R-002 - Lack of Centralized Visibility on Security Events

Risk Description

Logs are currently distributed across multiple systems without centralized aggregation.

This reduces the ability to:

detect suspicious activity
correlate events across systems
investigate incidents effectively

Asset / Scope

VPS (Heaven)
Internal infrastructure (Hell)
Application and system logs

Likelihood

Likely

This situation already exists and impacts all monitoring capabilities.

Impact

Major

delayed detection of compromise
incomplete incident investigation
weak audit trail

Risk Level

Critical

Existing Controls

local logging on systems
manual log review (limited)

Treatment Decision

Mitigate

Treatment Strategy

implement centralized logging (ADR-002)
deploy SOC platform (Hell)
define detection rules and coverage

Current Maturity

Established

visibility gap clearly identified

In Progress

SOC deployment
log forwarding setup

Planned / Next Phase

detection logic maturity
correlation and alerting improvements

Risk Description​

Asset / Scope​

Likelihood​

Impact​

Risk Level​

Existing Controls​

Treatment Decision​

Treatment Strategy​

Current Maturity​

Established​

In Progress​

Planned / Next Phase​