Risk Analysis

Visão consolidada dos riscos organizacionais

View List

Total Risks

Critical Risks

14.4

Score Médio

Em Tratamento

R$ 0

Exposição Total (ALE)

Mapa de Calor de Riscos

Impact (1-5) →

	1	2	3	4	5
	Rare	Unlikely	Possible	Likely	Almost Certain

Probability (1-5) →

Strategic

Operational

Compliance

Financial

Reputational

Distribution by Category

Distribution by Status

Top 10 Critical Risks

#	Title	Score	Level
1	RISK-001 Compromise of Administrator Credentials	20	Critical
2	RISK-004 Lateral Movement via Local Administrator	16	Critical
3	RISK-005 Lack of Visibility into Suspicious Activ...	16	Critical
4	RISK-007 Service Account Compromise	16	Critical
5	RISK-002 Privilege Accumulation (Privilege Creep)	15	Critical
6	RISK-003 Data Exfiltration by Former Employees	15	Critical
7	RISK-009 Accountability Failure (Accountability)	15	Critical
8	RISK-010 Conflicts of Interest due to Privileged ...	15	Critical
9	RISK-013 MFA bypass via legacy protocols and unco...	15	Critical
10	RISK-006 MFA Bypass via Legacy Protocols	12	High

ISO 31000

A risk management framework that provides principles, a framework, and a process to manage risks systematically in any organization.

ISO 27005

Orientação específica para gestão de riscos de segurança da informação, alinhada com os requisitos da ISO 27001 para sistemas de gestão de segurança.

NIST 800-30

Guia para conduzir avaliações de risco de sistemas de informação e organizações, classificando ameaças em adversariais, acidentais, estruturais e ambientais.

FAIR

Factor Analysis of Information Risk - modelo quantitativo que decompõe riscos em fatores mensuráveis para estimar perdas financeiras com simulações Monte Carlo.

ISO 31000

Risk Management

Scope → Avaliação → Tratamento → Monitoramento → Comunicação ↻

Cyclical risk management structure with principles, framework and process for managing risks systematically.

Integrada Estruturada Inclusiva Dinâmica

ISO 27005

Information Security

Context → Identification → Analysis → Evaluation → Treatment → Acceptance

Linear information security risk management process, aligned with ISO 27001 for security management systems.

NIST SP 800-30

Technical Assessment

Threats Vulnerabilidades

↓ ↓

Probabilidade × Impacto

↓

Nível de Risco

Guide for risk assessment by classifying threats and vulnerabilities to determine probability and impact.

FAIR

Financial Quantification

Risk

↙ ↘

LEF LM

↙ ↘ ↙ ↘

TEF Vuln Primary Secondary

Quantitative model that breaks down risks into measurable factors to estimate financial losses via Monte Carlo simulations.

Risk Analysis

Mapa de Calor de Riscos

Distribution by Category

Distribution by Status

Top 10 Critical Risks

ISO 31000

ISO 27005

NIST 800-30

FAIR

ISO 31000

ISO 27005

NIST SP 800-30

FAIR

ISO 31000 - Risk Management

Key Principles

ISO 27005 - Information Security

Atividades Principais

NIST SP 800-30 - Technical Assessment

Threat Categories

FAIR - Financial Quantification

Model Components

Confirm

Warning

Import Data