Risk R-013 - Infrastructure Outage Caused by Configuration Error
| Field | Value |
|---|---|
| Risk ID | R-013 |
| Asset | Infrastructure (Infrastructure – Owner: Ops) |
| Scenario | S-012 - Accidental infrastructure misconfiguration |
| Likelihood | 🟧 Possible - human errors or faulty automation can occur despite safeguards |
| Impact | 🟥 High - service interruption and instability of the lab environment |
| Risk Level | 🟥 High |
| Owner | Ops |
| Last Review | 2026-03-08 |
| Next Review | 2026-09-08 |
Associated Controls:
- Peer review and approval of infrastructure changes (manual or via CI/CD pipelines).
- Version control and change management for automation scripts.
- Staging environment for testing configurations before production deployment.
- Rollback procedures and snapshots for critical systems.
- Monitoring and alerting on misconfigurations or service disruptions.
References:
- ISO 27001 - Control 5.1 Policies for information security.
- ISO 27001 - Control 8.3 Information access restriction.
- ISO 27001 - Control 8.13 Information backup.
- NIST CSF - PR.IP Information Protection Processes and Procedures.
- NIST CSF - PR.DS Data Security.
- EBIOS RM - Analysis of risks related to misconfiguration of infrastructure affecting availability and integrity.
Response Actions:
- Containment - Revert or isolate the misconfigured system to prevent cascading failures.
- Investigation - Identify the configuration error and affected systems.
- Recovery - Restore correct configuration and validate system stability.
- Post-incident - Update configuration management procedures, provide training, and document lessons learned.