Risk Assessment
Document ID: ISMS-POL-004
Version: 1.0
Assessment Date: December 29, 2025
Next Review: June 29, 2026
Classification: Internal
1. Purpose#
This Risk Assessment identifies, analyzes, and evaluates information security risks to anonym.legal. It provides the basis for risk treatment decisions and security control implementation.
2. Scope#
This assessment covers:
- Information assets (customer data, system configurations, code)
- Technical infrastructure (servers, databases, networks)
- Application security (frontend, backend services)
- Operational processes (deployment, monitoring, support)
3. Risk Assessment Methodology#
3.1 Risk Calculation#
Risk = Likelihood × Impact
3.2 Likelihood Scale#
| Rating | Description | Probability |
|---|
| 1 | Rare | < 1% per year |
| 2 | Unlikely | 1-10% per year |
| 3 | Possible | 10-50% per year |
| 4 | Likely | 50-90% per year |
| 5 | Almost Certain | > 90% per year |
3.3 Impact Scale#
| Rating | Description | Business Impact |
|---|
| 1 | Negligible | Minimal disruption, no data loss |
| 2 | Minor | Limited disruption, minor data exposure |
| 3 | Moderate | Significant disruption, moderate data exposure |
| 4 | Major | Severe disruption, significant data breach |
| 5 | Critical | Business threatening, massive data breach |
3.4 Risk Matrix#
| Impact 1 | Impact 2 | Impact 3 | Impact 4 | Impact 5 |
|---|
| Likelihood 5 | Medium | Medium | High | Critical | Critical |
| Likelihood 4 | Low | Medium | Medium | High | Critical |
| Likelihood 3 | Low | Low | Medium | Medium | High |
| Likelihood 2 | Low | Low | Low | Medium | Medium |
| Likelihood 1 | Low | Low | Low | Low | Medium |
4. Asset Inventory#
| Asset | Classification | Owner | Location |
|---|
| Customer PII | Confidential | Platform | Database (relational database) |
| User Credentials | Confidential | Platform | Database (hashed) |
| Encryption Keys | Confidential | Customer | Database (encrypted) |
| API Tokens | Confidential | Customer | Database (hashed) |
| Application Code | Internal | Development | Server/Repository |
| System Configurations | Internal | Operations | Server |
| Logs | Internal | Operations | Server |
4.2 Technical Assets#
| Asset | Type | Location | Criticality |
|---|
| Web Server | Infrastructure | Hetzner Cloud | High |
| Database Server | Infrastructure | Hetzner Cloud | Critical |
| Presidio Services | Application | Hetzner Cloud | High |
| Frontend Application | Application | Hetzner Cloud | High |
5. Threat Identification#
5.1 External Threats#
| Threat | Description |
|---|
| Cyber Attacks | Targeted attacks, hacktivism |
| DDoS | Distributed denial of service |
| Malware | Ransomware, trojans |
| Social Engineering | Phishing, pretexting |
| Data Theft | Intellectual property theft |
5.2 Internal Threats#
| Threat | Description |
|---|
| Insider Threat | Malicious or negligent insiders |
| Human Error | Misconfiguration, accidental disclosure |
| Process Failure | Inadequate procedures |
5.3 Environmental Threats#
| Threat | Description |
|---|
| Hardware Failure | Server/storage failure |
| Network Failure | Connectivity issues |
| Power Failure | Data center power issues |
| Natural Disaster | Fire, flood, earthquake |
6. Risk Register#
6.1 Critical Risks#
| ID | Risk | Likelihood | Impact | Risk Level | Treatment |
|---|
| R001 | Customer data breach via SQL injection | 2 | 5 | Medium | Mitigate: Secure ORM, parameterized queries |
| R002 | Credential theft via brute force | 3 | 4 | Medium | Mitigate: Account lockout, 2FA |
| R003 | Service outage due to DDoS | 3 | 3 | Medium | Mitigate: Rate limiting, Hetzner DDoS protection |
6.2 High Risks#
| ID | Risk | Likelihood | Impact | Risk Level | Treatment |
|---|
| R004 | Unauthorized admin access | 2 | 4 | Medium | Mitigate: SSH keys, 2FA, audit logging |
| R005 | Data exposure via API vulnerability | 2 | 4 | Medium | Mitigate: JWT auth, feature gating, rate limiting |
| R006 | Encryption key compromise | 1 | 5 | Medium | Mitigate: AES-256-GCM, key per user, secure storage |
6.3 Medium Risks#
| ID | Risk | Likelihood | Impact | Risk Level | Treatment |
|---|
| R007 | Session hijacking | 2 | 3 | Low | Mitigate: Secure cookies, JWT, HTTPS |
| R008 | XSS vulnerability | 2 | 3 | Low | Mitigate: CSP, frontend framework auto-escaping |
| R009 | Dependency vulnerability | 4 | 2 | Medium | Mitigate: npm audit, regular updates |
| R010 | Data loss due to backup failure | 2 | 4 | Medium | Mitigate: Hetzner snapshots, tested recovery |
6.4 Low Risks#
| ID | Risk | Likelihood | Impact | Risk Level | Treatment |
|---|
| R011 | Minor service degradation | 3 | 1 | Low | Accept: Monitoring, auto-restart |
| R012 | Non-critical feature unavailable | 3 | 1 | Low | Accept: Graceful degradation |
7. Risk Treatment#
7.1 Treatment Options#
| Option | Description | When to Use |
|---|
| Mitigate | Implement controls to reduce risk | Risk exceeds tolerance |
| Transfer | Insurance, outsourcing | Cannot fully mitigate |
| Accept | Acknowledge and monitor | Risk within tolerance |
| Avoid | Eliminate risk source | Risk too high, cannot mitigate |
7.2 Implemented Controls#
| Risk ID | Control | Status | Effectiveness |
|---|
| R001 | Secure ORM (parameterized queries) | ✅ Implemented | High |
| R002 | Account lockout (5 attempts/30 min) | ✅ Implemented | High |
| R002 | Password complexity (12+ chars) | ✅ Implemented | High |
| R002 | 2FA support (TOTP/Email) | ✅ Implemented | High |
| R003 | Rate limiting | ✅ Implemented | Medium |
| R004 | SSH key authentication | ✅ Implemented | High |
| R004 | Brute force protection | ✅ Implemented | High |
| R005 | JWT authentication | ✅ Implemented | High |
| R005 | Feature gating | ✅ Implemented | High |
| R006 | AES-256-GCM encryption | ✅ Implemented | High |
| R007 | Secure cookies (HttpOnly, Secure) | ✅ Implemented | High |
| R007 | HTTPS only (TLS 1.2+) | ✅ Implemented | High |
| R008 | Content Security Policy | ✅ Implemented | High |
| R009 | npm audit in CI | ✅ Implemented | Medium |
| R010 | Hetzner cloud snapshots | ✅ Implemented | High |
8. Residual Risk#
After implementing controls, the following residual risks remain:
| Risk ID | Original Level | Residual Level | Notes |
|---|
| R001 | Medium | Low | Secure ORM prevents SQL injection |
| R002 | Medium | Low | Multiple controls in place |
| R003 | Medium | Low | Rate limiting + provider protection |
| R004 | Medium | Low | SSH keys + brute force protection |
| R005 | Medium | Low | JWT + feature gating |
| R006 | Medium | Low | Strong encryption, key isolation |
| R009 | Medium | Low | Regular updates, dev deps only |
9. Risk Monitoring#
9.1 Key Risk Indicators (KRIs)#
| KRI | Threshold | Monitoring Frequency |
|---|
| Failed login attempts | > 100/day | Daily |
| API error rate | > 5% | Real-time |
| Vulnerability count (high/critical) | > 0 in prod deps | Weekly |
| Service availability | < 99.9% | Real-time |
| Security incidents | Any P1/P2 | Immediate |
9.2 Review Schedule#
| Activity | Frequency |
|---|
| Risk register review | Quarterly |
| Full risk assessment | Annually |
| Control effectiveness review | Bi-annually |
| Threat landscape review | Quarterly |
10. Document Control#
| Version | Date | Author | Changes |
|---|
| 1.0 | 2025-12-29 | Security Team | Initial release |