Risk Score Matrix
Assessed based on Privacy score at this stage. See Privacy.
Identity minimum mandatory controls for API risk scores.
Requirements |
Low |
Medium |
High |
Extreme |
|
The principle of segregation of duties enforced by having role-based access control system that ensures no single individual has end-to-end access control whilst regular audits are conducted. |
YES |
YES |
YES |
YES |
|
In the event of a security incident we can restore the system to a secure state in 1 hour |
NO |
NO |
YES |
YES |
|
We have an automated notification system that informs relevant parties when there is a change in access permissions or user roles. |
NO |
NO |
NO |
YES |
|
We have an automated access revocation system that disables users within the hour of detection in the event of a security incident or personnel change. |
NO |
NO |
YES |
YES |
|
We have advanced detection algorithms that notify us to investigate potential fraud indicators and security risks in user activities or transactions. |
NO |
YES |
YES |
YES |
|
We discourage unauthorised access and compliance with legislative requirements by implementing strict access controls, training programmes and enforce strict consequences for policy violations. |
NO |
YES |
YES |
YES |