RISK-003 - Data Exfiltration by Former Employees

RISK-003 Data Exfiltration by Former Employees

Detalhes e análise do risco

Critical Open Operational

Edit Back

Risk ID: RISK-003
Risk Title: Data Exfiltration by Former Employees
Category (ISO 31000): Operational

Risk Description: Risk of former employees accessing systems after termination.

Risk Type: Corporate
Responsável: None
Status: Open
Applicable Framework: Qriar IAM Security Framework

Ativo de Informação: None
Fonte de Ameaça: None
Data de Revisão: Not specified

Evento de Ameaça: None

Vulnerabilidade: None

Inherent Risk

	1	2	3	4	5
Catastrófico	5	10	15	20	25
Maior	4	8	12	16	20
Moderado	3	6	9	12	15
Menor	2	4	6	8	10
Insignif.	1	2	3	4	5
	Rare	Unlikely	Possible	Likely	Almost Certain

Residual Risk

	1	2	3	4	5
Catastrófico	5	10	15	20	25
Maior	4	8	12	16	20
Moderado	3	6	9	12	15
Menor	2	4	6	8	10
Insignif.	1	2	3	4	5
	Rare	Unlikely	Possible	Likely	Almost Certain

Descrição do Cenário: None

Frequência Mín.

Frequência Máx.

Magnitude Mín.

Magnitude Máx.

Expectativa de Perda Anual (BRL)

Resposta ao Risco: Modify
Response Status: Planned

Plano de Resposta: None

Notas de Mitigação: None

ID	Risk Description	Domínio
JML-003	Automate exit 'Kill Switch': Blocking and revocation of tokens in <15 min after HR termination.	Identity Lifecycle (JML)
JML-005	Detection of orphan accounts (Reconciliation): Compare AD vs HR weekly to find ownerless accounts.	Identity Lifecycle (JML)

16/02/2026 00:08 qriar.demo

Risco atualizado general update

{"likelihood": 3, "impact": 5, "status": "Open", "residual_likelihood": null, "residual_impact": null} → {"likelihood": 3, "impact": 5, "status": "Open", "residual_likelihood": null, "residual_impact": null}

Inherent Score

Critical

Residual Score

Critical

Probability (1-5)

3/5 → 3/5

Impact (1-5)

5/5 → 5/5

Created on

17/12/2025 03:54

Atualizado em

26/02/2026 06:45