RISK-010 Conflicts of Interest due to Privileged Access
Detalhes e análise do risco
Critical
Open
Operational
- Risk ID
- RISK-010
- Risk Title
- Conflicts of Interest due to Privileged Access
- Category (ISO 31000)
- Operational
- Risk Description
- Unsegregated privileged access can enable conflicts of interest and fraud.
- Risk Type
- Corporate
- Responsável
- Not specified
- Status
- Open
- Applicable Framework
- Qriar IAM Security Framework
- Ativo de Informação
- Not specified
- Fonte de Ameaça
- Not specified
- Data de Revisão
- Not specified
Inherent Risk
| 1 | 2 | 3 | 4 | 5 | |
|---|---|---|---|---|---|
| Catastrófico | 5 | 10 | 15 | 20 | 25 |
| Maior | 4 | 8 | 12 | 16 | 20 |
| Moderado | 3 | 6 | 9 | 12 | 15 |
| Menor | 2 | 4 | 6 | 8 | 10 |
| Insignif. | 1 | 2 | 3 | 4 | 5 |
| Rare | Unlikely | Possible | Likely | Almost Certain |
Residual Risk
| 1 | 2 | 3 | 4 | 5 | |
|---|---|---|---|---|---|
| Catastrófico | 5 | 10 | 15 | 20 | 25 |
| Maior | 4 | 8 | 12 | 16 | 20 |
| Moderado | 3 | 6 | 9 | 12 | 15 |
| Menor | 2 | 4 | 6 | 8 | 10 |
| Insignif. | 1 | 2 | 3 | 4 | 5 |
| Rare | Unlikely | Possible | Likely | Almost Certain |
- Descrição do Cenário
- Not specified
-
Frequência Mín.
-
Frequência Máx.
-
Magnitude Mín.
-
Magnitude Máx.
-
Expectativa de Perda Anual (BRL)
- Resposta ao Risco
- Modify
- Response Status
- Planned
- Plano de Resposta
- Not specified
- Notas de Mitigação
- Not specified
| ID | Risk Description | Domínio |
|---|---|---|
| JML-002 | Review trigger on transfers: a change of role in HR initiates access recertification. | Identity Lifecycle (JML) |
| PAM-002 | Separate accounts: adm-user (no email/web) for management and user for daily use. | Privileged Access (PAM) |
| PAM-004 | Implement a Tiered Model (Tiering/Red Forest): Tier 0 admins never log on to Tier 1/2. | Privileged Access (PAM) |
No history recorded.
Inherent Score
15
Critical
Residual Score
15
Critical
Probability (1-5)
3/5
→
3/5
Impact (1-5)
5/5
→
5/5
Created on
17/12/2025 03:54
Atualizado em
26/02/2026 06:45