Risk Register Index
Purpose
This page provides the canonical index of active risks aligned with the current state of the Scheol Security Lab.
Only risks supported by:
- existing assets
- documented scenarios
- real exposure conditions
are included.
Risk Index
| Risk ID | Title | Category | Risk Level | Status | Link |
|---|---|---|---|---|---|
| R-001 | Reverse proxy misconfiguration exposing internal services | Network & Exposure | High | Open | View |
| R-002 | Web application compromise leading to data exposure | Application Security | Critical | Open | View |
| R-003 | Compromise of credentials leading to administrative access | Identity & Access | Critical | Open | View |
Risk Structure
Each risk is derived from a documented threat scenario and includes:
- scenario linkage
- evaluation (likelihood, impact, risk level)
- treatment decision
- associated controls
- monitoring logic
Traceability
Each risk is linked to:
- one primary scenario
- one or more assets
- supporting controls
Governance Rule
No risk may exist without a supporting scenario.
Current Status
The Risk Register is intentionally minimal and realistic.
Established
- strict alignment with current exposure
- no orphan risks
- clear traceability
In Progress
- refinement of evaluation and treatment
- future extension aligned with lab evolution
Planned
- progressive extension with new scenarios
- integration with validation and monitoring