Risk R-009 - Exposure of Credentials or Secrets
| Field | Value |
|---|---|
| Risk ID | R-009 |
| Asset | Credentials / Secrets Storage (Information – Owner: Sec) |
| Scenario | S-008 - Exposure of credentials or secrets |
| Likelihood | 🟨 Medium - secrets may be exposed if repositories or vaults are misconfigured, or credentials are leaked |
| Impact | 🟥 High - compromised credentials allow unauthorized access to critical systems, escalation, and lateral movement |
| Risk Level | 🟥 High |
| Owner | Sec |
| Last Review | 2026-03-08 |
| Next Review | 2026-09-08 |
Associated Controls:
- Enforce strong encryption for all secrets at rest and in transit.
- Use short-lived credentials and secret rotation policies.
- Apply strict RBAC for secret stores and audit all access events.
- Monitor for suspicious access or exfiltration attempts.
- Isolate production credentials from development environments.
References:
- ISO 27001 - Control 5.1 Policies for information security.
- ISO 27001 - Control 8.2 Privileged access rights.
- ISO 27001 - Control 8.3 Information access restriction.
- NIST CSF - PR.AC Identity Management, Authentication and Access Control.
- NIST CSF - PR.DS Data Security.
- NIST CSF - DE.CM Continuous Monitoring.
- EBIOS RM - Analysis of risks related to exposure or misuse of secrets and credentials.
Response Actions:
- Containment - Immediately revoke exposed credentials and secrets.
- Eradication - Rotate compromised secrets and audit repository access.
- Recovery - Verify system integrity and re-establish secure credentials.
- Post-incident - Conduct root cause analysis, update secret management policies, and reinforce monitoring.