatment |
Timeline |
| S1 |
Continue audit logging implementation |
Q1 2026 |
| S7 |
Perform restore test to verify backup integrity |
Q1 2026 |
| O3 |
Implement backup monitoring alerts |
Q1 2026 |
6. Control Summary
Preventive Controls
| Control |
Risks Mitigated |
| AES-256-GCM encryption |
S1, S5, S7, C1 |
| Full disk encryption |
S1, S4, S5, S7 |
| RBAC at data layer |
S1, S4, C1 |
| Parameterized SQL queries |
S2 |
| Token expiration (4 hours) |
S1, S3 |
| Passwordless authentication |
S3 |
| Network isolation (VLAN 10) |
S1, S5, S7 |
| Tarpit for attack patterns |
S2, S6 |
| UFW default deny |
S2, S6 |
| AppArmor enforcement |
S2 |
| Automatic security updates |
S2, S8 |
| make check-db enforcement |
S2, S4, O2 |
Detective Controls
| Control |
Risks Addressed |
| HTTP access logging |
S1, S2, S6 |
| 404 monitoring alerts |
S2 |
| Fail2ban |
S3, S6 |
| Rate limiting |
S3, S6 |
| Audit logging |
S1, S4, C1 |
Corrective Controls
| Control |
Risks Addressed |
| ZFS snapshots (daily) |
A4, S7 |
| Off-site backups (Google Drive) |
A5, S7 |
| Incident response plan |
S1-S8, C4 |
| Disaster recovery plan |
A1-A5 |
7. Accepted Residual Risk
The following residual risks are formally accepted:
| Risk |
Level |
Rationale |
| O1 - Key person dependency |
Medium |
Mitigated by documentation; acceptable for current scale |
| S4 - Insider threat |
Low |
Single operator with strong controls |
| S5 - Key compromise |
Low |
Multiple layers of protection |
| A5 - Site disaster |
Low |
Off-site backups with separate key storage |
Accepted by: Johan Jongsma
Date: January 25, 2026
8. Risk Monitoring
Ongoing Monitoring
| Category |
Method |
Frequency |
| Security |
Log review, 404 alerts |
Daily |
| Availability |
Service health checks |
Continuous |
| Backups |
Verification script |
Monthly |
| Compliance |
Policy review |
Quarterly |
Risk Review Triggers
Re-assess risks when:
- New features or systems added
- Security incident occurs
- Regulatory changes
- Significant infrastructure changes
- Annually (minimum)
Document end