RISK-0003
Risk summary
- Likelihood
- 4
- Impact
- 4
- Score
- 16
- Level
- High
- 01
Asset
Security monitoring process, event records, and affected business systems.
Business object or system that needs protection. - 02
Threat
Credential abuse, malware activity, data leakage signal, suspicious supplier notification, or user-reported weakness.
Event, actor, or condition that can create harm. - 03
Vulnerability
Undefined event categories, informal triage, missing decision records, and weak alignment between triage severity and notification deadlines.
Weakness that makes the threat relevant. - 04
Risk
Because reported security events are not assessed with clear criteria, a material incident may be dismissed, delayed, or escalated without the evidence needed for response.
Scenario evaluated with likelihood, impact, and ownership. - 05
Treatment
Mitigate through defined triage criteria, event ownership, decision records, severity levels, escalation thresholds, and review of non-incident decisions.
Decision path for reducing, accepting, transferring, or avoiding risk.
Controls that treat the risk
Evidence that proves operation
Assessment Rationale
Likelihood
The likelihood is high because event queues naturally contain noise. Without classification criteria, responders either under-escalate real incidents or overload the incident process with low-value alerts.
Impact
The impact is high because a wrong decision can delay containment, lose evidence, miss notification triggers, or prevent leadership from seeing the real risk.
Residual Risk
After treatment, residual risk is estimated as medium when triage records show consistent decisions, escalation happens on time, and unresolved events are reviewed.
Review Notes
Review after significant alert-volume changes, monitoring-rule changes, actual incidents, and audit findings.
Software Object Mapping
- risk
- security_event
- incident
- control
- evidence
- Iso27005
- Risk
- Iso27001
- Incident management
Note Metadata
Aliases: RISK-0003
Source: 05-Risk-Knowledge-Base/RISK-0003-Security-Event-Misclassification.md