diff --git "a/question_mapping.json" "b/question_mapping.json" new file mode 100644--- /dev/null +++ "b/question_mapping.json" @@ -0,0 +1 @@ +{"What is the residual risk score?": ["{\n \"Risk_ID\": \"5f855a12-389b-45a3-a9c2-d9cf27d19faf\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-15\",\n \"Date_Last_Reviewed\": \"2024-10-18\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 826586,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"66f17205-aa28-431b-8fe0-85cab690c698\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-28\",\n \"Date_Last_Reviewed\": \"2024-11-05\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 644323,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"15590421-fddc-481c-8965-8e85c0f44ac3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-20\",\n \"Date_Last_Reviewed\": \"2023-05-31\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1455402,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"ec6a6689-aac2-468a-9c84-dd6648bf1a0e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-05-03\",\n \"Date_Last_Reviewed\": \"2024-07-05\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1427976,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"abf156ca-f79f-4a87-8440-aeb34e6c467f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-27\",\n \"Date_Last_Reviewed\": \"2025-04-24\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 202005,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"92683da5-eb72-4f81-b3df-187a8208d4a1\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-28\",\n \"Date_Last_Reviewed\": \"2024-10-09\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1386921,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"2b52d53f-7021-4d46-927b-75e3c54784fb\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-18\",\n \"Date_Last_Reviewed\": \"2024-12-15\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 609579,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"4f3e2c70-e4b2-446b-803d-eeed0150a9e2\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-28\",\n \"Date_Last_Reviewed\": \"2024-03-07\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 989913,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"5877f603-8680-456c-9a0f-eb46eeef19e7\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-05\",\n \"Date_Last_Reviewed\": \"2025-04-10\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 874811,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"7523c6f2-d701-4db9-aecf-773b74361261\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-02\",\n \"Date_Last_Reviewed\": \"2023-06-27\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 141871,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"a6ce8e3f-e512-431c-a9bb-7ca61e8160a9\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-20\",\n \"Date_Last_Reviewed\": \"2024-06-08\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1331220,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"c94c3919-91e2-4b29-bfa6-ff2a7730939a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-21\",\n \"Date_Last_Reviewed\": \"2024-06-28\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1160443,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"66d8f957-ab2a-4aa0-b486-647d2f3c2280\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-31\",\n \"Date_Last_Reviewed\": \"2024-06-03\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1528397,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"078d35df-4846-4cb2-8616-641d397bb1a4\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-02\",\n \"Date_Last_Reviewed\": \"2024-01-14\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, SOX\",\n \"Loss_Estimate_USD\": 667650,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"f3d68fa0-8fa4-4cd8-863b-8338509de644\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-17\",\n \"Date_Last_Reviewed\": \"2025-01-19\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 169864,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"79e7410e-1c33-41b6-a8d6-731008e62943\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-19\",\n \"Date_Last_Reviewed\": \"2024-08-30\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 830366,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"cff8e87b-4652-4d9e-b4b5-027403d6940a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-31\",\n \"Date_Last_Reviewed\": \"2025-04-13\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1698336,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"77670445-e2e3-471d-bd00-41c52a5d0ac9\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-12\",\n \"Date_Last_Reviewed\": \"2023-06-21\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 712694,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"0aa2fe26-acc3-4315-ac94-cd4c550619ff\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-13\",\n \"Date_Last_Reviewed\": \"2023-07-18\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1832698,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"be8cabf2-ba3e-4608-a238-0bc56bffe50a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-10\",\n \"Date_Last_Reviewed\": \"2024-07-23\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 157091,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"21fbed33-dcbe-4719-9cb6-28ffb6d0d35e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-07\",\n \"Date_Last_Reviewed\": \"2024-03-11\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 725705,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"a5966733-fcb3-4351-8a1e-9e9e63dbba97\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-12\",\n \"Date_Last_Reviewed\": \"2023-12-01\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 633571,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"8b42ac41-01a6-43f0-96e5-1c638eadb0a0\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-18\",\n \"Date_Last_Reviewed\": \"2024-01-21\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 191327,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"918d52ac-0faa-4ea2-9a91-d3507ff88aad\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-01-30\",\n \"Date_Last_Reviewed\": \"2025-04-19\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 648498,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"10d65e38-9aff-49be-ac75-e9ca4acaa92c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-05\",\n \"Date_Last_Reviewed\": \"2024-05-04\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1836608,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"2b25cb86-5469-4348-ba14-3766e4fdd931\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-03\",\n \"Date_Last_Reviewed\": \"2025-02-14\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 863367,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"31c19ba3-adb6-4da5-9fab-713d4acff19a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-21\",\n \"Date_Last_Reviewed\": \"2023-12-04\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1587396,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"f13f2048-8095-45ff-9165-68ebd0546e7a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-05-04\",\n \"Date_Last_Reviewed\": \"2025-03-24\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 463742,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"d798af11-9889-43c9-809c-f662e8588155\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-13\",\n \"Date_Last_Reviewed\": \"2025-02-27\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1893422,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}"], "What mitigation strategies are in place?": ["{\n \"Risk_ID\": \"2fb28c69-677b-446d-9f34-60276ff8b329\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-18\",\n \"Date_Last_Reviewed\": \"2024-07-03\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1202666,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"4fb58c41-f8ab-4a6e-aa42-7b490497e658\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-07\",\n \"Date_Last_Reviewed\": \"2024-02-15\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1344206,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"a0b2cc97-c273-45df-b199-cb3d0c274a79\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-22\",\n \"Date_Last_Reviewed\": \"2024-01-30\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 187194,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"d5b1c78f-5935-4b08-be5f-c0775329e938\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-09\",\n \"Date_Last_Reviewed\": \"2023-11-06\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1462571,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"22a4e259-b9fc-4799-92a7-c880969dec50\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-28\",\n \"Date_Last_Reviewed\": \"2025-03-22\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1306291,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"a5baf310-7d7e-4c38-96c6-13edc8cc4c06\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-23\",\n \"Date_Last_Reviewed\": \"2023-12-17\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, CCPA\",\n \"Loss_Estimate_USD\": 897484,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"c75daa9a-e1c1-4541-9428-25a4e5494ec6\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-21\",\n \"Date_Last_Reviewed\": \"2024-04-17\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 266533,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"2a5459a2-257c-4764-8396-b4428e6b6aa5\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-08\",\n \"Date_Last_Reviewed\": \"2024-02-03\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 526014,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"ef03dc53-4135-4748-bec8-8dd750d90e9b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-26\",\n \"Date_Last_Reviewed\": \"2025-03-04\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 597524,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"5d67cd44-50b7-464f-8117-9b864fbb2179\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-13\",\n \"Date_Last_Reviewed\": \"2024-03-08\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1377701,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"6dcd1a0b-01d4-4343-a5fb-fd3bf57ad759\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-13\",\n \"Date_Last_Reviewed\": \"2025-05-12\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 796994,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"99c6ec01-5d82-43b0-9edf-c6e651bad5e1\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-04\",\n \"Date_Last_Reviewed\": \"2023-10-12\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1526243,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"b9acf2a4-dc6e-4cfa-99e8-d599146270f4\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-10\",\n \"Date_Last_Reviewed\": \"2024-04-14\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1902243,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"74a5336c-ccde-4763-aabb-904f08765cf6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-16\",\n \"Date_Last_Reviewed\": \"2024-07-21\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 198503,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"c0555756-3e08-40fc-b92c-038e6c8d2ebe\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-23\",\n \"Date_Last_Reviewed\": \"2023-07-18\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 354155,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"1dcd34a7-b4dc-45da-a304-82869e7a7cb9\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-23\",\n \"Date_Last_Reviewed\": \"2024-09-23\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 602859,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"e0c072d7-33dd-42ce-b316-a93f5d69375a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-29\",\n \"Date_Last_Reviewed\": \"2024-10-10\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1090404,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"3f66853e-b4f8-4a65-a7bf-fcc09d1ff50f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-14\",\n \"Date_Last_Reviewed\": \"2024-04-21\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1197903,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"eb6d3f68-93aa-4c12-a5e5-6be32e038bf3\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-06\",\n \"Date_Last_Reviewed\": \"2023-07-24\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1568891,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"70622751-6de5-4da9-aee1-aeba0a644573\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-14\",\n \"Date_Last_Reviewed\": \"2024-06-07\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1676332,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"a385a4ee-ab6b-4de3-b348-340211b527d7\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-11\",\n \"Date_Last_Reviewed\": \"2024-08-11\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1854416,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"98c81061-c5cc-4dca-bcab-3c071cf02354\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-27\",\n \"Date_Last_Reviewed\": \"2024-01-10\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 194371,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"819825f3-c69e-47b8-8e16-047927ffdf29\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-06\",\n \"Date_Last_Reviewed\": \"2025-01-29\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1506482,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"73e790a9-df24-495b-b95e-f7536af2a42f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-24\",\n \"Date_Last_Reviewed\": \"2025-01-02\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1115593,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"875fb637-f6e9-4667-b467-2f86dcc3014a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-08\",\n \"Date_Last_Reviewed\": \"2024-11-11\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 956774,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"6b896e17-8d23-4e24-9b02-bada3e668fde\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-21\",\n \"Date_Last_Reviewed\": \"2024-01-05\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1362811,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"0f9520a6-1111-442c-85f0-5d3ee760cc7e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-24\",\n \"Date_Last_Reviewed\": \"2024-01-30\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 125464,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"d88e6f07-f84f-46ec-a793-8efcfc6339ff\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-09\",\n \"Date_Last_Reviewed\": \"2023-07-06\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1671472,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"265f75cd-c5eb-47b6-b0dc-8d9e3dbc9c2c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-25\",\n \"Date_Last_Reviewed\": \"2023-11-13\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 344014,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"34ea6727-c5d9-4fb3-b210-8a9fc0b7b9eb\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-01\",\n \"Date_Last_Reviewed\": \"2024-10-27\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 510654,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"759b029f-5fae-4374-99ce-7ccb50f9ebaa\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-22\",\n \"Date_Last_Reviewed\": \"2025-03-30\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 620254,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"d31b0169-bc4a-45e8-921a-92d9c7ec997c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-16\",\n \"Date_Last_Reviewed\": \"2023-09-14\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 640839,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"84ac5cef-e716-4342-af54-bb205050db5e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-19\",\n \"Date_Last_Reviewed\": \"2024-09-28\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 456898,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"f10a2250-86ab-4dbe-ada7-6a5dc0dae7c7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-22\",\n \"Date_Last_Reviewed\": \"2023-12-14\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1751223,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"317a6ca3-9a89-4330-801b-40cf1b20f242\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-10\",\n \"Date_Last_Reviewed\": \"2023-12-21\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1623663,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"30059fa1-b49f-4fe4-8814-c71704705a4b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-18\",\n \"Date_Last_Reviewed\": \"2023-10-18\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1281540,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"e09f3c0a-4669-4508-a056-056c424b320d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-25\",\n \"Date_Last_Reviewed\": \"2024-06-06\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 891589,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"adbb59bc-2f6a-4747-b6aa-e49e2eb24b22\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-19\",\n \"Date_Last_Reviewed\": \"2023-06-15\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1547283,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"e39b253e-045b-45f1-a308-9b2aa6a0ccb6\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-24\",\n \"Date_Last_Reviewed\": \"2025-04-29\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 457539,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}"], "What is the estimated financial impact?": ["{\n \"Risk_ID\": \"7dad62ac-9b58-47ab-8d81-2059c0792da8\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-03\",\n \"Date_Last_Reviewed\": \"2023-05-25\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 801850,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"f83371de-9149-4cd4-9c9b-be66c0b3390b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-09\",\n \"Date_Last_Reviewed\": \"2024-07-14\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1233485,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"337a723e-11b4-43c8-8269-065ac4fe8dbc\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-04\",\n \"Date_Last_Reviewed\": \"2024-02-20\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 426923,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"37716e0c-2ac1-44e6-ae23-f76e4772900e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-28\",\n \"Date_Last_Reviewed\": \"2024-06-05\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1237138,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"5fd67648-8323-4733-a70a-981d633a1090\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-06\",\n \"Date_Last_Reviewed\": \"2024-01-23\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1015130,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"7972bb8f-2c7b-40a8-9838-ac8c9e223d9d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-06\",\n \"Date_Last_Reviewed\": \"2023-09-28\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1196926,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"09c2e83e-850b-4ea3-8dbf-95086aebc8b1\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-02\",\n \"Date_Last_Reviewed\": \"2025-01-06\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1648184,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"e5b1f177-8441-4202-8eb8-2f022635c8f6\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-01\",\n \"Date_Last_Reviewed\": \"2024-07-25\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 430819,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"ff4c3920-d65d-4868-bacd-7700d847f2aa\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-20\",\n \"Date_Last_Reviewed\": \"2025-04-05\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 269597,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"54bf3462-aa5a-4501-8758-f38b442fa04f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-31\",\n \"Date_Last_Reviewed\": \"2023-06-18\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1499478,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"f2aaa0c4-d0d1-4b0e-a4eb-d14abd290da8\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-20\",\n \"Date_Last_Reviewed\": \"2025-04-23\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 923487,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"db148802-fa91-498b-ba97-82b988767d3b\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-05-07\",\n \"Date_Last_Reviewed\": \"2025-02-07\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1226877,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"ddae0ab8-de42-4d71-a4bf-54c93a311df2\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-05\",\n \"Date_Last_Reviewed\": \"2024-03-04\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1298189,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"20d41862-6c0f-4cec-8367-c9465e5cf719\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-22\",\n \"Date_Last_Reviewed\": \"2024-02-17\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1179193,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"46b779a0-1bc3-4ba7-b5db-6a055518207f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-26\",\n \"Date_Last_Reviewed\": \"2024-02-02\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 488556,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"4b11da59-141b-4d9b-927d-2699cf1b98b0\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-04\",\n \"Date_Last_Reviewed\": \"2023-12-06\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 925898,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"31b5ba42-d8ab-4c91-aa09-3c963e540d31\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-15\",\n \"Date_Last_Reviewed\": \"2024-01-06\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1353871,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"ec8c560d-9a97-4f84-9bf1-2aac4eb11e30\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-12\",\n \"Date_Last_Reviewed\": \"2025-01-18\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 514145,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"bb2b136c-6647-4549-ba9b-1d8831a5dd96\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-15\",\n \"Date_Last_Reviewed\": \"2023-12-02\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1195298,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"9899cfcc-f3cd-4253-b68b-c54efe39bd47\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-03\",\n \"Date_Last_Reviewed\": \"2024-11-20\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 823244,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"fad6c8cd-20b8-46c3-8345-e28ec7ac0022\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-09\",\n \"Date_Last_Reviewed\": \"2025-01-31\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 925741,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"f27dd6ca-df4b-4bca-8b27-2e8af7415500\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-15\",\n \"Date_Last_Reviewed\": \"2024-08-24\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1875960,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"4b5a9a25-0e9d-4ec4-a937-677754fa8152\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-26\",\n \"Date_Last_Reviewed\": \"2025-01-10\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 968803,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"0ae96bac-5663-4a41-8ea4-2e6512eac901\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-28\",\n \"Date_Last_Reviewed\": \"2024-08-17\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 348404,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"8e975d12-5f85-4b7f-9cbb-e35a929687a7\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-31\",\n \"Date_Last_Reviewed\": \"2024-06-15\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1519804,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"de7d5bc5-c1da-4031-a859-4e72eff11af5\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-17\",\n \"Date_Last_Reviewed\": \"2024-10-12\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1007043,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"de1830a9-630b-4270-9334-7493d6c3e9a0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-22\",\n \"Date_Last_Reviewed\": \"2025-02-01\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1341467,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"0c91ca41-8b4f-42dd-8114-6a704dbcb673\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-03\",\n \"Date_Last_Reviewed\": \"2024-09-12\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1722720,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"dd46074f-b83b-4bcb-b476-90ab45c77a17\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-01\",\n \"Date_Last_Reviewed\": \"2024-07-24\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 100491,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"941c418d-db83-4d7c-bada-42bab5a3716e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-17\",\n \"Date_Last_Reviewed\": \"2025-03-03\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1019613,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"2ebb2bae-a7f2-4249-b443-54c34d2fc7e1\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-18\",\n \"Date_Last_Reviewed\": \"2024-05-15\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1266184,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"09eb18fd-797e-4176-a090-64e028a6da4d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-08\",\n \"Date_Last_Reviewed\": \"2023-06-02\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1913959,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"3d19c5fd-e9d4-40fe-bb09-21ee456a6a42\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-28\",\n \"Date_Last_Reviewed\": \"2023-09-30\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1265481,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"d029bb7d-ad7d-4a1e-b1bb-49a28f6cd9cb\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-28\",\n \"Date_Last_Reviewed\": \"2024-04-19\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1276735,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}"], "Who is responsible for this risk?": ["{\n \"Risk_ID\": \"e0f7b65f-0ec4-4822-bd45-74e31e705a54\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-12\",\n \"Date_Last_Reviewed\": \"2025-03-30\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1616156,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"a4a85217-738f-44de-b9bf-e3cd50c43e51\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-23\",\n \"Date_Last_Reviewed\": \"2023-09-14\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1545659,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"caf63932-9fe7-4b14-99aa-ee0825ba51e6\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-01\",\n \"Date_Last_Reviewed\": \"2023-05-30\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1420608,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"fe7f2897-70d0-4262-be95-edb254e2ee59\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-30\",\n \"Date_Last_Reviewed\": \"2023-09-18\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1850235,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"5b30911b-0c85-41bb-a9db-96ee40bd9266\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-25\",\n \"Date_Last_Reviewed\": \"2025-02-05\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1950058,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"fb412c9a-b947-4e2b-b156-8e93be7e1adf\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-20\",\n \"Date_Last_Reviewed\": \"2025-03-26\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1097321,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"77bba0f5-9202-4ece-ad64-94cb23a99014\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-22\",\n \"Date_Last_Reviewed\": \"2025-03-31\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1222224,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"7b8660bf-8910-4f30-a355-55680f166e7e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-17\",\n \"Date_Last_Reviewed\": \"2023-12-14\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1799325,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"0310f887-3f51-41a1-8bda-bcbbfbc4f83f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-01-28\",\n \"Date_Last_Reviewed\": \"2025-03-18\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1438232,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"690eb122-6930-4d23-ac15-5e480d5b7e08\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-21\",\n \"Date_Last_Reviewed\": \"2024-07-12\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, SOX\",\n \"Loss_Estimate_USD\": 256326,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"717dd2a0-324e-4c40-96d3-e25bf57abcc7\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-26\",\n \"Date_Last_Reviewed\": \"2024-10-04\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 108492,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"fa8f1358-2548-46b8-be64-07d62c2c731e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-16\",\n \"Date_Last_Reviewed\": \"2024-07-26\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1970486,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"2302ea8c-188a-41f0-8257-5ad318f54ae9\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-03\",\n \"Date_Last_Reviewed\": \"2023-12-14\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 414871,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"eef8de5b-c265-4356-8085-d38a1cc54ca2\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-18\",\n \"Date_Last_Reviewed\": \"2023-08-02\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 967900,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"8208071c-3764-453a-b0ba-f637c27c30f2\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-19\",\n \"Date_Last_Reviewed\": \"2025-05-11\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 675291,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"f538c8c0-8fc3-479f-845f-b7f57a3126c5\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-10\",\n \"Date_Last_Reviewed\": \"2023-10-29\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1059983,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"cd64d040-dbfd-4cde-a256-a3b6a4e5936e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-18\",\n \"Date_Last_Reviewed\": \"2023-09-19\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1939157,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"21d88fd5-dc33-4793-b227-5fc3bb205345\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-28\",\n \"Date_Last_Reviewed\": \"2023-08-06\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 625247,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"1e49e730-fbca-493c-adfa-df0e849cd42f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-27\",\n \"Date_Last_Reviewed\": \"2024-10-05\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1039769,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"70e6f5ff-77a0-4e38-87fb-64ab1eb1323e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-25\",\n \"Date_Last_Reviewed\": \"2025-02-06\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 682696,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"c8d08bc6-f6ce-48da-a0dd-6fa65ff0afba\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-21\",\n \"Date_Last_Reviewed\": \"2024-09-18\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 226877,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"e7c448e3-1eb3-4966-82a1-10ef0209841a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-19\",\n \"Date_Last_Reviewed\": \"2023-09-18\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1473148,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"60322976-472a-41dd-961f-91144cbf9b9e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-01-23\",\n \"Date_Last_Reviewed\": \"2024-03-06\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1702161,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"b7b2a5d8-4209-47c2-9afe-8eb96d54b90b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-15\",\n \"Date_Last_Reviewed\": \"2024-10-02\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 874017,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"4c3370f3-4771-42ab-b972-7ac1aae3a0c2\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-23\",\n \"Date_Last_Reviewed\": \"2023-08-09\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 195049,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"17b9ef91-8cd7-4bc1-86a5-4f6a0718554a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-30\",\n \"Date_Last_Reviewed\": \"2024-10-01\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1772919,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"7f22e2e7-10cc-4011-9350-6e7cb096beb6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-22\",\n \"Date_Last_Reviewed\": \"2023-11-14\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 722094,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"f0eeb758-90f0-4a21-91be-49d12e80bc43\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-07\",\n \"Date_Last_Reviewed\": \"2024-05-31\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 297748,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"c35acb51-0117-440d-b10e-6cb516e061b1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-04\",\n \"Date_Last_Reviewed\": \"2023-07-17\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1652635,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"005aabb6-5e09-4843-ab89-3b9a8ff9481b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-02\",\n \"Date_Last_Reviewed\": \"2023-08-09\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 948976,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"ac866476-ad73-4122-8b30-c2277b9a7bf1\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-24\",\n \"Date_Last_Reviewed\": \"2023-11-04\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1824551,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}"], "How many high-likelihood risks are currently under review?": ["[\n {\n \"Risk_ID\": \"7ab58b7a-c12e-484e-a84f-eaf7c4e71c9b\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-29\",\n \"Date_Last_Reviewed\": \"2024-02-23\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 553157,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"de34232e-703d-4c43-81bd-ebf7aa2f90d9\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-23\",\n \"Date_Last_Reviewed\": \"2023-11-09\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1099499,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"598991b1-5b3c-4849-aca5-31a9e46b75ff\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-21\",\n \"Date_Last_Reviewed\": \"2024-01-16\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 201031,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1018a748-8f3d-4060-89ec-673b16c911dc\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-07\",\n \"Date_Last_Reviewed\": \"2024-12-28\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 783046,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"fbdb1540-03a8-428d-949c-c5a84f4cb798\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-25\",\n \"Date_Last_Reviewed\": \"2025-05-11\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 978117,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"15886ccf-ec39-4b67-9436-69c69a01ab95\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-11\",\n \"Date_Last_Reviewed\": \"2024-09-19\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 252194,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0046c50e-f924-4158-a3ae-077341c33978\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-22\",\n \"Date_Last_Reviewed\": \"2023-11-16\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 226277,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"796a67a6-7cc0-4bc8-9498-2e3b8c2cb08f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-23\",\n \"Date_Last_Reviewed\": \"2023-06-26\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 584417,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"945f6390-8367-4702-a70d-8baeb552b2d4\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-16\",\n \"Date_Last_Reviewed\": \"2024-09-13\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 128837,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"62a6d4f7-1059-44e4-8f49-628c043c48df\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-24\",\n \"Date_Last_Reviewed\": \"2025-04-10\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 606964,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c0cba54b-5ae4-474b-8c84-f196f97253af\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-17\",\n \"Date_Last_Reviewed\": \"2023-07-10\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1212800,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"63103839-dfd7-4ebf-b4ac-9cad1ea29e32\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-22\",\n \"Date_Last_Reviewed\": \"2025-02-02\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1622477,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ef456705-d6da-4a7c-8c1c-c194e54e6d4f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-14\",\n \"Date_Last_Reviewed\": \"2023-08-29\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1346871,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b3104220-c29f-405f-a650-d61467de10c1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-26\",\n \"Date_Last_Reviewed\": \"2024-12-14\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1114376,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b45ae882-56b1-4844-959f-f29fc751fe89\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-15\",\n \"Date_Last_Reviewed\": \"2024-10-25\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 926068,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"64342d99-3096-4f07-a5d6-a98fcd1d0470\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-09\",\n \"Date_Last_Reviewed\": \"2023-06-17\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 670451,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"94fbb8a5-ca38-423f-a21d-840a6f56a5a2\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-28\",\n \"Date_Last_Reviewed\": \"2024-04-06\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 486486,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5416ae50-64ab-4a1e-be68-f6cd004ea778\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-26\",\n \"Date_Last_Reviewed\": \"2024-11-15\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 854209,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"03e34167-5514-40ca-9350-d4bd5a18b2e6\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-10\",\n \"Date_Last_Reviewed\": \"2024-12-08\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1931498,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8f5ead92-9487-4e3a-9c2c-dc853a3e378d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-11\",\n \"Date_Last_Reviewed\": \"2023-10-27\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1005669,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"be7e5895-89f4-4bfc-8d97-1f6cbcc42c05\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-25\",\n \"Date_Last_Reviewed\": \"2024-12-10\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1019538,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"904def52-878b-4f4b-8435-4953ea741818\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-17\",\n \"Date_Last_Reviewed\": \"2024-10-27\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 805635,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8a19aee4-183c-439d-89e5-a307f170aa82\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-24\",\n \"Date_Last_Reviewed\": \"2023-09-03\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1310857,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ccf89c9d-e13e-4148-923f-fd7a28c0c8c4\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-02\",\n \"Date_Last_Reviewed\": \"2023-07-29\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1395201,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1b6a50de-d486-494e-af41-72cd96350154\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-27\",\n \"Date_Last_Reviewed\": \"2024-05-22\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 651949,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2a7a5b38-1c20-404b-a8ef-1d110bef8e7e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-10\",\n \"Date_Last_Reviewed\": \"2023-12-09\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1019395,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"07662e3b-71df-4831-9faa-ef22fbf1b7e7\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-05\",\n \"Date_Last_Reviewed\": \"2023-06-26\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 285464,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e6d9fb8e-a270-45f5-bcbb-ddeae1e662b9\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-02\",\n \"Date_Last_Reviewed\": \"2024-04-20\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1489052,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"e65f7d93-9d81-4ec1-9b8e-f23829a9873c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-16\",\n \"Date_Last_Reviewed\": \"2024-06-12\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 359565,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8da646a7-0bff-476c-9d8c-678bc2e52280\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-05\",\n \"Date_Last_Reviewed\": \"2024-09-25\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 184780,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"615dbf52-21d5-4bff-a5ab-b9e58a1e87b7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-13\",\n \"Date_Last_Reviewed\": \"2024-02-19\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 237811,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"be0b56bb-dd07-4588-a176-77b9af676051\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-31\",\n \"Date_Last_Reviewed\": \"2023-06-30\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1493216,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"893d1b9e-abda-4707-b3ef-d385ce695ff4\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-08\",\n \"Date_Last_Reviewed\": \"2024-08-31\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 181272,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c91521e6-9702-44be-948a-44cf283442af\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-28\",\n \"Date_Last_Reviewed\": \"2025-04-14\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 593425,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"d0af8ec9-4b65-4d3c-af5e-73ab67bafa30\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-28\",\n \"Date_Last_Reviewed\": \"2025-04-18\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 386644,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a31c6f46-0c13-4dc4-bb8c-15fd65f17a0a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-26\",\n \"Date_Last_Reviewed\": \"2023-08-06\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 682999,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3fe76ee6-45b5-4629-8b5e-2430d63fd2d7\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-22\",\n \"Date_Last_Reviewed\": \"2024-10-01\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 352344,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9e5399cb-6bf1-4c55-922f-5e06deec5745\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-01\",\n \"Date_Last_Reviewed\": \"2024-12-27\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1053124,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ebef4db9-a31d-48eb-8fc4-47bebdd163c9\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-13\",\n \"Date_Last_Reviewed\": \"2023-09-07\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 697863,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9de451a1-1cd6-4e91-8888-f3488ca2da1e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-22\",\n \"Date_Last_Reviewed\": \"2025-01-19\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1365638,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"45ea2d1a-05d6-4d72-bf30-a2aa92b60dd6\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-26\",\n \"Date_Last_Reviewed\": \"2023-08-27\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 158227,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"77b63de2-ab59-46ff-b869-95b321755422\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-23\",\n \"Date_Last_Reviewed\": \"2024-10-16\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 769938,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8d1244e3-a615-40a3-8606-4f243ef10274\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-28\",\n \"Date_Last_Reviewed\": \"2023-08-26\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1843175,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b86e8ae6-8ccf-4b8b-a805-e2b0ba326596\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-29\",\n \"Date_Last_Reviewed\": \"2023-10-02\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 495605,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"bad8d2d9-5487-49b5-9edd-2872ae1cb3af\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-24\",\n \"Date_Last_Reviewed\": \"2024-08-13\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1917038,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c4d7a12b-1426-4120-b832-65fcfd331dcc\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-28\",\n \"Date_Last_Reviewed\": \"2024-01-24\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 535926,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"dcf8dbe6-7031-4928-9ea5-7dcaf3f5e6b4\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-03\",\n \"Date_Last_Reviewed\": \"2023-08-27\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 697232,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4661a23b-a5a4-46e1-8e37-764fd3fafc8c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-13\",\n \"Date_Last_Reviewed\": \"2023-12-26\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1625463,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c68b757d-0ef5-465d-9afe-ab92e0b33aca\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-01-10\",\n \"Date_Last_Reviewed\": \"2023-07-30\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 275742,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"5f124061-b208-45a6-9b7f-f153adb32699\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-01\",\n \"Date_Last_Reviewed\": \"2023-06-02\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1419346,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ff0f2f2b-59ec-4052-8bc2-f87dc09337be\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-28\",\n \"Date_Last_Reviewed\": \"2024-02-05\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 844496,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"32a0955d-3d80-42e3-94c5-9ec770db5b51\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-19\",\n \"Date_Last_Reviewed\": \"2023-09-17\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 532934,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e6db7618-7294-4ac5-b814-bbd5e3af5025\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-30\",\n \"Date_Last_Reviewed\": \"2023-12-11\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 337952,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"cb035434-051f-4d63-a6f3-acc82ff68ab6\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-01\",\n \"Date_Last_Reviewed\": \"2023-11-15\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1072784,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1356f113-102c-4d66-8bf3-c6b249481f99\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-29\",\n \"Date_Last_Reviewed\": \"2025-04-08\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1181416,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"27a355dd-5fcb-4e2b-bb91-13a5c6b8351b\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-11\",\n \"Date_Last_Reviewed\": \"2024-03-04\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1525685,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a1c9039f-5f00-4b91-8ef2-8b294bfd7fed\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-17\",\n \"Date_Last_Reviewed\": \"2023-06-13\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 699582,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1c5202ba-c885-4edc-8a1d-ce4df36957a5\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-02\",\n \"Date_Last_Reviewed\": \"2025-03-11\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1236327,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6f8facb2-3583-495b-b987-26e0e1f0e367\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-12\",\n \"Date_Last_Reviewed\": \"2023-12-31\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1678650,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"fabb08e1-9aa9-4291-a11f-5827fefd62b0\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-12\",\n \"Date_Last_Reviewed\": \"2024-04-25\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 658999,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"06866848-dc9b-4448-9b05-a39f378d09e9\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-03\",\n \"Date_Last_Reviewed\": \"2024-10-29\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1059827,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"3ff95f06-9ab4-4413-a91f-f0cc17574a78\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-05\",\n \"Date_Last_Reviewed\": \"2025-01-25\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 110633,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2358e5ff-eb6b-409a-b29f-23271e949183\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-18\",\n \"Date_Last_Reviewed\": \"2024-09-24\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1181214,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"55a9d43a-95d1-44bb-ad7f-42518caad668\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-05-03\",\n \"Date_Last_Reviewed\": \"2023-09-19\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1412476,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b22a9215-6539-402e-9c58-7a3cd898769d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-25\",\n \"Date_Last_Reviewed\": \"2023-07-07\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1711377,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4d80c31c-2923-4af3-a31d-e2291dc837c3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-23\",\n \"Date_Last_Reviewed\": \"2023-06-21\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1471159,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"794894a0-b493-4d35-919d-029096c86959\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-22\",\n \"Date_Last_Reviewed\": \"2024-11-17\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1223155,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"00968fa5-2722-4869-b70e-9794922fdc00\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-11\",\n \"Date_Last_Reviewed\": \"2024-02-15\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1822113,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c4e607fd-1772-4ac3-87c1-0e3609d2009d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-17\",\n \"Date_Last_Reviewed\": \"2023-09-11\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 160436,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"27c68256-473f-4bbc-84c5-0a32cb1b4dab\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-03\",\n \"Date_Last_Reviewed\": \"2024-01-19\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 953803,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"2a090656-91f5-4d0e-bd79-ef1e96aabdcb\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-01\",\n \"Date_Last_Reviewed\": \"2023-12-24\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1736771,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ae596524-43f7-44b9-9004-b1cc43ff2f43\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-15\",\n \"Date_Last_Reviewed\": \"2024-04-28\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1844488,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4fa0eff2-e90c-4640-b5b3-e8ebe4316c70\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-31\",\n \"Date_Last_Reviewed\": \"2024-10-15\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1443720,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a18065ec-2e22-42d2-a1e4-0ce54206abad\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-25\",\n \"Date_Last_Reviewed\": \"2024-04-14\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 574757,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a204b702-fca1-453a-9f17-8dda1e76df07\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-18\",\n \"Date_Last_Reviewed\": \"2024-12-28\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 910872,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0252c160-742a-453d-8462-d19d09aabee1\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-22\",\n \"Date_Last_Reviewed\": \"2024-10-22\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 400897,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"cd19248b-b428-44fe-9358-97c9a7b2cbed\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-20\",\n \"Date_Last_Reviewed\": \"2023-07-31\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1358901,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9d71d4c0-3d05-4f2b-96e5-87d358652896\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-17\",\n \"Date_Last_Reviewed\": \"2023-06-26\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 116904,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"04d876aa-32ce-44e1-8a26-236138adab20\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-29\",\n \"Date_Last_Reviewed\": \"2025-03-28\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 290755,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"77840a56-6adc-4fea-b058-aa426fd9aafc\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-22\",\n \"Date_Last_Reviewed\": \"2024-07-17\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1812452,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a129ea09-fd53-47d6-b969-5888b3b04cfb\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-13\",\n \"Date_Last_Reviewed\": \"2023-11-11\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1421217,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d73c5d17-ad30-48a8-a0b7-ce1eaceb48e2\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-26\",\n \"Date_Last_Reviewed\": \"2024-05-08\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1195337,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"fc0de4f5-92d8-4262-b8fc-6efa1a29f916\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-22\",\n \"Date_Last_Reviewed\": \"2024-11-11\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1772224,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"14a5a676-16ba-4798-9306-9d73920c4681\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-22\",\n \"Date_Last_Reviewed\": \"2024-07-02\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 286833,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a9624f11-4feb-43af-b530-ebaaa6f9a994\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-15\",\n \"Date_Last_Reviewed\": \"2024-06-29\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 834887,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"28ea2352-a9e6-4f8f-9c4a-a796de4d179b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-26\",\n \"Date_Last_Reviewed\": \"2024-09-01\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1006691,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"44002008-5e85-4840-9e0a-5353fe94eeb1\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-27\",\n \"Date_Last_Reviewed\": \"2024-06-20\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1434136,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"219d6643-43b5-4b4f-b956-6504b4ac3ff6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-22\",\n \"Date_Last_Reviewed\": \"2024-08-11\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 203288,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"eec7574b-29e1-49ec-8257-8882b4ab11cc\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-25\",\n \"Date_Last_Reviewed\": \"2023-06-06\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 600205,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"aef48f8e-900c-48d3-a37d-57a9a62eab6b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-09\",\n \"Date_Last_Reviewed\": \"2025-03-17\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 108057,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1f4e867f-c14b-4b12-9e63-3f5bf5988bb5\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-19\",\n \"Date_Last_Reviewed\": \"2024-11-09\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1225746,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"95b35baa-cb5c-4927-9784-b81838d24a83\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-20\",\n \"Date_Last_Reviewed\": \"2025-01-01\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1905215,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4cf18953-f0ff-42f5-a394-104b600e52e8\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-21\",\n \"Date_Last_Reviewed\": \"2023-12-12\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1534564,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"578adb84-1315-406d-b3ee-51737450cdfc\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-02\",\n \"Date_Last_Reviewed\": \"2023-07-21\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 216097,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f0fad95f-ec65-4de1-86fe-13ac85884837\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-17\",\n \"Date_Last_Reviewed\": \"2024-12-22\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1925958,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b3870212-cbba-449c-99ba-4afda0f4497b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-03\",\n \"Date_Last_Reviewed\": \"2023-06-09\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1337030,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c4eaa318-5edd-479f-a89c-ae23184d6d4b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-08\",\n \"Date_Last_Reviewed\": \"2024-12-24\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 481738,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"954a463e-850d-45d5-912f-4e0c13f34821\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-17\",\n \"Date_Last_Reviewed\": \"2025-03-27\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 262498,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"8a8c83fa-f15f-4bc4-b166-6fc6f90ecebf\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-21\",\n \"Date_Last_Reviewed\": \"2025-03-15\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1512933,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d78428ec-9e87-4669-8338-60c93ef22bf2\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-04\",\n \"Date_Last_Reviewed\": \"2025-03-28\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 757825,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"76c9d6f0-5a6a-4be0-b06f-838590024fb6\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-27\",\n \"Date_Last_Reviewed\": \"2025-04-02\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1681707,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"4b90170b-40fd-472d-b917-f81f52842cd7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-02\",\n \"Date_Last_Reviewed\": \"2023-06-20\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1143696,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c698f2ea-dc65-43c3-a453-b19b3c69c16f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-09\",\n \"Date_Last_Reviewed\": \"2025-03-17\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 419425,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5650748a-8eff-4684-b15d-e4f1ba6ecc7c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-15\",\n \"Date_Last_Reviewed\": \"2023-12-04\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 943332,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"5fc530b7-506b-4e02-851b-3f59cf3ae4c4\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-30\",\n \"Date_Last_Reviewed\": \"2024-02-13\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1196689,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"072474a3-1bd0-4dd3-b270-1b22b1f17f4c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-17\",\n \"Date_Last_Reviewed\": \"2025-04-26\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1721834,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"aedea726-2d4a-4e39-a570-57e3bffdfcd5\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-12\",\n \"Date_Last_Reviewed\": \"2024-06-05\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1866191,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"20e1d5fe-1b9b-4032-af1d-7aaa077abd5d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-08\",\n \"Date_Last_Reviewed\": \"2023-09-04\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 282502,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"fada158f-c183-4c35-bb7f-0ac02c376380\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-02\",\n \"Date_Last_Reviewed\": \"2024-06-04\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1886645,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"bdcc3c2a-e715-49b3-a949-97b4260af87a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-13\",\n \"Date_Last_Reviewed\": \"2024-10-27\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1798590,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c4fa8134-6528-40c0-a2e4-1023764dd726\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-27\",\n \"Date_Last_Reviewed\": \"2025-03-29\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1431789,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"493357e7-4976-4297-b49c-eb44e7e16ff7\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-08\",\n \"Date_Last_Reviewed\": \"2023-08-02\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1151401,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a4832644-7424-4f62-801f-848c6846d755\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-18\",\n \"Date_Last_Reviewed\": \"2023-07-12\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1067623,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4f973a81-df23-4112-8377-49d43b043337\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-26\",\n \"Date_Last_Reviewed\": \"2025-03-29\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1488447,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"1a5a4869-69f7-4cf6-8656-df0b5931d300\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-23\",\n \"Date_Last_Reviewed\": \"2025-04-05\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 157014,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"46e84407-662a-4a8f-beea-5e3b3f04a192\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-30\",\n \"Date_Last_Reviewed\": \"2023-06-13\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 350948,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f66a4b82-6eba-4d80-acf9-08005cea8c0f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-29\",\n \"Date_Last_Reviewed\": \"2025-01-05\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1489412,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c2d8bb2a-1eed-4266-b6a4-ac68399223b0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-25\",\n \"Date_Last_Reviewed\": \"2024-08-22\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1589577,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"43699595-0630-4a4c-a064-bab327896bf3\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-10\",\n \"Date_Last_Reviewed\": \"2023-06-28\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 437092,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7fd7a6bc-1549-4a79-a23b-f6c4c0edd9d0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-30\",\n \"Date_Last_Reviewed\": \"2024-11-11\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 197776,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"230042ed-6cd3-4375-83bb-cc1d2ddbe3f6\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-17\",\n \"Date_Last_Reviewed\": \"2023-08-23\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 978881,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"810566c6-f1dd-4968-9ae5-f1924bc0feaf\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-10\",\n \"Date_Last_Reviewed\": \"2025-02-07\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 291858,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"37806873-d872-4ba4-ad09-f659f288773e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-01-11\",\n \"Date_Last_Reviewed\": \"2025-04-07\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 292053,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"78ed2251-bb49-4e2c-8113-e1c8e61a730d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-17\",\n \"Date_Last_Reviewed\": \"2024-08-12\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 177794,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b76dc1fe-0aa8-4a91-ae8b-9cee2978ff64\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-13\",\n \"Date_Last_Reviewed\": \"2024-04-13\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 700724,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e1388956-ddb3-4123-a1e4-9542884a7448\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-08\",\n \"Date_Last_Reviewed\": \"2024-10-14\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 491065,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"49031483-6da7-41bf-b46e-8b09dae7baca\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-17\",\n \"Date_Last_Reviewed\": \"2023-06-16\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1807999,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"01f82add-4e25-4f08-8a37-6698a3ea2616\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-23\",\n \"Date_Last_Reviewed\": \"2024-09-09\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1254323,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"78fcb07f-a9b9-493a-8590-ad6569b387a5\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-17\",\n \"Date_Last_Reviewed\": \"2025-04-16\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 920103,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d6e246cd-f763-4232-b16e-d8c1acc66c40\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-29\",\n \"Date_Last_Reviewed\": \"2024-11-11\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 253481,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a0cdd3cd-6957-47c1-b400-848f715fd90e\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-12\",\n \"Date_Last_Reviewed\": \"2024-08-31\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 362494,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"76e7076b-a880-46cb-9f7f-ac23d0df8eda\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-17\",\n \"Date_Last_Reviewed\": \"2024-10-02\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1468447,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"3701112d-8e44-42d4-b7ad-bf19cb7d607b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-20\",\n \"Date_Last_Reviewed\": \"2023-05-26\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1796394,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f5159518-5a47-48eb-b026-1191ed3d6648\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-14\",\n \"Date_Last_Reviewed\": \"2023-11-10\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1033660,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"db659c26-82a9-4dcb-8f6c-29cd71027506\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-08\",\n \"Date_Last_Reviewed\": \"2023-08-14\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1889257,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"3bbbb740-d4f8-4cd4-8009-2943d63b500e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-30\",\n \"Date_Last_Reviewed\": \"2023-10-02\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 767792,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"468da68a-43cb-4e34-8a5f-a5a83019e6ac\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-05\",\n \"Date_Last_Reviewed\": \"2023-07-23\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1829979,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"88e48764-5531-4e00-b1fa-2ca22c9bebb8\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-19\",\n \"Date_Last_Reviewed\": \"2025-01-31\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 732394,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"8e566148-848e-4f27-b41b-f35fa4489451\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-25\",\n \"Date_Last_Reviewed\": \"2025-04-04\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1589392,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1743217e-3a90-442f-aeb6-b3b9a15581b9\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-16\",\n \"Date_Last_Reviewed\": \"2024-03-05\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1482376,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"9dd5a40d-6352-4ce9-98f3-74bf0fc257b2\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-17\",\n \"Date_Last_Reviewed\": \"2025-05-02\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 103808,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7f8f3b2c-6b9d-4e62-971e-a088072c8419\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-22\",\n \"Date_Last_Reviewed\": \"2024-09-15\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1889053,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e467a5b0-de23-4e6e-8ba9-2e156be22abb\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-09\",\n \"Date_Last_Reviewed\": \"2024-03-20\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1254168,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ebc76d62-b871-4ef5-abd7-c546aa5bbc3f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-15\",\n \"Date_Last_Reviewed\": \"2024-12-08\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 700390,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"9db21965-7006-47cf-a827-897b228756a7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-27\",\n \"Date_Last_Reviewed\": \"2024-02-01\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 494519,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ad1b615c-1f58-4d24-8737-b772d8e7fad7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-05\",\n \"Date_Last_Reviewed\": \"2023-11-25\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 918517,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"db6c3b91-5f48-492c-8603-61b6581f9b9d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-19\",\n \"Date_Last_Reviewed\": \"2025-03-09\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 662074,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e2aef2cf-65ff-4119-bad1-6ffedc033142\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-08\",\n \"Date_Last_Reviewed\": \"2024-11-11\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1404247,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6c106087-255b-4e52-8ed4-39318cda914a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-27\",\n \"Date_Last_Reviewed\": \"2024-04-14\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 839651,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4fe227e8-d1ca-49c3-bfd3-e2689bef3de7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-11\",\n \"Date_Last_Reviewed\": \"2024-08-08\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1156375,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7e0641d0-a307-453f-b089-5faf2cb60baa\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-30\",\n \"Date_Last_Reviewed\": \"2024-10-27\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 393691,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"0aa25b79-49e1-4220-9a61-e7d8c3cd26e3\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-06\",\n \"Date_Last_Reviewed\": \"2025-03-02\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1383952,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d6f8d7ff-678b-43c7-bee4-2e85aff97cde\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-24\",\n \"Date_Last_Reviewed\": \"2023-07-06\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 426858,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"236a45f6-0a47-44a4-b0f3-8523e75beece\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-10\",\n \"Date_Last_Reviewed\": \"2025-01-16\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1573990,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7345338e-8d51-45a6-ad81-a00ad871189e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-13\",\n \"Date_Last_Reviewed\": \"2025-04-16\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 997229,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f711f320-1043-4e67-b017-39774aa6a277\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-26\",\n \"Date_Last_Reviewed\": \"2024-12-15\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1938080,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e49ba59b-bdfb-46f3-8b50-79fd5b447842\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-03\",\n \"Date_Last_Reviewed\": \"2023-11-29\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1579733,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"06eefa14-86c2-4352-9a66-d55a7acc5bf0\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-05\",\n \"Date_Last_Reviewed\": \"2024-03-14\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 426458,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"72b2e72d-71b1-40cd-9e69-01792c84cadb\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-10\",\n \"Date_Last_Reviewed\": \"2024-10-19\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 240491,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c9d95d86-2d99-456e-a562-f3dfe0adabbd\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-09\",\n \"Date_Last_Reviewed\": \"2024-09-01\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 868314,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7d93c5ee-238c-4c12-84c4-9cc67b055da4\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-24\",\n \"Date_Last_Reviewed\": \"2025-03-26\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 418004,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7f9c03b3-93c7-4f17-8c7c-c9d4a30fc531\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-11\",\n \"Date_Last_Reviewed\": \"2024-08-17\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1692137,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"031477d0-7629-4f19-b00d-4cabc1b7e4bb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-15\",\n \"Date_Last_Reviewed\": \"2024-05-26\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1185797,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"404c0064-1abe-4b6d-b427-50c22f029909\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-04\",\n \"Date_Last_Reviewed\": \"2024-04-29\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 875266,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c68bd6ff-e2fe-453c-8c57-f2335440861c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-06\",\n \"Date_Last_Reviewed\": \"2024-02-08\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 665930,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9f35c8c7-db34-4d71-8d2c-53c56ee74076\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-13\",\n \"Date_Last_Reviewed\": \"2024-05-31\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1782220,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"feb88f51-b324-4df7-82ad-331e7d1b3c8e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-03\",\n \"Date_Last_Reviewed\": \"2023-09-22\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1293745,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"080ff24a-ab28-4f42-a458-eed38f4dbda0\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-21\",\n \"Date_Last_Reviewed\": \"2025-03-13\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1034636,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"4eb122fd-5efa-4365-81d7-c69839f16c0f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-16\",\n \"Date_Last_Reviewed\": \"2024-04-11\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1091016,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8ab757cb-4e1a-4441-80ca-2fb27bf0f1d0\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-07\",\n \"Date_Last_Reviewed\": \"2023-08-26\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 600986,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8acae283-1785-40dd-8396-2b4f040d2f42\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-19\",\n \"Date_Last_Reviewed\": \"2025-02-11\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 441617,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"20f83a91-3fb0-40b7-ab19-328a297384d5\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-28\",\n \"Date_Last_Reviewed\": \"2025-03-07\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 861234,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"56eeb7bd-d686-464c-9418-cecf8dbba33d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-06\",\n \"Date_Last_Reviewed\": \"2023-11-11\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 280726,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"bb418cac-7ae9-4466-bf4c-9558767802f1\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-27\",\n \"Date_Last_Reviewed\": \"2024-01-01\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1341876,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7020f6d1-6d19-4216-bcc9-aca203963d68\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-14\",\n \"Date_Last_Reviewed\": \"2025-02-13\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 670173,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"941c138f-6282-4c7b-9229-f1e0f06c7838\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-09\",\n \"Date_Last_Reviewed\": \"2025-02-24\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 238708,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f7ec685a-4aa6-44ff-8b41-4c0619777713\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-12\",\n \"Date_Last_Reviewed\": \"2025-03-06\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1240546,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c01ad8c2-280a-4c14-b7aa-20c4a3b73045\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-13\",\n \"Date_Last_Reviewed\": \"2023-09-01\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1160819,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ddc52a51-f864-4cd0-aee9-4610e21fefa8\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-25\",\n \"Date_Last_Reviewed\": \"2024-04-11\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1118400,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"752b39cd-a2b1-4a49-96ce-38a9a4e964d3\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-05-21\",\n \"Date_Last_Reviewed\": \"2024-03-02\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 244568,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6c003c1c-379b-4d0c-b950-e79319861caf\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-28\",\n \"Date_Last_Reviewed\": \"2024-07-13\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1653928,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"3333d8c8-c4f9-46d6-87af-6bc4ad5e8118\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-22\",\n \"Date_Last_Reviewed\": \"2023-09-04\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1756029,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c7c4ee6b-85ff-4e99-b2a0-2492e5883603\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-15\",\n \"Date_Last_Reviewed\": \"2023-10-16\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 689348,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"04f84a02-37d9-48b1-8869-c7636c762682\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-01\",\n \"Date_Last_Reviewed\": \"2024-03-21\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 374650,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ad218ad4-2b90-41b6-84bc-19438a5e6883\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-12\",\n \"Date_Last_Reviewed\": \"2024-05-22\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1240664,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5b3e257a-77f9-4dcd-84db-95bf846924db\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-10\",\n \"Date_Last_Reviewed\": \"2024-12-10\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1493151,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"48d925ea-066d-4d83-a3d9-3ed574b97797\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-14\",\n \"Date_Last_Reviewed\": \"2024-11-06\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1184772,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"fc8fa559-4a4d-46ef-8167-74c7f6f372f4\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-20\",\n \"Date_Last_Reviewed\": \"2024-02-22\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1572845,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"9cb5c97f-2c88-4423-abc4-4a51e16fc993\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-11\",\n \"Date_Last_Reviewed\": \"2024-07-07\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 544801,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"50bdfca0-ff74-4f04-8064-8636252c6d91\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-13\",\n \"Date_Last_Reviewed\": \"2024-07-04\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 857848,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ca984dc5-357c-4d07-a193-624238180021\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-13\",\n \"Date_Last_Reviewed\": \"2024-05-18\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 205218,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"82f21858-ce35-494c-9f6a-1b303a909ad6\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-17\",\n \"Date_Last_Reviewed\": \"2025-01-29\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1788043,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e2e30cde-6600-4632-8610-ff9da551ebd4\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-24\",\n \"Date_Last_Reviewed\": \"2024-03-15\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1923216,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"0399ee1c-9de1-4a45-8471-6a0dc6476a0f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-25\",\n \"Date_Last_Reviewed\": \"2023-11-16\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 299796,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ec16c3ef-07b0-4116-9d1a-f63e85a3d4c0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-24\",\n \"Date_Last_Reviewed\": \"2023-09-05\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 897499,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d8613be0-a051-4cce-8c32-e1c92b30fdaf\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-21\",\n \"Date_Last_Reviewed\": \"2024-06-07\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 811552,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"35eb4f45-6735-46ef-83a7-c00bc32c7842\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-07\",\n \"Date_Last_Reviewed\": \"2023-05-21\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1603653,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"010daf76-f14e-4291-b0ba-ba0ca3871514\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-18\",\n \"Date_Last_Reviewed\": \"2025-05-08\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, CCPA\",\n \"Loss_Estimate_USD\": 710928,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2294f41b-762c-4359-a298-8cdabb05d95f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-31\",\n \"Date_Last_Reviewed\": \"2024-12-10\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 747715,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1ccafad9-2b40-4008-812b-60b26922045e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-19\",\n \"Date_Last_Reviewed\": \"2024-07-21\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1927606,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"01403332-c595-4895-820d-49306597ae13\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-14\",\n \"Date_Last_Reviewed\": \"2023-07-07\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 610066,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7d5e6f24-571b-47b0-a484-4a29c71ec843\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-30\",\n \"Date_Last_Reviewed\": \"2024-02-28\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1498116,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ade25088-db31-4fce-895c-69d671f655fd\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-25\",\n \"Date_Last_Reviewed\": \"2024-03-10\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1301138,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"19a3e5d1-c2b9-42af-a7be-0af05697fa7f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-27\",\n \"Date_Last_Reviewed\": \"2025-04-07\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1559474,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e90fcb1d-0a42-421d-88e8-2108b69e4fa0\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-07\",\n \"Date_Last_Reviewed\": \"2024-04-19\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1334294,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"83545137-4eb3-4f0e-9fde-bb3b80a48656\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-30\",\n \"Date_Last_Reviewed\": \"2023-07-24\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 113772,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f61de403-358d-45ce-b39f-4d5f23a460a5\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-06\",\n \"Date_Last_Reviewed\": \"2024-12-23\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1530658,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"fa279c9c-5e73-4e74-a4d0-7e23f38e77c9\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-27\",\n \"Date_Last_Reviewed\": \"2024-03-19\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1693032,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"468a9607-8d2c-42a7-805a-40b5255b9742\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-15\",\n \"Date_Last_Reviewed\": \"2024-04-22\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1062167,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"5574d85d-f9d0-49a9-bed6-9b3bf0716406\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-24\",\n \"Date_Last_Reviewed\": \"2024-05-17\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 346340,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e9b94b73-2734-4eec-a216-b723c29252ef\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-19\",\n \"Date_Last_Reviewed\": \"2024-02-25\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 186695,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"2b511a8e-40eb-4fea-b34e-67dc702cc6cc\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-20\",\n \"Date_Last_Reviewed\": \"2025-03-10\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1437290,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"12e14b8d-6103-444b-b841-67f1ec142a8d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-31\",\n \"Date_Last_Reviewed\": \"2024-08-23\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1336125,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"296ee71f-8ef2-4191-a21b-1abe8878137a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-04\",\n \"Date_Last_Reviewed\": \"2024-07-21\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1245990,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ec46c604-82d8-4fd9-8e43-b523d0f37cee\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-17\",\n \"Date_Last_Reviewed\": \"2023-08-21\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 871259,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f1f9450d-6e4f-4c0f-94ce-938dbaee7474\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-26\",\n \"Date_Last_Reviewed\": \"2025-01-28\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1469199,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"fbdf1660-712e-4f46-96bc-30c5cb28be59\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-22\",\n \"Date_Last_Reviewed\": \"2023-10-15\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 980799,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8fd40e36-8a04-4030-b4f8-c353270fabb0\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-10\",\n \"Date_Last_Reviewed\": \"2023-06-11\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 347665,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"67a8ef63-ee99-4de6-aa99-f0d8f5bcebe5\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-24\",\n \"Date_Last_Reviewed\": \"2024-05-09\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1427094,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"555863df-4baf-401e-af08-ece12ecfe21f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-11\",\n \"Date_Last_Reviewed\": \"2024-03-04\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 732181,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6f494c3f-d8fc-4240-82e3-f0021a17abbb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-24\",\n \"Date_Last_Reviewed\": \"2024-01-13\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1572080,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"dee18ebe-07e7-4a94-98ba-2c16e500aca4\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-14\",\n \"Date_Last_Reviewed\": \"2023-10-22\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1443565,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"106307ee-e9b5-450e-a4f8-be9661396730\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-13\",\n \"Date_Last_Reviewed\": \"2024-07-07\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1201003,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8dfdc4eb-db43-47f9-905a-6e7d0f130204\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-13\",\n \"Date_Last_Reviewed\": \"2024-04-15\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 399147,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0fffa76f-10d7-4979-8e4c-af10ab719192\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-06\",\n \"Date_Last_Reviewed\": \"2024-07-17\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 416466,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"15fbf7a4-1061-4093-a371-6b6f5dafca44\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-05\",\n \"Date_Last_Reviewed\": \"2024-06-26\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 924328,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"83c53905-4ea2-4044-9e8c-601774564993\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-12\",\n \"Date_Last_Reviewed\": \"2024-02-25\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1738470,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"cd701632-d478-4dc5-8dfc-3092f976cd8a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-03\",\n \"Date_Last_Reviewed\": \"2023-10-21\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1387689,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7fc3f7b8-0d78-469d-9e7a-55c52b204073\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-19\",\n \"Date_Last_Reviewed\": \"2023-07-28\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1920076,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"87179af1-7c83-46d2-92e8-7cda9611a4d1\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-26\",\n \"Date_Last_Reviewed\": \"2025-05-12\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 987400,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"af61f43c-c65c-4cb7-b7f2-d7b8ccd9df3e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-08\",\n \"Date_Last_Reviewed\": \"2024-10-08\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 682443,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"cf4fee1e-5dd0-4522-9fc7-cf044daf58fe\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-18\",\n \"Date_Last_Reviewed\": \"2025-01-03\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1339344,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f38f9a6c-1307-468d-b445-041cd29ab8ce\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-09\",\n \"Date_Last_Reviewed\": \"2025-01-21\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 690792,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4b05efeb-fdf2-49ca-b18f-892bac3a3552\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-22\",\n \"Date_Last_Reviewed\": \"2024-06-21\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1800216,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e2beec17-44f9-48a7-afb2-621fa9e398e7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-13\",\n \"Date_Last_Reviewed\": \"2024-12-13\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 158026,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e2f88e7b-306b-4665-b198-adacaa40e80b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-03\",\n \"Date_Last_Reviewed\": \"2023-09-20\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1016867,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"a3cfbc80-85e6-41df-9212-e73191b1380b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-13\",\n \"Date_Last_Reviewed\": \"2023-08-14\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 210893,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d0242430-4651-4318-9da6-8855a94026cf\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-03\",\n \"Date_Last_Reviewed\": \"2024-04-20\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1505024,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a58bc803-7a69-4294-9d28-43a59a911081\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-01\",\n \"Date_Last_Reviewed\": \"2023-08-04\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 574172,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"046f458a-0265-4e4c-b6d8-7c8bd8acfe64\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-16\",\n \"Date_Last_Reviewed\": \"2024-02-28\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1646719,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b7d85093-8d3e-4673-a656-035041b373d6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-31\",\n \"Date_Last_Reviewed\": \"2024-02-09\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1170290,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"bdcdf51f-1560-45ec-8def-fa3b361896f5\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-25\",\n \"Date_Last_Reviewed\": \"2025-04-19\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1415646,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6a703fb9-74f2-4fc4-8fc4-c16c581387c6\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-05-11\",\n \"Date_Last_Reviewed\": \"2024-02-07\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 902197,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"12895ff4-7928-47fd-9d8a-9eff5cf9ed0e\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-10\",\n \"Date_Last_Reviewed\": \"2024-03-27\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1785534,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"cbb3b024-5461-4f8f-aff5-b5d600a1f288\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-05\",\n \"Date_Last_Reviewed\": \"2023-12-08\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1256458,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"937c8fcc-b021-449c-9992-38ec1fd49ee4\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-27\",\n \"Date_Last_Reviewed\": \"2024-03-12\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1462888,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"057bcce8-c834-459e-8bfe-1467ff846f45\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-07\",\n \"Date_Last_Reviewed\": \"2024-10-06\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 774172,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"52a95618-2388-419b-9529-59c1021a5856\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-23\",\n \"Date_Last_Reviewed\": \"2023-08-18\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 378981,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"17edfd28-3d8e-426b-9e62-64df2345919a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-13\",\n \"Date_Last_Reviewed\": \"2024-12-29\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1050351,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"670cd7be-f8dd-418a-afbb-b01f385ea0cc\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-21\",\n \"Date_Last_Reviewed\": \"2024-09-06\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 774878,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"bd7c4a23-b6e2-41b8-851f-1381432f4f6c\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-05\",\n \"Date_Last_Reviewed\": \"2024-03-19\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1374467,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"eaab4159-3916-46bc-872b-837d494a90b8\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-21\",\n \"Date_Last_Reviewed\": \"2025-02-21\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1536030,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1a31559b-47cb-4ad6-bc4a-1e9cb2dd453b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-18\",\n \"Date_Last_Reviewed\": \"2023-08-14\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1335589,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"cdfdedbe-0a4d-4d68-a080-911b02761efb\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-16\",\n \"Date_Last_Reviewed\": \"2025-02-03\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 212245,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d5bf2a0d-387d-49f7-84d7-62852b5c9697\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-05\",\n \"Date_Last_Reviewed\": \"2024-06-20\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1162808,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0e64af15-56ac-4d8c-a187-abe3e835ad9b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-14\",\n \"Date_Last_Reviewed\": \"2024-04-03\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 357198,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2a1bae2d-b118-4b5e-956f-fc7e160f4589\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-22\",\n \"Date_Last_Reviewed\": \"2023-06-19\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 869136,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"b1d3eb58-6004-477d-8ff5-d7c6826c0ec5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-02\",\n \"Date_Last_Reviewed\": \"2024-10-10\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 973128,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"fbdb6281-651b-49b7-a015-f7890cb188a5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-09\",\n \"Date_Last_Reviewed\": \"2025-01-10\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1704180,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f20030b0-3f14-4954-878b-80a277181598\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-28\",\n \"Date_Last_Reviewed\": \"2023-08-07\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1634496,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"adf6d8a1-8db5-4317-8d51-17608031f66d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-06\",\n \"Date_Last_Reviewed\": \"2023-07-28\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1167874,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"feb224bb-6436-40d7-b85a-9a4d8567deda\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-04\",\n \"Date_Last_Reviewed\": \"2024-02-23\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1054095,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"bfa3f0c9-1ace-4442-8aca-f97817f90417\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-24\",\n \"Date_Last_Reviewed\": \"2025-04-29\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1938700,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8ff7b5ff-ba57-4460-a79d-070b6d9bb41c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-18\",\n \"Date_Last_Reviewed\": \"2023-07-18\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 920071,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"6161271a-1ca6-4e7a-a6bf-fb10be98ee6e\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-22\",\n \"Date_Last_Reviewed\": \"2024-05-14\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 417948,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"be003d77-f97d-406a-ad7a-b172fcdda008\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-31\",\n \"Date_Last_Reviewed\": \"2023-09-14\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 292503,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a09fdc1b-892d-41e1-823d-d37e0a7ef5d2\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-27\",\n \"Date_Last_Reviewed\": \"2024-12-10\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 177528,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ade641e9-01d8-4f04-ba1d-0e273b184f79\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-04\",\n \"Date_Last_Reviewed\": \"2023-11-01\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 848948,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e3b63d76-9b49-452a-9231-a8155e87cd3f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-28\",\n \"Date_Last_Reviewed\": \"2023-07-14\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1819015,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"484dfb09-a86f-4a7b-926d-d6e6144eab1f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-29\",\n \"Date_Last_Reviewed\": \"2023-06-12\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1274215,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"aa37d009-da83-4cfd-be7d-4c09cef02d1d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-01\",\n \"Date_Last_Reviewed\": \"2025-02-15\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 559370,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f0a588c3-6937-4799-8197-5f8354e5840b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-28\",\n \"Date_Last_Reviewed\": \"2024-09-01\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1617657,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"70b74377-511a-4f8d-a79f-982fdc6bf85e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-22\",\n \"Date_Last_Reviewed\": \"2024-12-18\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1446990,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"87bfe0d9-9005-4a3f-83af-3855fc1eb582\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-08\",\n \"Date_Last_Reviewed\": \"2023-09-06\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 531968,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7c9af26d-a927-4f1c-8b92-6e0e1f4ec454\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-19\",\n \"Date_Last_Reviewed\": \"2023-07-11\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 427177,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b7a48895-4d6c-4495-a1d9-8de8b5ba65b2\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-17\",\n \"Date_Last_Reviewed\": \"2024-08-30\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1167788,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"10adb5ff-d939-4f42-87b7-c6279bbfd89d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-21\",\n \"Date_Last_Reviewed\": \"2023-07-10\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 794062,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"96a528f9-707c-4170-9d6a-22dc110ac524\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-19\",\n \"Date_Last_Reviewed\": \"2024-01-12\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 421067,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"693e1da4-b2dc-4a16-962a-28243a6e71d9\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-30\",\n \"Date_Last_Reviewed\": \"2025-04-01\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1474503,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7c8c7bdd-b223-4d04-ae57-39fdb12a27f5\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-23\",\n \"Date_Last_Reviewed\": \"2025-02-07\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1278346,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"08d21528-103e-430b-bdb8-0522934127db\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-17\",\n \"Date_Last_Reviewed\": \"2024-08-05\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 701507,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"7fae0574-3fa6-4565-af8d-5798fd90b172\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-07\",\n \"Date_Last_Reviewed\": \"2023-12-11\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1870555,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4f72c7a6-378f-447e-8075-dcb2b96cbba8\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-10\",\n \"Date_Last_Reviewed\": \"2024-10-26\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 289294,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a27c1a04-13bc-4525-b0d4-9a09b49419fd\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-26\",\n \"Date_Last_Reviewed\": \"2024-07-15\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 740509,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"06c22d15-5545-491b-94ae-b566d6b1ba3b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-19\",\n \"Date_Last_Reviewed\": \"2024-02-22\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1033596,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d3cc12a8-0b02-4eda-906c-c0eac3207f87\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-11\",\n \"Date_Last_Reviewed\": \"2023-11-16\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 431836,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"77447a11-d1a2-4e1b-b184-51f4c69c43b2\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-24\",\n \"Date_Last_Reviewed\": \"2023-10-04\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1832787,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"88d7c0cf-8d95-44de-885d-c183a3ab0bdd\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-08\",\n \"Date_Last_Reviewed\": \"2023-10-10\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1757581,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e8197248-3fda-44b9-80be-7073f34e8265\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-14\",\n \"Date_Last_Reviewed\": \"2024-11-19\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 530152,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"20c2b525-cb02-4152-84f3-a085752acd03\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-14\",\n \"Date_Last_Reviewed\": \"2025-02-28\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 755624,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2006fbe5-68d7-49f7-b4e8-adba8db9679a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-17\",\n \"Date_Last_Reviewed\": \"2025-01-10\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1570453,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"33ead505-b64a-4539-87dd-d0a44df121f6\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-05\",\n \"Date_Last_Reviewed\": \"2024-03-08\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1694534,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d405f3f9-4c0b-4082-ac8a-6e9f7fd38448\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-30\",\n \"Date_Last_Reviewed\": \"2024-11-24\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1514317,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"42110714-99f3-4329-b340-d8df1973ec64\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-27\",\n \"Date_Last_Reviewed\": \"2025-01-28\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1370852,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"68ccee0f-2e2b-4ae3-bb35-3e4fba86f4ba\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-06\",\n \"Date_Last_Reviewed\": \"2024-02-28\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1842071,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a5128efb-07e3-44eb-bd7c-07011538afc2\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-16\",\n \"Date_Last_Reviewed\": \"2024-10-01\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 627646,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"aa31f5ed-9535-4052-913c-6bf06e07fa51\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-11\",\n \"Date_Last_Reviewed\": \"2024-07-01\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 590157,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6d646e49-85b4-4098-ae7f-97a93acbc313\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-16\",\n \"Date_Last_Reviewed\": \"2023-08-06\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1614690,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"f6c6971f-2ce6-48c7-85a0-28ca99c519a7\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-11\",\n \"Date_Last_Reviewed\": \"2025-04-14\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 324764,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c9e9d639-07f7-4ed8-abeb-9947e7ea4a24\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-10\",\n \"Date_Last_Reviewed\": \"2023-06-06\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1744849,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"94ff603c-d8dd-4450-a0dc-17cf1946b3ba\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-11\",\n \"Date_Last_Reviewed\": \"2024-02-20\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 545665,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"029c6487-c244-48a0-9286-5173b6bc16fa\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-22\",\n \"Date_Last_Reviewed\": \"2023-05-19\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1419391,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"bd3ab0e7-aa11-4719-9811-51ddf25430b0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-18\",\n \"Date_Last_Reviewed\": \"2024-12-11\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1535548,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"64f31dfc-c520-4caa-a85c-4fc7306108cb\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-22\",\n \"Date_Last_Reviewed\": \"2023-08-31\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1503242,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"3279aeb6-2591-4f46-8f55-df81a404d886\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-14\",\n \"Date_Last_Reviewed\": \"2023-09-06\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1438127,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8d80ef7d-3188-4387-95ea-8e1615d97548\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-08\",\n \"Date_Last_Reviewed\": \"2023-06-24\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 891425,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4cb35e4c-0705-4f1d-9c1f-79c752125224\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-27\",\n \"Date_Last_Reviewed\": \"2024-04-19\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 600729,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e7b1ddcf-8f3b-4cdf-9ccb-a869a3633af3\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-22\",\n \"Date_Last_Reviewed\": \"2024-02-27\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 980566,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"87e7e6f1-604e-422c-8a78-eaeb64869605\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-09\",\n \"Date_Last_Reviewed\": \"2025-02-18\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1522136,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"bebdec63-33eb-4895-ba09-d88e7efa6429\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-15\",\n \"Date_Last_Reviewed\": \"2024-09-06\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1933588,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"d7c6d7d8-aba5-46f6-92c9-16fd7c34db1f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-27\",\n \"Date_Last_Reviewed\": \"2024-01-12\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1259271,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"1ac965c4-3a4f-49ad-91cc-7c05e72320f8\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-05\",\n \"Date_Last_Reviewed\": \"2023-05-29\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1755917,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"72dac43e-1e62-4fb7-9e73-2494820670da\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-19\",\n \"Date_Last_Reviewed\": \"2025-04-02\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 471949,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"05693839-60c5-48ab-9004-8185d9dab117\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-24\",\n \"Date_Last_Reviewed\": \"2024-12-31\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1035030,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"bd2b9757-f70f-4265-9116-96e0f389188a\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-29\",\n \"Date_Last_Reviewed\": \"2023-08-13\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 545889,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a0ef132b-e1f8-473e-a427-7da2f03446cc\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-05\",\n \"Date_Last_Reviewed\": \"2023-08-12\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1942371,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"00de022a-7184-4896-a67e-6f5532a55475\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-19\",\n \"Date_Last_Reviewed\": \"2023-12-29\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1332454,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ed6cb087-9f65-4f67-afc6-e23245544f87\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-28\",\n \"Date_Last_Reviewed\": \"2024-10-01\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 320948,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e73957ef-0051-4ac6-b06a-71483e95ad96\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-18\",\n \"Date_Last_Reviewed\": \"2023-09-09\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 665754,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a6d406f0-cb31-4398-a0f5-623885a19ada\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-25\",\n \"Date_Last_Reviewed\": \"2024-03-31\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1720536,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"838687f8-e526-4ab5-baa2-b577995b28ab\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-10\",\n \"Date_Last_Reviewed\": \"2024-05-07\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 828981,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b88d7155-92bd-418e-a56e-65c878be9c18\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-09\",\n \"Date_Last_Reviewed\": \"2024-06-09\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1136121,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5720f22e-dd3c-4727-bc4c-4996ff98f6ff\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-13\",\n \"Date_Last_Reviewed\": \"2024-03-28\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1759989,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4d404440-f66d-4a8a-82e7-b3e450c5cadd\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-17\",\n \"Date_Last_Reviewed\": \"2023-11-19\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1150243,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"049e00ec-ce78-40c3-879c-52caba61c507\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-21\",\n \"Date_Last_Reviewed\": \"2023-11-25\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1467255,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"36354d75-4cd4-4666-b891-23c487f05e54\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-05\",\n \"Date_Last_Reviewed\": \"2024-03-19\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1299115,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"31316067-a96c-4f83-99cb-e7ca6ca072fd\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-27\",\n \"Date_Last_Reviewed\": \"2023-06-22\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1457372,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e26d7ca4-47ce-4fee-9547-cd1fec9db71c\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-07\",\n \"Date_Last_Reviewed\": \"2024-05-19\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 840337,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6c4dfd0a-5483-4360-a932-cccfd756c497\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-28\",\n \"Date_Last_Reviewed\": \"2024-03-14\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 546533,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"7be3bd36-0d78-4497-a111-81f4a67c90d6\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-25\",\n \"Date_Last_Reviewed\": \"2023-09-19\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 735013,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2723e730-bfe2-4bfb-bcab-c6b71a65c0ff\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-01\",\n \"Date_Last_Reviewed\": \"2025-02-15\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 876477,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9da5eaa8-7617-466e-848e-05780849dfec\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-16\",\n \"Date_Last_Reviewed\": \"2024-07-17\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1477320,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"410611a2-baeb-42b3-a34b-04fb2f1699e4\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-20\",\n \"Date_Last_Reviewed\": \"2023-11-05\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 299495,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7634ab14-4207-4060-8482-a6854a60f335\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-05\",\n \"Date_Last_Reviewed\": \"2024-10-01\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1422550,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3fca1e31-a2c9-4f2a-b49d-d833517461a5\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-31\",\n \"Date_Last_Reviewed\": \"2024-05-26\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 870728,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"474b790a-4237-4dd0-aa64-59334b357ea0\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-18\",\n \"Date_Last_Reviewed\": \"2024-01-04\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1195226,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]"], "What is the current status of the risk?": ["{\n \"Risk_ID\": \"57c155c8-a12a-47cf-a9bc-2f39eb4801c9\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-08\",\n \"Date_Last_Reviewed\": \"2023-06-13\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 112541,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"8c6cf4c8-c41b-4936-898f-2640ec42a01d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-22\",\n \"Date_Last_Reviewed\": \"2023-06-02\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1504456,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"63ed3b84-9a33-4bd3-80d6-4ec94f8b5312\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-10\",\n \"Date_Last_Reviewed\": \"2025-01-05\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 339788,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"8b2d26c0-275b-46f5-a43b-8c54012e0873\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-03\",\n \"Date_Last_Reviewed\": \"2023-06-26\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1486516,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"b9251b0f-33bc-451d-bf88-b4c42a8d96d1\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-11\",\n \"Date_Last_Reviewed\": \"2024-10-23\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 299952,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"12e2b069-6206-4c1a-a0dc-e263ad0e9a0a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-24\",\n \"Date_Last_Reviewed\": \"2023-11-16\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 155470,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"aa0aafff-8580-4b46-b667-66cd71e2202d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-01\",\n \"Date_Last_Reviewed\": \"2025-04-25\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1316764,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"c042276b-19db-4969-b560-f08bf3607ff6\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-08\",\n \"Date_Last_Reviewed\": \"2024-08-30\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1175426,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"6c140802-09b3-48e3-9258-9f5a5e947ab7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-14\",\n \"Date_Last_Reviewed\": \"2023-11-17\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1822290,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"0398268e-92c4-4fc8-bf9d-0d333e6085ea\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-21\",\n \"Date_Last_Reviewed\": \"2025-01-28\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1380406,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"611f7ec8-229d-47ab-b893-e8966004e5d9\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-02\",\n \"Date_Last_Reviewed\": \"2024-09-24\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1986799,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"52ab1d20-25d0-406c-8cc3-9981e48f5ffc\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-25\",\n \"Date_Last_Reviewed\": \"2024-12-02\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 582080,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"5a89ee74-19a6-4b26-8422-2a279ab6f497\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-18\",\n \"Date_Last_Reviewed\": \"2023-05-26\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 151655,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"00d8ee59-39cd-4fb6-b23c-605a92180dd4\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-10\",\n \"Date_Last_Reviewed\": \"2023-11-09\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 290111,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"dbbee998-eaf8-4ffd-a003-b34445b78d6b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-31\",\n \"Date_Last_Reviewed\": \"2024-03-16\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1565582,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"2030a740-a6bd-497a-8f27-343f2115f719\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-06\",\n \"Date_Last_Reviewed\": \"2023-09-22\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 220645,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"4c176f1a-0283-4b16-91de-d20b41456234\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-21\",\n \"Date_Last_Reviewed\": \"2025-03-14\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 153222,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"5ac4d920-551f-4d36-9fcf-a980076c4a9d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-29\",\n \"Date_Last_Reviewed\": \"2023-06-08\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1779981,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"e1a2dd9f-7f2a-4990-b020-dadfb6f89f3b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-31\",\n \"Date_Last_Reviewed\": \"2023-12-09\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 409129,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"eb019d15-4eb9-4c9f-aee8-ec87656cab5c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-21\",\n \"Date_Last_Reviewed\": \"2025-01-25\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 352118,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"5c33a780-0021-496e-bfe6-79dbdff57661\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-05\",\n \"Date_Last_Reviewed\": \"2023-11-08\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 413691,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"51f429cc-8ec3-4706-96c9-3efcbd15f2a8\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-04\",\n \"Date_Last_Reviewed\": \"2024-12-20\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1991594,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"4fd881ba-9b1c-4c14-b27d-5748b9328455\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-10\",\n \"Date_Last_Reviewed\": \"2023-12-13\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1789183,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"33224e42-902f-4365-bbe1-2c4771492607\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-12\",\n \"Date_Last_Reviewed\": \"2025-01-03\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 322994,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"7c28408d-3825-4467-97b0-ec59fd0a93c7\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-20\",\n \"Date_Last_Reviewed\": \"2025-04-26\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1515578,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"d71ddd24-5a15-4743-8c46-0bbadb63e30b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-04\",\n \"Date_Last_Reviewed\": \"2023-07-10\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1021843,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"77004dc0-1c36-4dbe-8e12-5e4bb60c218d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-03\",\n \"Date_Last_Reviewed\": \"2023-07-31\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1853160,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"ff038b6c-1316-4d7f-ac1a-1a946ea69062\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-12\",\n \"Date_Last_Reviewed\": \"2025-05-12\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 884159,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"d0be6a95-a34f-4c62-8e71-842cbbebe32f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-20\",\n \"Date_Last_Reviewed\": \"2023-07-01\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, SOX\",\n \"Loss_Estimate_USD\": 619106,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"9e44c4f7-4db7-4a64-9bff-125b56e89cb2\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-03\",\n \"Date_Last_Reviewed\": \"2023-12-30\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1416944,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"a6c19afa-31e8-4117-9015-c164d929a6d1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-20\",\n \"Date_Last_Reviewed\": \"2025-04-02\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1919215,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"e8114f40-9b0c-45d3-b9cb-cfe1c7477469\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-23\",\n \"Date_Last_Reviewed\": \"2025-01-08\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1449598,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}"], "Summarize data privacy-related risks.": ["[\n {\n \"Risk_ID\": \"3f779f22-8ddf-4267-be6b-c05d63d6ee50\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-23\",\n \"Date_Last_Reviewed\": \"2024-07-20\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 579347,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3f03e8ba-f77a-4997-8a5d-cd745de4bf7f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-31\",\n \"Date_Last_Reviewed\": \"2025-01-05\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1543246,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4b6aa659-f346-41be-8d2d-d00a78048df5\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-03\",\n \"Date_Last_Reviewed\": \"2023-06-14\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1137063,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ef02517d-1f94-49d6-a00b-d903efd76a1f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-03\",\n \"Date_Last_Reviewed\": \"2023-08-09\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1493739,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7a7903ad-8317-49c7-b509-8fd5f6eccc3f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-24\",\n \"Date_Last_Reviewed\": \"2025-01-08\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 148849,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8311a348-e702-49ec-a8f0-f420889a58da\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-23\",\n \"Date_Last_Reviewed\": \"2025-01-28\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 360804,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"290df4c6-db1d-4833-9a99-7aebb60165c4\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-02\",\n \"Date_Last_Reviewed\": \"2025-02-06\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1097393,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"21fc6427-c0a4-4ced-9c84-d284b305cd01\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-09\",\n \"Date_Last_Reviewed\": \"2024-11-26\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 955723,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"58be87a2-ead9-43e2-a2a7-bda94ed270d5\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-10\",\n \"Date_Last_Reviewed\": \"2024-04-23\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1615474,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"edd095d2-76e0-4397-a57b-031cbab06bd7\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-15\",\n \"Date_Last_Reviewed\": \"2024-12-22\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1376782,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"959f7281-9f78-4a70-8e2c-b7e9861f2fde\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-12\",\n \"Date_Last_Reviewed\": \"2025-05-01\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 275754,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8c3701f0-c818-414f-b6a3-6b3589bdc908\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-03\",\n \"Date_Last_Reviewed\": \"2025-05-03\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1737924,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6fefb16d-fde6-434d-a34a-4571fd563dd6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-18\",\n \"Date_Last_Reviewed\": \"2024-05-07\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1073815,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"07598712-75ef-47c1-a4c0-37d21926217d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-13\",\n \"Date_Last_Reviewed\": \"2023-09-26\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1823594,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c63ea954-4064-40fe-a07c-f3fbf0f39e31\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-18\",\n \"Date_Last_Reviewed\": \"2023-06-07\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1267196,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7e6f3e4b-77a8-4668-ab73-998566a2a34d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-03\",\n \"Date_Last_Reviewed\": \"2023-10-10\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1066539,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"24852138-daa7-4c86-b11a-8471c43962bb\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-05\",\n \"Date_Last_Reviewed\": \"2024-04-22\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 498730,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f430f47d-1032-4ca4-93e6-1ee29261ea1a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-30\",\n \"Date_Last_Reviewed\": \"2024-01-23\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1846097,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9923eb0e-9574-4fbf-b62a-bd53570470fc\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-23\",\n \"Date_Last_Reviewed\": \"2024-12-30\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 528923,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0b629366-a341-4ea9-86b5-40e6b5294954\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-14\",\n \"Date_Last_Reviewed\": \"2024-09-13\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 399001,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f1089977-d271-41bf-91a3-ae5d648afa1b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-11\",\n \"Date_Last_Reviewed\": \"2024-05-09\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1260122,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"35d67ff8-fcbf-4363-a0f7-e11af18b4bfb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-05\",\n \"Date_Last_Reviewed\": \"2025-01-26\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1971197,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"77fe87db-8ffc-4d96-b579-12ab27e20c3a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-22\",\n \"Date_Last_Reviewed\": \"2024-12-11\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 640790,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1701236c-27e2-476f-b979-581cf0084fb5\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-11\",\n \"Date_Last_Reviewed\": \"2024-07-19\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 719939,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a47819ab-1aa1-405c-a747-f84560237f64\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-18\",\n \"Date_Last_Reviewed\": \"2024-12-03\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1788011,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2085e454-9647-49ad-9b2a-8dd1d1ea51fc\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-18\",\n \"Date_Last_Reviewed\": \"2024-04-14\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 509310,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1440e1b3-37ff-4a7b-be80-c241dc842338\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-21\",\n \"Date_Last_Reviewed\": \"2024-06-14\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 903263,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"3b08dff3-f52f-46e5-bee0-7f01097c01c2\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-15\",\n \"Date_Last_Reviewed\": \"2023-12-14\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 533414,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2c9d61b0-a116-47a3-882b-9772084dadfa\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-29\",\n \"Date_Last_Reviewed\": \"2023-12-17\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1835190,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"85ab9145-533f-4076-a465-24533bfa65d0\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-18\",\n \"Date_Last_Reviewed\": \"2024-09-06\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 816766,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3ffde2da-d8f7-4399-80e4-265404cc4e01\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-24\",\n \"Date_Last_Reviewed\": \"2024-11-18\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1414008,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d87c2bba-8869-4a62-bfc9-dd84e2c993d8\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-21\",\n \"Date_Last_Reviewed\": \"2025-04-19\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 165404,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7537e22b-3a4d-4597-a8f2-1330b2400eb4\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-13\",\n \"Date_Last_Reviewed\": \"2024-10-21\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1947556,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e821209f-6d6a-467c-aacd-b40836062d3f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-31\",\n \"Date_Last_Reviewed\": \"2024-05-11\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1729607,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"5374a837-57e4-4c4c-abb4-b7ce1b43417d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-07\",\n \"Date_Last_Reviewed\": \"2024-05-28\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1717556,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3f5739c4-8323-4759-8c81-d64021ba76c4\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-04\",\n \"Date_Last_Reviewed\": \"2025-03-25\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 563440,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"11d59006-5f4d-44f5-a1dd-47a40c86eeaf\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-23\",\n \"Date_Last_Reviewed\": \"2023-06-30\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1061285,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"03383cba-9b01-471f-a0a9-e822da31a609\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-05-13\",\n \"Date_Last_Reviewed\": \"2023-09-27\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 940830,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ee1482aa-3c5c-4cf4-aea1-9c0d07e62070\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-21\",\n \"Date_Last_Reviewed\": \"2024-07-06\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 598993,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"38891bbd-80a3-443d-8452-39ef98b9f0ec\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-05-05\",\n \"Date_Last_Reviewed\": \"2025-01-01\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 517928,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0cd4c359-b831-49e5-9f11-ee83d5e1540e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-28\",\n \"Date_Last_Reviewed\": \"2025-02-16\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1935660,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5913fb5b-1634-4f04-9af1-54cbbfe1e45e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-12\",\n \"Date_Last_Reviewed\": \"2025-03-15\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 288392,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4daf8ddd-c519-4186-b1f2-d9f18462b51d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-04\",\n \"Date_Last_Reviewed\": \"2025-01-09\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 731490,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"54fc8f06-8741-4b9c-8ffb-ee75f68221f1\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-18\",\n \"Date_Last_Reviewed\": \"2024-04-09\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 847115,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c24ea2bb-d4d2-4734-be26-bca9ff620368\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-13\",\n \"Date_Last_Reviewed\": \"2023-06-26\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1330594,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"fc70218c-973b-4002-b26c-ae68de8f7387\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-16\",\n \"Date_Last_Reviewed\": \"2024-10-08\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 650162,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"230b78e9-0ee3-4aa3-b872-89497ea64a5c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-08\",\n \"Date_Last_Reviewed\": \"2024-06-13\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 346751,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d0a73825-326d-423b-9fe4-b858c845f72f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-07\",\n \"Date_Last_Reviewed\": \"2024-04-07\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1516401,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"58d99ab7-5690-4adc-afcc-b3f19185e0ed\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-29\",\n \"Date_Last_Reviewed\": \"2023-06-18\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 577359,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"71045243-fd07-4005-bf02-784a16282f83\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-20\",\n \"Date_Last_Reviewed\": \"2024-02-08\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1050916,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"deae7384-12cb-4bc4-a06c-9e5ee370ea96\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-28\",\n \"Date_Last_Reviewed\": \"2023-06-24\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1742198,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"aa2ccbed-fd91-4d62-a95d-29feff27b9bf\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-13\",\n \"Date_Last_Reviewed\": \"2023-06-11\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1059817,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"67f06a9e-ffec-4727-ac68-68f4900f6fb9\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-10\",\n \"Date_Last_Reviewed\": \"2023-06-17\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 317145,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9addcd27-e581-46a6-8e9a-0119dc5e36bf\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-09\",\n \"Date_Last_Reviewed\": \"2025-03-30\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 520880,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"ce65edd9-1d5d-409b-87bf-3561eaedc120\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-26\",\n \"Date_Last_Reviewed\": \"2024-03-11\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 449009,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"23cd64bf-648e-4e6c-85fb-d5a1225c3ca4\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-21\",\n \"Date_Last_Reviewed\": \"2024-04-08\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 687717,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d9a2d11a-e661-4054-8db2-73cf0f5b7524\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-03\",\n \"Date_Last_Reviewed\": \"2025-01-17\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1015757,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b33b043a-024b-4d0b-a58f-62f58bed4964\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-19\",\n \"Date_Last_Reviewed\": \"2024-04-18\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 390689,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"36c7edb3-bb44-4900-b276-28d456e70a94\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-03\",\n \"Date_Last_Reviewed\": \"2023-11-21\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1457784,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f8a073ec-9e69-4bb9-9967-b273480da343\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-18\",\n \"Date_Last_Reviewed\": \"2025-03-09\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 153210,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"fb10455b-25e8-46f6-9f1c-b3eab85a1b53\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-02\",\n \"Date_Last_Reviewed\": \"2024-12-06\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 907864,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"095393cd-da8e-49b5-9461-dec65f8d6035\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-06\",\n \"Date_Last_Reviewed\": \"2023-10-19\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1182224,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8eb6c024-4b77-4ac2-97e6-d5e91abd73ce\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-14\",\n \"Date_Last_Reviewed\": \"2023-12-01\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1755838,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"bfe7500b-3cc0-4d0b-a0aa-b871193c2cc1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-05\",\n \"Date_Last_Reviewed\": \"2024-10-09\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1818903,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8a32c216-5951-48f8-aa71-7c1862c81a79\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-25\",\n \"Date_Last_Reviewed\": \"2024-05-24\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 299414,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6af88363-33d9-4ab6-9da7-246fd322bae7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-22\",\n \"Date_Last_Reviewed\": \"2024-05-18\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 779966,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"818a3835-c02d-491c-ad52-6c3c746c1aa7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-17\",\n \"Date_Last_Reviewed\": \"2024-02-23\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1814544,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8828832d-ae21-4ade-8a55-43b5ccd7f15b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-01\",\n \"Date_Last_Reviewed\": \"2023-10-23\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1229618,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"7e1d2f2e-0ee5-43a5-8001-031a019a366f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-04\",\n \"Date_Last_Reviewed\": \"2023-09-10\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 600555,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"20154d9a-eea1-4887-a270-5a15dab3cba5\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-11\",\n \"Date_Last_Reviewed\": \"2025-05-08\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1062265,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6083c1de-dd02-4213-9779-ae58c7058cdd\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-20\",\n \"Date_Last_Reviewed\": \"2023-11-05\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 237129,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9de88e08-bf2b-45c5-b5c3-4f510ba71567\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-21\",\n \"Date_Last_Reviewed\": \"2024-07-18\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1913175,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8dfffc94-1452-47dc-bc26-50a765cea1e6\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-03\",\n \"Date_Last_Reviewed\": \"2025-04-20\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 349744,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"594ce081-e594-4845-966b-24f07c9383ac\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-07\",\n \"Date_Last_Reviewed\": \"2024-07-04\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 399301,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ce138d4d-088b-4a97-a9ba-9b2067f1277a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-24\",\n \"Date_Last_Reviewed\": \"2025-04-11\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 906242,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"068b8c4e-bdd6-4722-a014-c48a24f55917\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-16\",\n \"Date_Last_Reviewed\": \"2024-04-11\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1255940,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a1685765-ec43-4e08-8f36-cdb979c61c8b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-25\",\n \"Date_Last_Reviewed\": \"2024-09-04\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1248361,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7112e700-7914-4c52-b4fa-a4da43d1664a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-23\",\n \"Date_Last_Reviewed\": \"2023-10-03\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1040230,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5561974e-af7d-47c4-8d20-2c5d71abcb79\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-16\",\n \"Date_Last_Reviewed\": \"2025-05-09\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 859047,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"991fdbc4-b631-4971-b897-0af407b3b6b7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-17\",\n \"Date_Last_Reviewed\": \"2025-03-31\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1030714,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d4dd3aca-1315-4724-a3c6-41349e5a9708\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-17\",\n \"Date_Last_Reviewed\": \"2025-04-21\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1474144,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"db34cb61-0aec-496a-86f7-53995e1a4cbf\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-06\",\n \"Date_Last_Reviewed\": \"2023-11-05\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 520015,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"38cc25de-a358-405e-b61a-43ac1a2f5137\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-04\",\n \"Date_Last_Reviewed\": \"2024-11-30\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 975214,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5c0189a9-803e-4072-b66b-381e370b97cc\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-05-01\",\n \"Date_Last_Reviewed\": \"2024-06-29\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 757183,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c1879a84-be23-4257-afc5-797b166496e4\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-22\",\n \"Date_Last_Reviewed\": \"2023-10-10\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1096995,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"807077ef-264c-42e6-b3e9-6b42c018167e\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-17\",\n \"Date_Last_Reviewed\": \"2024-02-08\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1192314,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"be702953-42de-4ba0-a74b-f1c0ff1e247d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-27\",\n \"Date_Last_Reviewed\": \"2024-05-15\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1955903,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"fa925ec8-6b56-45ed-a0d8-dddb67880944\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-01\",\n \"Date_Last_Reviewed\": \"2024-08-05\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1575517,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c95c3589-b038-4e53-aed1-204d38daa0ef\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-27\",\n \"Date_Last_Reviewed\": \"2024-01-13\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 271916,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c55fe45c-cc53-49ca-b839-fcbc24810f56\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-28\",\n \"Date_Last_Reviewed\": \"2024-11-28\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1646429,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7a4b2b49-970b-45d5-94c1-9e38d11417dd\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-27\",\n \"Date_Last_Reviewed\": \"2024-11-08\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1874926,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b83d69ac-4c85-4390-a79d-04c413b4b969\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-07\",\n \"Date_Last_Reviewed\": \"2023-07-19\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1518384,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"221572b6-fa08-4b74-a0fb-9ec17787561c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-07\",\n \"Date_Last_Reviewed\": \"2024-08-12\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 493139,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"94adb3ba-a6de-48c3-8758-9b335e9b4d6b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-02\",\n \"Date_Last_Reviewed\": \"2024-02-10\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 805960,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d3d86481-f2ad-4531-80f7-52f5d7e53236\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-15\",\n \"Date_Last_Reviewed\": \"2023-07-26\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1820634,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"154f8252-7073-4fe3-a7ab-e704ecd1684b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-16\",\n \"Date_Last_Reviewed\": \"2024-08-02\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 308985,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e8f98f1d-84f6-455b-8672-bc3fcf5aecda\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-03\",\n \"Date_Last_Reviewed\": \"2023-09-02\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 129612,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e29999e1-bba5-4b5e-9090-66eccaba08b3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-02\",\n \"Date_Last_Reviewed\": \"2023-06-23\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 794827,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"2d6ea34c-f9f0-40a6-91dd-7783dd7f1f2c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-28\",\n \"Date_Last_Reviewed\": \"2024-09-09\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1560966,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1bf2e605-179c-4095-befd-33de4c33dba7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-07\",\n \"Date_Last_Reviewed\": \"2024-09-08\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1351668,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"64a110ff-ab38-42dc-af08-355b697f4109\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-26\",\n \"Date_Last_Reviewed\": \"2023-10-31\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1442805,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f53574b8-56bb-4fd1-a7db-f44f55339451\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-14\",\n \"Date_Last_Reviewed\": \"2023-05-29\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1875235,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0d74ab59-3178-42cf-83a2-7b7d19867fc8\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-05\",\n \"Date_Last_Reviewed\": \"2024-06-05\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 543823,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"4426cc36-ee5d-46fe-af9e-8998a333fb63\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-26\",\n \"Date_Last_Reviewed\": \"2024-07-08\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1373316,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"fa7b93d4-c184-4913-a11d-657af213fb4c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-11\",\n \"Date_Last_Reviewed\": \"2024-04-15\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1960990,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"dc28344e-c409-438a-b245-017413134524\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-25\",\n \"Date_Last_Reviewed\": \"2023-07-31\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1577202,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8db69642-2eb4-4563-8d3c-ada2ec244bbc\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-23\",\n \"Date_Last_Reviewed\": \"2024-09-25\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 975818,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3ec3eaa8-901f-4469-bb0f-c8c58ebf80cc\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-27\",\n \"Date_Last_Reviewed\": \"2024-12-19\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1275626,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1fcdfe08-d1f7-4584-8c41-ecf57effb4cd\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-13\",\n \"Date_Last_Reviewed\": \"2025-03-13\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1440905,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"00e4fd91-f33d-4da9-9c29-9d1e72ef4394\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-15\",\n \"Date_Last_Reviewed\": \"2025-02-19\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1471317,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"9d7685bf-fd80-4276-bcae-327a7a9a8550\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-29\",\n \"Date_Last_Reviewed\": \"2025-05-05\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1976923,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"5ec0d6ca-7a48-41ef-9382-0e408b1cc928\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-25\",\n \"Date_Last_Reviewed\": \"2023-09-18\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1257072,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ae15e0e0-83eb-4a10-9080-df0fe9944a52\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-11\",\n \"Date_Last_Reviewed\": \"2023-06-26\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1665784,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"8ad220f7-05e2-4c73-bdcd-5eb76775d6ff\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-30\",\n \"Date_Last_Reviewed\": \"2024-02-29\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1501333,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"87345d1b-5c9d-4ca3-8554-1297763e98cc\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-31\",\n \"Date_Last_Reviewed\": \"2023-06-19\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 127577,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"40c2b439-01f1-4dd6-9272-2ba4afc82383\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-06\",\n \"Date_Last_Reviewed\": \"2023-10-28\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 840381,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"904d80ec-ae78-4e36-8202-f64c3bc528a0\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-29\",\n \"Date_Last_Reviewed\": \"2023-09-09\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1079356,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1df0fe29-1656-46fb-a89f-17352e124e43\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-30\",\n \"Date_Last_Reviewed\": \"2023-05-26\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 986426,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"232a9657-3d16-4a8c-9730-80acf5feac32\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-01\",\n \"Date_Last_Reviewed\": \"2023-11-12\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1443577,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b181eaa3-88b8-41cd-85e4-eb9f36ef2b5c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-02\",\n \"Date_Last_Reviewed\": \"2024-04-26\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1706091,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5b427aed-aecd-4fad-bb1d-d67644e341aa\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-07\",\n \"Date_Last_Reviewed\": \"2024-12-17\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1256775,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"ad26ffff-de9f-470f-92bc-484e7f9e7006\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-17\",\n \"Date_Last_Reviewed\": \"2024-03-03\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1621667,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e0971ec6-c0c9-4e5d-9119-3accb3588f0a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-04\",\n \"Date_Last_Reviewed\": \"2024-10-12\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 595779,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0eaee31f-a50f-4338-8153-38d2f881ee41\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-13\",\n \"Date_Last_Reviewed\": \"2023-12-25\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1193235,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d854a9a5-9131-4cb2-b833-3ff214c4f5f2\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-27\",\n \"Date_Last_Reviewed\": \"2024-04-22\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1722691,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"fc52ab2a-2bd7-4f20-b12b-cbcffae464f2\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-08\",\n \"Date_Last_Reviewed\": \"2024-01-26\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 825608,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"cb61ced2-6987-4f53-bb2c-88d5a65c50f1\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-02\",\n \"Date_Last_Reviewed\": \"2024-11-30\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 758224,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"e417cf3f-20b9-49bc-a539-c26a6a17e7e8\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-03\",\n \"Date_Last_Reviewed\": \"2025-01-08\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1403068,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c49d6973-3d7c-4f04-a86d-506f6e76b686\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-05-26\",\n \"Date_Last_Reviewed\": \"2024-12-30\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 636279,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2ad8949b-dca3-4698-a17c-e3b3d56532e2\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-19\",\n \"Date_Last_Reviewed\": \"2025-03-02\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1403193,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e79a78b9-8b84-4f5a-8cfc-4ba8e359de7e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-07\",\n \"Date_Last_Reviewed\": \"2024-12-27\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1460698,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"74d90501-2733-4076-8143-e210c849dd16\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-07\",\n \"Date_Last_Reviewed\": \"2023-12-22\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1153233,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b6e4d980-fe69-4a5d-89ed-3ba7257f0142\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-16\",\n \"Date_Last_Reviewed\": \"2023-09-08\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1643677,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"313dd3b2-6074-462f-a607-d10777ee7928\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-17\",\n \"Date_Last_Reviewed\": \"2024-05-04\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 987265,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"b79bbcc8-7bd6-4980-92a7-7ab2eb6239a7\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-09\",\n \"Date_Last_Reviewed\": \"2024-02-17\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1589487,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a7650d07-f7d2-41a4-bc53-f6e3e6546d6a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-05\",\n \"Date_Last_Reviewed\": \"2024-08-07\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 528750,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4a361161-9894-4cab-88a3-1f9042cd8478\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-21\",\n \"Date_Last_Reviewed\": \"2024-02-10\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1985598,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0b9186e7-fa9d-48d5-a581-65a00d2d1a20\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-26\",\n \"Date_Last_Reviewed\": \"2024-11-26\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1013482,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a74b246a-e346-49fd-b9b0-0651a4f1393a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-12\",\n \"Date_Last_Reviewed\": \"2025-01-20\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1381195,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c48d1be4-a894-4eb3-9618-900d227a3f8f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-19\",\n \"Date_Last_Reviewed\": \"2023-06-28\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 983443,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"38498114-600e-4be4-9edc-733630072b07\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-17\",\n \"Date_Last_Reviewed\": \"2024-08-08\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1744967,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3e91be2f-8350-4876-bdd4-421a924fd317\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-07\",\n \"Date_Last_Reviewed\": \"2024-05-16\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 942466,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"cae09bbc-eb1d-456c-955c-d3ae5dcfd63d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-09\",\n \"Date_Last_Reviewed\": \"2023-07-12\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 967830,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"2ff63db9-19de-4d2a-a4f5-a1d2e8c33baa\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-30\",\n \"Date_Last_Reviewed\": \"2024-05-19\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1626446,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"395cf017-9177-48fd-9ba5-f39025956263\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-08\",\n \"Date_Last_Reviewed\": \"2023-09-25\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1813980,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b7bb9c63-fd8f-4f3b-8164-8774373fb458\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-22\",\n \"Date_Last_Reviewed\": \"2024-10-03\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 436957,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4864db81-0f2d-465b-8f2a-8ea7874ae125\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-22\",\n \"Date_Last_Reviewed\": \"2023-12-24\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 494064,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"145344a1-1b78-44c7-b50a-c19445594413\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-24\",\n \"Date_Last_Reviewed\": \"2024-08-10\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 793527,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"faaedbd2-8150-4b51-b8ca-5c99d8301d66\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-15\",\n \"Date_Last_Reviewed\": \"2025-03-14\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 980608,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a63f9eeb-0ecf-4621-8234-b48fd2fd4c14\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-28\",\n \"Date_Last_Reviewed\": \"2024-03-04\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 298757,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9427f72a-db9f-4dcc-8cdc-b285d7d598be\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-04\",\n \"Date_Last_Reviewed\": \"2023-07-02\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 719689,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"9036f237-ae62-4bce-98bc-14336207a3b3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-20\",\n \"Date_Last_Reviewed\": \"2024-11-21\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1105488,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"77a2e9ad-487e-4815-b726-08804132b576\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-27\",\n \"Date_Last_Reviewed\": \"2024-09-21\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1408481,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"155a6761-212a-4726-8550-045a666ea581\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-02\",\n \"Date_Last_Reviewed\": \"2025-01-06\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1059522,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"30639b8e-113e-44ca-81e5-731f05f7efc0\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-18\",\n \"Date_Last_Reviewed\": \"2023-06-23\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 924766,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a3c0fce4-bb48-4044-9177-820be5ec888c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-30\",\n \"Date_Last_Reviewed\": \"2024-03-05\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1807511,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9802b99e-49fa-4735-9f90-9918c15138b3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-11\",\n \"Date_Last_Reviewed\": \"2024-06-13\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1919297,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0487676f-6afe-401f-8ba2-c23448378e08\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-09\",\n \"Date_Last_Reviewed\": \"2024-04-08\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1725794,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"16366ab4-4b74-454d-be6e-e1e59a253f6f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-14\",\n \"Date_Last_Reviewed\": \"2025-01-28\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 696948,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e203fd91-7456-41a2-bc13-c7c3a74a7cc5\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-09\",\n \"Date_Last_Reviewed\": \"2023-05-25\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 328467,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"88b76995-edda-4ccd-8637-5ea7c15886dc\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-16\",\n \"Date_Last_Reviewed\": \"2024-10-30\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 120917,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"63d3e1c6-715f-4381-adb6-1cfc37d7b090\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-23\",\n \"Date_Last_Reviewed\": \"2023-10-22\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 488220,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4c2173f4-e46a-490a-bbb2-fa8ea0fc0658\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-03\",\n \"Date_Last_Reviewed\": \"2024-04-13\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1042098,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"a58a2af4-feed-4c16-b175-de0da54c9209\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-31\",\n \"Date_Last_Reviewed\": \"2023-05-30\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 127094,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"df5dc5d9-6460-4fda-a1e5-5f2d5e246461\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-19\",\n \"Date_Last_Reviewed\": \"2024-05-29\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1426604,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"463c60d2-b089-4141-a654-a57bb01e02ce\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-26\",\n \"Date_Last_Reviewed\": \"2023-08-16\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1111101,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"fd3d2668-3082-4888-bc9a-6e5f4577093c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-29\",\n \"Date_Last_Reviewed\": \"2024-12-18\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1254356,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a51e9706-0a8b-4c01-8ef7-f88c6d17e7a6\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-08\",\n \"Date_Last_Reviewed\": \"2023-06-04\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 253908,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d0a78e20-f875-4687-b3e8-4c832043fd55\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-18\",\n \"Date_Last_Reviewed\": \"2024-01-29\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 704401,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b9735175-ed92-465b-af46-e4319d326cf8\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-27\",\n \"Date_Last_Reviewed\": \"2023-06-14\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 168145,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"80a83f3d-f796-4bec-b33e-84fb37741fd2\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-22\",\n \"Date_Last_Reviewed\": \"2024-03-05\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 498596,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"28853407-9650-45fa-b91e-e2cf4bc8788e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-09\",\n \"Date_Last_Reviewed\": \"2024-04-13\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1552275,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a59adee6-6a2d-4451-afb4-7f39468b216f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-01\",\n \"Date_Last_Reviewed\": \"2024-10-15\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1314889,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"6d736d7e-4030-4658-9f07-82350b02e049\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-18\",\n \"Date_Last_Reviewed\": \"2024-01-09\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 502012,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"2af0d02a-8788-494a-9ed7-c414648a2341\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-01\",\n \"Date_Last_Reviewed\": \"2024-10-15\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 328407,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a2895cce-c6c0-4bc4-b88b-0ff4ccb5c291\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-09\",\n \"Date_Last_Reviewed\": \"2023-07-25\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1365672,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8f7ed87f-a5f7-46a0-bf70-685db60017fc\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-16\",\n \"Date_Last_Reviewed\": \"2025-05-03\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1624820,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"3154d48c-ceaf-454a-8102-a1cd7e405f68\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-04\",\n \"Date_Last_Reviewed\": \"2023-07-04\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1492060,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"391c14cb-4591-44f4-a0fc-295df011b491\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-13\",\n \"Date_Last_Reviewed\": \"2023-10-16\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1557004,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"179e7756-aade-4d97-917e-ffc4c31f7502\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-01-02\",\n \"Date_Last_Reviewed\": \"2024-05-13\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 441314,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ec18a264-d153-4373-9c82-f0f8d85b72e9\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-15\",\n \"Date_Last_Reviewed\": \"2025-01-03\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1806144,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1e9f3c34-a803-4b75-bf62-4bd7ec21a3cc\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-25\",\n \"Date_Last_Reviewed\": \"2024-10-11\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1401188,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1f3e5112-4b72-4ed0-ad94-d39624862604\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-16\",\n \"Date_Last_Reviewed\": \"2024-04-08\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1292725,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"92482ccf-7502-4d4f-80c2-9871fb02637a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-04\",\n \"Date_Last_Reviewed\": \"2023-09-17\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1759816,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c5e3113a-2ab1-400d-8790-7426298d3531\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-09\",\n \"Date_Last_Reviewed\": \"2023-12-27\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 857148,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"365e4bd5-0401-4cbe-b592-33e14884f786\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-16\",\n \"Date_Last_Reviewed\": \"2023-08-08\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1702505,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"1c1ebf92-859e-4663-b411-5087f83e5fbb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-07\",\n \"Date_Last_Reviewed\": \"2023-07-29\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 727832,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ed9d202c-8896-4d90-8cdc-4319f0a487ad\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-17\",\n \"Date_Last_Reviewed\": \"2024-12-18\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 285867,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"83535a5a-ad59-4270-aa55-f52894cba25f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-08\",\n \"Date_Last_Reviewed\": \"2024-02-25\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1656463,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"aeedcbc0-d0f6-492e-9514-d9f85467459c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-06\",\n \"Date_Last_Reviewed\": \"2024-08-20\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 277959,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"325facaa-be2e-4061-9822-66f7968066e2\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-30\",\n \"Date_Last_Reviewed\": \"2024-04-30\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1773605,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9078dc63-c23f-4122-af25-1315a596f901\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-05-23\",\n \"Date_Last_Reviewed\": \"2023-06-01\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 175362,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"cce667c7-6b7e-4e01-a1b9-379ea2ea8200\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-06\",\n \"Date_Last_Reviewed\": \"2024-05-02\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 956517,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"020bd0b3-0ea9-4036-8eff-71effd26c4fc\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-29\",\n \"Date_Last_Reviewed\": \"2024-01-21\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 920754,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"686b7dc6-ad42-47f4-bab9-370720f0c0ce\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-04\",\n \"Date_Last_Reviewed\": \"2025-01-29\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1190292,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"3dcc39c3-9726-48a0-8fcd-c003ca86a15a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-10\",\n \"Date_Last_Reviewed\": \"2023-09-23\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 679014,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"30544586-726d-4ab7-a5d6-95ed3683f4a1\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-02\",\n \"Date_Last_Reviewed\": \"2025-02-08\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1316037,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"408e9830-c825-4228-aca3-f53d02ed7e6c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-25\",\n \"Date_Last_Reviewed\": \"2025-01-29\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 631396,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"369a3776-50e1-47af-97d8-44f1c2a5dbb7\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-30\",\n \"Date_Last_Reviewed\": \"2025-01-08\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 500162,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c5acc7be-7cc4-4ad8-bd39-93da0c8c416b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-04\",\n \"Date_Last_Reviewed\": \"2025-03-16\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 343656,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"888be60b-13b2-4a4c-a4ea-05367f964085\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-11\",\n \"Date_Last_Reviewed\": \"2024-10-10\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1900620,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a554dc28-f41c-46ce-b439-a08c63c665aa\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-28\",\n \"Date_Last_Reviewed\": \"2024-01-11\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 621753,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d503b6e7-15c5-4b3d-af66-4804417b8f1a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-12\",\n \"Date_Last_Reviewed\": \"2025-03-08\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1799186,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0f5be5fe-d080-4165-9645-7b05b23424ac\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-24\",\n \"Date_Last_Reviewed\": \"2024-01-22\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 778212,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2db022f9-acba-4132-ae25-cab13d7f04bd\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-10\",\n \"Date_Last_Reviewed\": \"2025-02-17\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1093056,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d5433bc9-5b2d-4098-b218-c161bfaad7fb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-08\",\n \"Date_Last_Reviewed\": \"2024-03-02\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 176725,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"391bf93e-979c-4de0-841e-2ba0899b065c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-06\",\n \"Date_Last_Reviewed\": \"2024-09-06\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 668256,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b124383a-6a30-4c2b-96b2-2748001d19dd\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-31\",\n \"Date_Last_Reviewed\": \"2025-04-18\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1787624,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"cd68f631-aa0f-40e5-890b-ccd07ffb5845\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-14\",\n \"Date_Last_Reviewed\": \"2024-04-09\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 347632,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c362daf1-0796-43cc-83ac-8323dc0d1a05\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-14\",\n \"Date_Last_Reviewed\": \"2023-06-17\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1933144,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"05f47f04-ebed-4a98-a097-643adc40d4c0\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-19\",\n \"Date_Last_Reviewed\": \"2025-02-23\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 601538,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"472b5323-dce3-4be7-8304-ac61e581f83f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-05\",\n \"Date_Last_Reviewed\": \"2024-01-24\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1255078,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"837b4384-61d2-4c2b-abca-b5936283c053\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-08\",\n \"Date_Last_Reviewed\": \"2024-06-03\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 584427,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"d44fc123-1461-441e-b94c-9656d0a69679\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-07\",\n \"Date_Last_Reviewed\": \"2023-05-26\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1979017,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"471783ae-02da-45c8-91ec-b72da410a156\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-18\",\n \"Date_Last_Reviewed\": \"2025-03-09\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 461398,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6274d34a-db2c-4fcf-8e22-eba40201a70f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-22\",\n \"Date_Last_Reviewed\": \"2024-12-31\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 601973,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3357f271-faf8-4aee-84cb-180969ef3e3d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-01\",\n \"Date_Last_Reviewed\": \"2025-04-17\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1206237,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0823e8b8-6e03-4854-9788-28fcb28e52c4\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-01\",\n \"Date_Last_Reviewed\": \"2024-10-24\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1332955,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"34815d5d-51d4-4e9c-a9b6-c172ebbf93a2\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-21\",\n \"Date_Last_Reviewed\": \"2025-03-06\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 506816,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"758853fc-e354-4d13-9380-8f0485b1b586\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-08\",\n \"Date_Last_Reviewed\": \"2024-03-24\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, SOX\",\n \"Loss_Estimate_USD\": 978042,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1b85676d-d29a-487c-9477-c16a455e19bc\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-12\",\n \"Date_Last_Reviewed\": \"2024-09-10\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 295324,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"5d152514-e7b3-4eb3-acd4-0e944d03f3cb\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-13\",\n \"Date_Last_Reviewed\": \"2023-07-17\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1470554,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"5b7c805e-eb71-4e28-a852-455a3791f275\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-04\",\n \"Date_Last_Reviewed\": \"2024-05-15\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 403327,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"08075204-7ad2-4661-9b91-2e3f7fcd69de\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-20\",\n \"Date_Last_Reviewed\": \"2023-10-14\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1781739,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"726ee7ad-b58e-4b7e-a91b-0c2ef079a3cf\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-13\",\n \"Date_Last_Reviewed\": \"2024-08-31\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1102823,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"22587a3d-df8c-48bd-a2b7-c86d2ad8cd6e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-13\",\n \"Date_Last_Reviewed\": \"2025-03-26\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 626914,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"071d44c4-4ba6-43b5-adec-0b87455a0acc\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-15\",\n \"Date_Last_Reviewed\": \"2024-02-11\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 410228,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c3420b78-3b57-47f9-b888-b7bf90d714f1\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-30\",\n \"Date_Last_Reviewed\": \"2024-09-05\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1622485,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3032afca-eadd-4169-bf3c-b59b77a628f2\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-22\",\n \"Date_Last_Reviewed\": \"2023-09-11\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1431086,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a14615e7-103c-4270-9dd0-ff3145ccbc2c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-08\",\n \"Date_Last_Reviewed\": \"2024-07-15\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1022810,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b092431e-5cba-4add-92d6-75c30065205d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-18\",\n \"Date_Last_Reviewed\": \"2023-08-02\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1759400,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"fa8dbab4-494d-46ec-a380-57eab99db3b6\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-29\",\n \"Date_Last_Reviewed\": \"2024-02-05\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 910165,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"68035145-c7c8-4af1-a6b7-fe6dd469178c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-05\",\n \"Date_Last_Reviewed\": \"2023-09-30\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 925864,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"765b749d-5693-4a08-ad7a-7097ac3c9bbd\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-22\",\n \"Date_Last_Reviewed\": \"2024-03-15\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1374940,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ebf8cdbd-d661-4685-8cc3-e184409b26bb\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-06\",\n \"Date_Last_Reviewed\": \"2023-05-17\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 919292,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9a3d6e6a-c520-4a15-a2ef-8398eb974839\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-08\",\n \"Date_Last_Reviewed\": \"2025-01-17\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1276854,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8e835bff-e6a0-4733-8b0f-962e277fefbc\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-01\",\n \"Date_Last_Reviewed\": \"2024-08-29\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 410243,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"73d22cc8-15f4-4b6b-865d-61d65fabcede\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-22\",\n \"Date_Last_Reviewed\": \"2024-01-25\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1188276,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d0e71b22-7a83-468e-bd9b-49aba445912c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-27\",\n \"Date_Last_Reviewed\": \"2025-04-21\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 873400,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d7292cae-cb0f-463b-812e-1a456ac7a641\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-25\",\n \"Date_Last_Reviewed\": \"2024-02-21\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 979455,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4b211526-0044-4525-897c-f5d2d69fb193\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-14\",\n \"Date_Last_Reviewed\": \"2024-09-15\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1869953,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"aed5f2ea-0471-45d4-b3bf-5a5b380014bb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-02\",\n \"Date_Last_Reviewed\": \"2023-09-17\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1593647,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]"], "List the top 5 risks with the highest estimated financial loss.": ["[\n {\n \"Risk_ID\": \"53320d64-0949-4f04-8703-4231d69a2e94\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-14\",\n \"Date_Last_Reviewed\": \"2024-07-15\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 356068,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ed4204db-2077-431a-899a-3a2a1999888f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-29\",\n \"Date_Last_Reviewed\": \"2024-08-17\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1876243,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"fb41094d-c713-41a3-b77e-32e473c7296d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-02\",\n \"Date_Last_Reviewed\": \"2024-12-20\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1853766,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1ba88bb3-8287-4632-acbb-b9efe0a99939\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-31\",\n \"Date_Last_Reviewed\": \"2024-11-27\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 168532,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"49da0c29-38d5-4dc5-b8f7-8ca98e988875\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-01\",\n \"Date_Last_Reviewed\": \"2023-12-10\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1440978,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"996b2ce6-603a-4f7d-84b9-9dab5b3792f1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-13\",\n \"Date_Last_Reviewed\": \"2024-04-04\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 450320,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"fc2d747b-9ad0-4e66-9ffc-a5901e1186fd\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-14\",\n \"Date_Last_Reviewed\": \"2024-02-19\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1914850,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"05e1072c-1bd9-44a0-a189-06134af65984\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-31\",\n \"Date_Last_Reviewed\": \"2024-02-15\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 539822,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3f871dca-e177-4bd9-b558-92db9f721a3f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-01\",\n \"Date_Last_Reviewed\": \"2023-07-25\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 230556,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"cdc32def-7ff9-4fe9-a300-58b89b6b7b8d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-02\",\n \"Date_Last_Reviewed\": \"2025-01-05\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1958924,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"90595ac7-c87a-4243-a575-1051f0f1ffea\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-02\",\n \"Date_Last_Reviewed\": \"2023-09-14\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1621659,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0007b8b5-2058-41af-8d89-1e88ba15122b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-09\",\n \"Date_Last_Reviewed\": \"2023-12-15\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1419778,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"795350e5-fd9c-483b-9afd-fd98496ef3f4\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-21\",\n \"Date_Last_Reviewed\": \"2023-06-27\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 906667,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"484b8a35-2237-4182-9d62-a490131e3669\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-19\",\n \"Date_Last_Reviewed\": \"2024-01-28\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1196493,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c7f013ee-d503-4d35-acf1-c1f4bc54658c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-21\",\n \"Date_Last_Reviewed\": \"2025-01-16\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 715428,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"776ab263-a920-4f84-8ff2-5d9f17ef7d6d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-04\",\n \"Date_Last_Reviewed\": \"2025-04-14\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1395943,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7e6a9617-f96a-4831-b0fb-896d54b4a68c\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-16\",\n \"Date_Last_Reviewed\": \"2024-09-11\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 211610,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c190be7e-479c-4b81-8684-1df7dd8d0a54\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-14\",\n \"Date_Last_Reviewed\": \"2024-06-12\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1671352,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c8f9beb8-2f76-4adc-9480-98a6d185c32d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-31\",\n \"Date_Last_Reviewed\": \"2023-10-26\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1903989,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"208c0119-fe00-41fb-95a1-42905875577a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-29\",\n \"Date_Last_Reviewed\": \"2024-02-08\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1989234,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"46428737-f780-4f1e-a201-44c11a5dda49\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-31\",\n \"Date_Last_Reviewed\": \"2024-01-13\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 615379,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b1574296-251d-4bc6-a480-5dd5dc56261e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-02\",\n \"Date_Last_Reviewed\": \"2024-08-29\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1291689,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b095c24e-4765-4627-927b-c97483018f2f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-20\",\n \"Date_Last_Reviewed\": \"2023-08-01\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 714307,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"2b566677-7eeb-43e8-91d8-cbb42ae036ac\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-26\",\n \"Date_Last_Reviewed\": \"2024-02-03\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1442586,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"01aae974-3757-4e14-8f61-054c749f0979\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-20\",\n \"Date_Last_Reviewed\": \"2023-06-18\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 438452,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"2b630169-1eee-4a26-b330-00aaba6f942a\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-25\",\n \"Date_Last_Reviewed\": \"2024-01-23\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1642053,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"854f956c-7691-49d3-9f1d-f0d83c599cea\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-13\",\n \"Date_Last_Reviewed\": \"2024-01-23\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1974962,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4be9fafd-6b89-4889-b875-b9a15877c98b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-06\",\n \"Date_Last_Reviewed\": \"2024-07-21\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1949142,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"81519204-12fa-4ea8-b04e-a67a070a4359\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-25\",\n \"Date_Last_Reviewed\": \"2025-03-31\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 871803,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0e133d16-f158-48ce-b14d-9f15a4785685\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-03\",\n \"Date_Last_Reviewed\": \"2024-08-25\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1182059,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9006a3c6-722e-4986-adee-05ad56b24d6b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-16\",\n \"Date_Last_Reviewed\": \"2023-08-05\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1565719,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b57cdb45-a6ed-4ebb-993b-867c88a2fead\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-11\",\n \"Date_Last_Reviewed\": \"2025-02-13\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 262458,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"27f752be-3085-4fe2-93c1-c3924022af47\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-14\",\n \"Date_Last_Reviewed\": \"2024-07-24\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1391695,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"53dd063b-dd28-42f4-9af3-124e0effa9ec\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-13\",\n \"Date_Last_Reviewed\": \"2023-06-26\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 273138,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"43d1745f-fb3c-4d4b-93df-9ebd243a8304\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-14\",\n \"Date_Last_Reviewed\": \"2023-06-02\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1484402,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"11b55b9e-4b0c-4fec-be0c-8ceba9ba8dc7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-25\",\n \"Date_Last_Reviewed\": \"2024-08-16\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1553508,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f58eb37b-6d42-44ce-8c7d-a53afc5dfb61\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-05\",\n \"Date_Last_Reviewed\": \"2025-05-13\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 318467,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"cfcb42aa-6a13-42b3-95e8-409f620bcf66\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-27\",\n \"Date_Last_Reviewed\": \"2023-11-26\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 787319,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b2eb0812-dee8-4072-9e24-8858e99ab007\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-24\",\n \"Date_Last_Reviewed\": \"2024-11-02\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1519609,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b7c41720-dae1-4b4d-a77d-69b617e81c90\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-03\",\n \"Date_Last_Reviewed\": \"2023-10-13\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 122125,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"05f4d17e-6a99-4658-a375-c1241280ed95\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-25\",\n \"Date_Last_Reviewed\": \"2023-11-13\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 933977,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3a9194d5-32c8-4b85-905f-541bdb892265\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-14\",\n \"Date_Last_Reviewed\": \"2023-11-07\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 764905,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f56c4137-8444-4f27-80f6-3f5b6aab0df2\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-31\",\n \"Date_Last_Reviewed\": \"2023-08-29\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 733338,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"fd141611-4bb8-43d1-b10e-0774547f2625\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-03\",\n \"Date_Last_Reviewed\": \"2024-10-18\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1388151,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0ea90401-5044-4c58-b90e-a144daf84683\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-21\",\n \"Date_Last_Reviewed\": \"2025-03-03\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1913763,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5338873b-1b2b-47ce-9aa1-351e40f0da21\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-11\",\n \"Date_Last_Reviewed\": \"2023-10-14\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1161975,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f22a304a-ebcd-441a-b9ae-10e5e054ffa4\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-11\",\n \"Date_Last_Reviewed\": \"2023-08-01\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 880409,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6c0ff3c4-4142-4962-bbb7-7ce41c5cc2c4\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-21\",\n \"Date_Last_Reviewed\": \"2023-10-09\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1066449,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"50949822-c600-498c-98bc-0389c7237aa3\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-18\",\n \"Date_Last_Reviewed\": \"2025-04-08\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1077918,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6b364548-61df-4517-b8a0-c065ce072a79\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-22\",\n \"Date_Last_Reviewed\": \"2024-10-28\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 564150,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f5cc0f3d-0160-45a0-a0bc-9cc4a42439a6\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-02\",\n \"Date_Last_Reviewed\": \"2023-12-30\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1334063,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d928fe20-be20-41b1-ac1f-a5846daca069\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-01\",\n \"Date_Last_Reviewed\": \"2025-04-16\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1553013,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b4465c8a-595b-4076-a1da-a6b1f6bd463f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-08\",\n \"Date_Last_Reviewed\": \"2023-10-20\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1642001,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"2e913f3b-9005-4b2c-8a87-271099762483\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-03\",\n \"Date_Last_Reviewed\": \"2024-04-29\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1127441,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"40fba261-54d7-4e35-9f77-5c936b6cbc9d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-05-27\",\n \"Date_Last_Reviewed\": \"2024-02-26\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1348806,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"891e9139-fdb2-4104-8764-065dc30608fc\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-19\",\n \"Date_Last_Reviewed\": \"2024-04-15\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1075690,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"30d8f4eb-5c6a-4c21-8ae7-44e2930de8da\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-23\",\n \"Date_Last_Reviewed\": \"2024-10-28\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1564931,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"673ff85e-1bdd-4983-8ce1-de0fcc3cb852\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-19\",\n \"Date_Last_Reviewed\": \"2025-03-27\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1245799,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ad03d4f8-fd30-485b-833e-038131d861d4\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-20\",\n \"Date_Last_Reviewed\": \"2024-07-24\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 286547,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4580bf8c-5009-4cfd-ba7e-1689b728f2b9\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-17\",\n \"Date_Last_Reviewed\": \"2024-01-15\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 496835,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c94dd04e-dee6-4895-a42e-e919d54aa36d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-15\",\n \"Date_Last_Reviewed\": \"2025-01-31\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 856931,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8e86891f-52ee-4a28-b560-6d412566596b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-11\",\n \"Date_Last_Reviewed\": \"2023-06-24\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 269198,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"849854bb-6508-4dee-8506-c9f8b1e0a694\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-05-30\",\n \"Date_Last_Reviewed\": \"2023-11-19\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1826470,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"06ce5312-64cb-41f8-9bb1-f266af002cd2\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-20\",\n \"Date_Last_Reviewed\": \"2024-05-22\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 990129,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"58d7fcca-a081-48c1-9e7c-c6091f45994d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-22\",\n \"Date_Last_Reviewed\": \"2024-04-21\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 459847,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"759a56ea-e54f-4fe6-95ad-3ceabafe1583\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-13\",\n \"Date_Last_Reviewed\": \"2024-07-11\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1989312,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e5600152-ce7b-40a5-af57-441ff58b7e8e\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-16\",\n \"Date_Last_Reviewed\": \"2024-05-20\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 878153,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5b29d6e9-7244-4505-b6d6-b3b87524fe04\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-28\",\n \"Date_Last_Reviewed\": \"2024-04-14\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1877794,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"9d2a06d0-4f43-4eda-a3d2-828139392718\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-07\",\n \"Date_Last_Reviewed\": \"2024-02-08\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1170862,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"81442eaa-d838-407c-be8b-4612b24ecfe9\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-03\",\n \"Date_Last_Reviewed\": \"2023-10-30\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1967116,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a946ae41-9de5-42aa-b6c0-ddcdd6b3a5bb\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-23\",\n \"Date_Last_Reviewed\": \"2023-07-23\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1735193,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2f45511b-886b-458e-baf4-0a2c3ecf9942\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-13\",\n \"Date_Last_Reviewed\": \"2024-04-14\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 130373,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e9388acc-a730-4358-b971-b9ab8aba4721\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-08\",\n \"Date_Last_Reviewed\": \"2024-01-27\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 152544,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ca333b99-f41e-47a0-be53-dbb2bb178d28\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-24\",\n \"Date_Last_Reviewed\": \"2024-05-31\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 677139,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"dabc6830-abd8-410d-9db4-0ef409d25f89\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-18\",\n \"Date_Last_Reviewed\": \"2024-08-16\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1168368,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4c3b0df0-16f6-47e1-bb2d-97ddf1b32753\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-12\",\n \"Date_Last_Reviewed\": \"2023-10-28\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1204217,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6d68bba4-9bce-43cd-984b-6f450da8e953\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-23\",\n \"Date_Last_Reviewed\": \"2024-12-14\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 460666,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2809685c-bbf2-4533-b851-e4ed4becf48c\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-17\",\n \"Date_Last_Reviewed\": \"2024-07-26\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1812155,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6f6df772-e046-4661-b153-a24107838ba1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-23\",\n \"Date_Last_Reviewed\": \"2023-06-25\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 383083,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b99a697e-34c2-4d09-ab01-0f0f2c130441\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-28\",\n \"Date_Last_Reviewed\": \"2024-09-21\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1135915,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"fb9649fa-6c21-483f-9541-42fda81ddb91\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-17\",\n \"Date_Last_Reviewed\": \"2025-03-17\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 358819,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d0246684-499c-4c88-93bf-f571a495a10f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-20\",\n \"Date_Last_Reviewed\": \"2024-05-25\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 604929,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a92244f4-2671-4d5e-910a-b664a5f4971d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-25\",\n \"Date_Last_Reviewed\": \"2023-10-09\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1428609,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c8530fb3-467d-4889-8da4-09a7c80c9d7f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-25\",\n \"Date_Last_Reviewed\": \"2024-12-15\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 302238,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"528409bf-3f75-4fc3-8dc1-8b04672b7d1e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-12\",\n \"Date_Last_Reviewed\": \"2025-03-17\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 589065,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"766a00d5-e53b-485c-a4b7-664299c3a504\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-26\",\n \"Date_Last_Reviewed\": \"2025-01-13\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 736968,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"23b86af6-2ac5-4fc2-95ef-0f0d469017a0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-08\",\n \"Date_Last_Reviewed\": \"2024-11-01\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1458962,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"493da4ce-0e51-49bb-92a5-346d5b3ca15c\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-03\",\n \"Date_Last_Reviewed\": \"2023-06-27\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1793580,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4dd96a9f-5693-4157-b270-6adf5d88d265\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-05\",\n \"Date_Last_Reviewed\": \"2025-02-10\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1211046,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a245482e-973d-49ce-b9a0-8e7aa4f6d2cb\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-03\",\n \"Date_Last_Reviewed\": \"2024-11-16\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 859001,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1be08e54-8a94-47d4-a3b5-f68e606ddbae\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-01\",\n \"Date_Last_Reviewed\": \"2024-09-28\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1926052,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"64d3320c-9b3e-480f-800d-4e85fb36a7e0\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-29\",\n \"Date_Last_Reviewed\": \"2023-09-19\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1100692,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ca6b6ab0-3261-4d13-bc81-f95f648cb2e4\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-13\",\n \"Date_Last_Reviewed\": \"2024-05-16\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 506248,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8f43a176-cd4a-42fc-8cad-9524edce0d0a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-11\",\n \"Date_Last_Reviewed\": \"2024-04-03\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 138255,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8a538754-a2f5-455f-86af-280e3396f5d5\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-21\",\n \"Date_Last_Reviewed\": \"2023-06-11\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 823168,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c7aeb211-0a23-4760-90e1-83e0653fffb8\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-09\",\n \"Date_Last_Reviewed\": \"2023-08-23\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 668266,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e924cd1e-e00d-4903-8ba4-e5973afe5e45\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-05\",\n \"Date_Last_Reviewed\": \"2023-12-07\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1838654,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c096e150-5bfd-4f16-b937-8b3a76edc91b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-10\",\n \"Date_Last_Reviewed\": \"2024-09-20\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1638974,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1fbe5f79-39fb-4b47-9d3e-e761d0444021\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-20\",\n \"Date_Last_Reviewed\": \"2025-02-18\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1868173,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"7e62c137-87af-4c9a-a989-1c71a6ff118f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-30\",\n \"Date_Last_Reviewed\": \"2025-03-23\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1780379,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a53facb6-719c-458b-9413-932cc8a4f407\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-15\",\n \"Date_Last_Reviewed\": \"2025-04-24\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1525460,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"13ae5ef2-8f33-4457-9549-5ab0165ac60c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-24\",\n \"Date_Last_Reviewed\": \"2023-11-07\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 180682,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"043a230f-33fc-4452-990a-a4c80aabadf0\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-10\",\n \"Date_Last_Reviewed\": \"2024-03-14\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 868291,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"96581dd6-27b7-4863-b440-83389c6b2ae5\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-04\",\n \"Date_Last_Reviewed\": \"2024-08-26\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1629472,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"71b8d6b5-2e0c-4f68-a733-1186be030c7d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-11\",\n \"Date_Last_Reviewed\": \"2024-05-19\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1822598,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2471f65b-dcd9-4fc4-8b78-3d580a727be5\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-27\",\n \"Date_Last_Reviewed\": \"2024-01-16\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1891309,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"26ece3cf-028a-4d0a-9684-6bde00f1ca2d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-02\",\n \"Date_Last_Reviewed\": \"2023-07-18\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 234484,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c6f13358-c2b8-4e78-942e-5ce239f0f36e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-03\",\n \"Date_Last_Reviewed\": \"2023-11-10\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1889373,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ee77a16b-94a7-4528-adbd-f7c37e111c2f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-11\",\n \"Date_Last_Reviewed\": \"2023-07-12\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 193400,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6b20120e-a8f4-4aab-833f-026fe301e6fe\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-26\",\n \"Date_Last_Reviewed\": \"2024-08-11\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 390572,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"eb68992e-a679-4e56-a27a-e92a0ff688e9\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-10\",\n \"Date_Last_Reviewed\": \"2023-10-21\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 413456,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"78f7604d-4751-41e1-952e-5dfa114b5860\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-06\",\n \"Date_Last_Reviewed\": \"2025-04-24\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1598811,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"e2e11022-8fda-4235-a234-a64d7ea7f415\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-24\",\n \"Date_Last_Reviewed\": \"2023-10-17\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1502580,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"90da8ead-4a09-4fcd-b25a-0ed38a7d48c6\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-01\",\n \"Date_Last_Reviewed\": \"2023-10-16\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1421753,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7d9a75a2-9f25-47f0-b65c-7e61575b6ba6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-03\",\n \"Date_Last_Reviewed\": \"2024-08-04\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1307206,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"efe95142-91cf-4dce-a823-5b411a202df0\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-18\",\n \"Date_Last_Reviewed\": \"2024-09-10\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 751317,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"feacc676-3a2a-4ffb-b33f-59828cf0053e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-15\",\n \"Date_Last_Reviewed\": \"2023-07-02\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1619770,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"da1f8e20-426b-4948-b5d4-3121c754274c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-11\",\n \"Date_Last_Reviewed\": \"2025-04-21\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 809882,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b99ac227-1cb8-412a-8e42-3a7ef30725d6\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-16\",\n \"Date_Last_Reviewed\": \"2024-12-25\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 378841,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ce383cd8-6119-469d-acbe-62931da6ac01\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-07\",\n \"Date_Last_Reviewed\": \"2023-09-09\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1958574,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3f1df994-316a-47b0-b7df-88b6d22fa529\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-18\",\n \"Date_Last_Reviewed\": \"2024-06-29\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1879117,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"37a94c1b-e4f8-44c2-93c0-9a13b1dc16d2\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-08\",\n \"Date_Last_Reviewed\": \"2024-01-11\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1322856,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d5726a4a-8742-49f4-a355-62553233528b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-29\",\n \"Date_Last_Reviewed\": \"2023-06-04\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 568227,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"20220560-f475-4566-9a48-98689779a8f5\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-22\",\n \"Date_Last_Reviewed\": \"2025-01-15\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 996232,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"14eb32a6-8746-46cb-a7af-a9af67dc704a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-22\",\n \"Date_Last_Reviewed\": \"2024-11-21\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 694577,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"237fead3-9cc0-486e-9e48-3abdf2457110\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-24\",\n \"Date_Last_Reviewed\": \"2023-06-26\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 385021,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a1fa1042-aa86-4e07-b349-84903ece7332\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-12\",\n \"Date_Last_Reviewed\": \"2025-02-01\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1372539,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9bc146a9-1a62-40ab-971f-f1266d383bb3\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-27\",\n \"Date_Last_Reviewed\": \"2024-10-20\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1340940,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"6a474045-623b-46de-ae08-29aaedccf680\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-16\",\n \"Date_Last_Reviewed\": \"2023-09-14\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1538647,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"61f44e69-6094-4ef2-a584-ee0bcdeb67d8\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-25\",\n \"Date_Last_Reviewed\": \"2024-03-26\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 800069,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"fd400239-4507-45dd-8f92-48a47d3aca18\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-24\",\n \"Date_Last_Reviewed\": \"2024-04-26\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1653251,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"736152d4-02bf-44e9-b16f-097f72ca79ca\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-23\",\n \"Date_Last_Reviewed\": \"2025-03-26\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1932531,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6ff1f337-ce4c-467e-b82b-a231a3f656ea\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-12\",\n \"Date_Last_Reviewed\": \"2023-06-20\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 483232,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f0ce1413-16a9-48d2-949f-785beec4be5a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-14\",\n \"Date_Last_Reviewed\": \"2023-08-24\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1106602,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"76d4eaa4-de0b-43d4-a7e2-a1618ded0502\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-30\",\n \"Date_Last_Reviewed\": \"2023-11-14\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1379564,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6ad403ce-e4fe-4666-83fe-e94aa6f7ba66\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-24\",\n \"Date_Last_Reviewed\": \"2024-03-10\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1663142,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b44300a2-05cd-44da-bb7e-2d892b3e49ea\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-09\",\n \"Date_Last_Reviewed\": \"2023-11-03\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 580560,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"52d3052e-09ed-4871-b6c1-b99f85297727\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-24\",\n \"Date_Last_Reviewed\": \"2024-09-03\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1550373,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8c9be95b-b69b-4c46-84b4-09d09b4afb44\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-26\",\n \"Date_Last_Reviewed\": \"2024-10-06\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 690093,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"53f4a730-251b-4914-9c54-43006808b083\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-16\",\n \"Date_Last_Reviewed\": \"2024-04-01\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1903184,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"98765625-3b46-487d-aed8-e3a4b1994440\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-20\",\n \"Date_Last_Reviewed\": \"2025-04-09\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 233114,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ae3e5aef-ea9f-4b5d-ada4-7648bf3b2581\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-21\",\n \"Date_Last_Reviewed\": \"2023-12-27\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1916437,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"abdc2e93-a32d-4b27-87e6-417565a08bc7\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-26\",\n \"Date_Last_Reviewed\": \"2024-07-08\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1006525,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6499d6d4-6c75-46a2-a988-f6ce70268edf\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-05-04\",\n \"Date_Last_Reviewed\": \"2023-09-11\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1967280,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"98cb6d30-7b64-4a76-9d2c-8758152d3280\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-14\",\n \"Date_Last_Reviewed\": \"2025-03-17\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1839111,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9651f30a-c7af-42ab-a5e1-0d623cffbc7b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-28\",\n \"Date_Last_Reviewed\": \"2023-05-15\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1674851,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"72470b98-2e1e-42db-8b61-3d17903d90bc\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-26\",\n \"Date_Last_Reviewed\": \"2024-03-29\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1468161,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"647e65ab-20f4-4209-8160-4498e4aa8b7f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-07\",\n \"Date_Last_Reviewed\": \"2024-04-03\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1219491,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e3a0fb64-104b-4d6d-956b-182b9da1cff6\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-11\",\n \"Date_Last_Reviewed\": \"2023-08-26\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 694746,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"45a907a5-618d-4bd9-8092-2b97a57482dc\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-20\",\n \"Date_Last_Reviewed\": \"2024-09-20\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 664269,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a14a1f9b-76ab-4680-af19-8989621cfdb3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-02\",\n \"Date_Last_Reviewed\": \"2024-10-30\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1691564,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"b0726a2c-a072-455b-90e8-07ef7158b0c0\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-30\",\n \"Date_Last_Reviewed\": \"2023-08-24\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 311478,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1094178a-df7d-4250-ba17-58acaf72e249\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-14\",\n \"Date_Last_Reviewed\": \"2024-05-20\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1615551,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3325d070-2fc5-4c05-aa7f-2e0556b32652\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-28\",\n \"Date_Last_Reviewed\": \"2024-07-11\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 377795,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d9f06ad1-7c4a-45f8-b091-5a6b05e70c14\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-04\",\n \"Date_Last_Reviewed\": \"2024-04-25\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1667480,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2e9a7a5a-a99c-4717-8524-c4a1fa001e96\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-01\",\n \"Date_Last_Reviewed\": \"2024-04-16\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1334614,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c603f547-fc82-4cb5-acb9-5eefc68d01c2\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-05\",\n \"Date_Last_Reviewed\": \"2024-09-01\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 427140,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"24eb014b-6688-4489-9586-33c9176cad1d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-16\",\n \"Date_Last_Reviewed\": \"2024-10-07\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1257055,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ef47c4d8-64a1-4914-b030-7b45573699e9\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-12\",\n \"Date_Last_Reviewed\": \"2024-08-07\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 860041,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6f12fcaa-51e1-4822-a0f3-6e40867dfc27\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-08\",\n \"Date_Last_Reviewed\": \"2025-04-07\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1155889,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f967a14c-d8f7-46bf-bb0e-baf3dd72f854\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-16\",\n \"Date_Last_Reviewed\": \"2024-03-10\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1805327,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4443feb9-cfe4-4664-b606-0dc2c87ed54a\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-18\",\n \"Date_Last_Reviewed\": \"2024-05-01\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 833777,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9402936e-358f-417e-b4a1-758cd19eb53a\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-14\",\n \"Date_Last_Reviewed\": \"2025-01-04\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 557361,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5c9dc6d6-ca1a-40a6-b14f-6308526623b4\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-13\",\n \"Date_Last_Reviewed\": \"2023-07-02\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 617176,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ea116710-88c8-43a0-9906-54ea561344f9\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-15\",\n \"Date_Last_Reviewed\": \"2025-02-11\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 559613,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e478e1a9-09e7-4d04-b212-7a8c186ec419\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-07\",\n \"Date_Last_Reviewed\": \"2025-03-17\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 263693,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"5d8a36cb-7acf-4e05-b5ac-f12c4c874f1d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-14\",\n \"Date_Last_Reviewed\": \"2024-05-28\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 783017,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d9ae3271-8f76-47b9-805e-86354becefef\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-16\",\n \"Date_Last_Reviewed\": \"2024-02-13\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 585741,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"caaa5007-10a9-4637-a53d-e1d294696318\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-30\",\n \"Date_Last_Reviewed\": \"2025-02-13\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1585407,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"09e1c697-b053-416a-9267-5f3e0880f147\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-05\",\n \"Date_Last_Reviewed\": \"2024-11-19\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 315165,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"313258ea-f444-477e-acdc-73e628acb5f9\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-28\",\n \"Date_Last_Reviewed\": \"2024-09-03\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1268381,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"46a3e2ac-0d0b-4cd8-a48f-981b3d209988\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-15\",\n \"Date_Last_Reviewed\": \"2023-06-07\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 219293,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"dbbc01c2-77cb-4d36-9fd5-bdf110723e6a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-17\",\n \"Date_Last_Reviewed\": \"2024-10-13\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1010982,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d7a836a5-9b4e-4691-bde2-d3371239a059\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-18\",\n \"Date_Last_Reviewed\": \"2024-06-28\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 225037,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e37dd8ec-c27a-4e8d-9536-30fd77cac36b\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-01\",\n \"Date_Last_Reviewed\": \"2023-11-26\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 120314,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ce748dec-26d7-4c5e-a2fe-d71528d8e698\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-07\",\n \"Date_Last_Reviewed\": \"2024-07-02\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 602619,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"108d0cb0-77c1-479d-8321-b30c2e89192a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-17\",\n \"Date_Last_Reviewed\": \"2024-11-04\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 720359,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b51714bb-54ae-4800-a23d-d0c4a1c1c41c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-27\",\n \"Date_Last_Reviewed\": \"2025-01-30\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 267172,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9af15d41-58cf-43a3-bc5d-3d09f2b7b1c7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-17\",\n \"Date_Last_Reviewed\": \"2023-09-17\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 994251,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"318fac22-8802-4113-abab-74186bd64847\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-09\",\n \"Date_Last_Reviewed\": \"2024-05-23\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1852000,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1aed08ca-09c6-46b3-9ed3-1af19527dcfc\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-08\",\n \"Date_Last_Reviewed\": \"2023-09-19\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 737225,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"332ba659-74d9-42a8-9315-80e5e259aef4\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-29\",\n \"Date_Last_Reviewed\": \"2024-12-13\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1328463,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a9064992-efea-4cae-800d-743c02725087\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-15\",\n \"Date_Last_Reviewed\": \"2025-03-27\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 527931,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5c7e7799-1b6d-4587-be80-4811956d4a0d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-22\",\n \"Date_Last_Reviewed\": \"2024-12-30\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 129619,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"12eff1c6-fe48-4905-a586-bd5c1a5ddb64\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-25\",\n \"Date_Last_Reviewed\": \"2024-08-10\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1611175,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"19347baa-4325-4845-9f1b-7004a304c514\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-11\",\n \"Date_Last_Reviewed\": \"2024-08-06\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 419093,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e5ac7eb6-8f10-481a-9035-3fe93972ea81\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-20\",\n \"Date_Last_Reviewed\": \"2023-12-27\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1609594,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"1310ee90-085e-4a91-b459-f96902533cbf\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-03\",\n \"Date_Last_Reviewed\": \"2024-01-25\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1812735,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"fc58f7b3-b8a4-4f3a-95bc-14397e79684d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-07\",\n \"Date_Last_Reviewed\": \"2024-07-09\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 782855,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"96d21e42-c60d-41e4-8291-2799f9155442\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-27\",\n \"Date_Last_Reviewed\": \"2025-03-19\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1929451,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3adf6a2a-a8de-4dca-bb54-2664dd504a39\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-23\",\n \"Date_Last_Reviewed\": \"2023-11-01\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1990699,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1acb16c2-c4e9-46b4-9f71-32f6f49e8d9c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-19\",\n \"Date_Last_Reviewed\": \"2023-10-01\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 157139,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"199718df-88ab-401f-98c6-4795375fab66\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-02\",\n \"Date_Last_Reviewed\": \"2024-11-27\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 423906,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ae1f5296-5bd6-4b3a-b295-1af55468aea9\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-21\",\n \"Date_Last_Reviewed\": \"2024-06-16\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1544830,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c9b3f1a5-d669-4384-91f5-385270bf82e4\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-01\",\n \"Date_Last_Reviewed\": \"2023-12-29\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 420035,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6468f73c-e681-40bd-b0e3-ccca26476855\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-16\",\n \"Date_Last_Reviewed\": \"2024-08-15\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 831875,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"92814afb-5b29-4a98-ac6c-754e41f7444b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-26\",\n \"Date_Last_Reviewed\": \"2024-02-11\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 611461,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2fef1104-445d-42fd-ac34-7e03d26fac65\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-11\",\n \"Date_Last_Reviewed\": \"2023-12-09\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 497231,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"15e35256-4826-407b-b6d1-516602cfe491\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-11\",\n \"Date_Last_Reviewed\": \"2023-06-03\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1334406,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"228c48db-6d25-4722-962f-2e99115cd302\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-02\",\n \"Date_Last_Reviewed\": \"2023-10-22\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1377681,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"01e09e59-dd33-435a-89e2-8e277498ba04\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-05\",\n \"Date_Last_Reviewed\": \"2025-04-04\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1628880,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8d48c7c9-378a-4751-82c5-de19534a3901\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-09\",\n \"Date_Last_Reviewed\": \"2024-08-31\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 169314,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6dec156d-e435-4ec8-9e1b-e58cd2541fdc\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-11\",\n \"Date_Last_Reviewed\": \"2023-08-13\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1005709,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b4e0d274-1603-4433-91e6-9a02199fdfe3\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-05\",\n \"Date_Last_Reviewed\": \"2024-09-10\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 959526,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"dd7bd848-554a-4228-8291-6a0c4bf6c3e1\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-12\",\n \"Date_Last_Reviewed\": \"2023-10-04\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1083522,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7d2ce2ea-00c3-4c0e-b1b1-de96026e924e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-12\",\n \"Date_Last_Reviewed\": \"2025-02-22\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1111603,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5a21c3bb-d946-4b4d-aa6c-0f86fdf9b429\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-22\",\n \"Date_Last_Reviewed\": \"2025-03-29\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1427855,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"ed2cc24a-a405-48fd-80d6-7c65df0eab96\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-09\",\n \"Date_Last_Reviewed\": \"2024-08-07\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1651954,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9de852a9-72ba-4d8a-be66-7e8abd665160\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-11\",\n \"Date_Last_Reviewed\": \"2023-07-01\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 399713,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"cd12d510-460d-4d0f-b493-543f71aafad0\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-05-01\",\n \"Date_Last_Reviewed\": \"2024-08-24\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 215102,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b8e0cb62-5c60-41a1-8d7f-7a0eb7bcb096\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-20\",\n \"Date_Last_Reviewed\": \"2024-06-13\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 970507,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c1912aca-9684-4891-87a7-f43f33013894\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-29\",\n \"Date_Last_Reviewed\": \"2024-05-10\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 428106,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9a28f3e9-c3b4-433e-a87a-7cd780733d40\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-27\",\n \"Date_Last_Reviewed\": \"2024-07-17\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1885080,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6e972930-7b2e-4f2c-8aa4-59f7c012fec4\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-23\",\n \"Date_Last_Reviewed\": \"2023-05-30\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1878739,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1730b2a2-230f-47c4-8d16-19c18ba9f6c3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-23\",\n \"Date_Last_Reviewed\": \"2024-03-29\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 191389,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0cc5b6ec-585f-458c-bbdf-e9dc8d702d7f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-20\",\n \"Date_Last_Reviewed\": \"2024-06-21\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1198820,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"05ac74c9-c4ff-4fa7-8efa-fe8bd6f40ab2\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-27\",\n \"Date_Last_Reviewed\": \"2024-12-27\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 749651,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6dcc95fb-26e7-4a60-b742-dc6bea663904\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-13\",\n \"Date_Last_Reviewed\": \"2023-09-19\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1978835,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"077f9b3f-f8bc-4a65-bf78-491108555741\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-02\",\n \"Date_Last_Reviewed\": \"2024-07-22\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1707205,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c70a5c6e-4bec-4af2-9f6e-25a5491df023\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-02\",\n \"Date_Last_Reviewed\": \"2025-03-26\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1750205,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"b29e8932-4492-449e-a9b2-fde94d4f0e2d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-11\",\n \"Date_Last_Reviewed\": \"2024-09-09\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 743707,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ce96716a-ea3d-460f-8a58-665b64e1021d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-12\",\n \"Date_Last_Reviewed\": \"2024-02-01\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1172750,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"60952d46-38c9-4561-82a4-ce7b352ffa86\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-21\",\n \"Date_Last_Reviewed\": \"2023-11-17\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1476812,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"9c6bb901-4425-4b54-a87d-98ee37aff4a0\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-28\",\n \"Date_Last_Reviewed\": \"2024-12-16\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1082002,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2e2afbac-9e71-466c-b87a-200469530824\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-21\",\n \"Date_Last_Reviewed\": \"2024-10-16\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 575383,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6f00bdcf-19a6-4a9c-b8bf-790d69f7e53e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-19\",\n \"Date_Last_Reviewed\": \"2024-01-20\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 959542,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d054823c-26f6-4c79-92b4-15d80b3e9dfa\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-05-01\",\n \"Date_Last_Reviewed\": \"2023-11-10\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, CCPA\",\n \"Loss_Estimate_USD\": 651691,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b37ff6b8-3372-402b-8c17-b496500858cc\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-29\",\n \"Date_Last_Reviewed\": \"2023-06-22\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1911816,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e61ab4f8-16b6-41bd-9b3b-3b457930b11d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-02\",\n \"Date_Last_Reviewed\": \"2023-09-06\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1731788,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c4b087e0-df37-432b-9ced-3b528bf3cb0c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-13\",\n \"Date_Last_Reviewed\": \"2025-04-26\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 342707,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c5de42a9-32cf-4b09-82ae-90db67b86845\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-04\",\n \"Date_Last_Reviewed\": \"2024-11-02\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 641912,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5772fb3a-ae26-4f2d-b4ec-8aa370657469\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-05\",\n \"Date_Last_Reviewed\": \"2023-11-30\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 508554,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d4819b55-cc70-426c-bc81-43dd46ab43fd\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-23\",\n \"Date_Last_Reviewed\": \"2024-05-20\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 709652,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"0e2ffd93-c352-4b41-bfeb-903b72dfac43\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-05-02\",\n \"Date_Last_Reviewed\": \"2024-08-10\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 643268,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f78c13d3-99db-4320-8caa-e7bf68c8d562\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-13\",\n \"Date_Last_Reviewed\": \"2023-06-22\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 197729,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"9ba99a73-3a81-4b90-91dd-c26f842dfc04\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-03\",\n \"Date_Last_Reviewed\": \"2025-05-06\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 151483,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"caf5c37f-53c2-4fb3-a7dd-a6b554036e0b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-03\",\n \"Date_Last_Reviewed\": \"2024-04-06\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 399965,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"89e61709-d882-4e85-8f99-b0287e317c46\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-14\",\n \"Date_Last_Reviewed\": \"2024-10-09\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1338798,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"8112602b-ff33-4fbf-ad22-728cce1c53cb\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-27\",\n \"Date_Last_Reviewed\": \"2024-12-10\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1507562,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"adb6f43f-eb7f-4d62-9d43-16bf3dd6e8f2\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-27\",\n \"Date_Last_Reviewed\": \"2024-01-04\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1215523,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1c83adcd-b0a8-4ec6-9643-07227137a0b2\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-21\",\n \"Date_Last_Reviewed\": \"2024-11-23\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 525100,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"fca52174-c322-45c8-ba09-0ae2d79f8375\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-05-01\",\n \"Date_Last_Reviewed\": \"2025-01-05\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 414070,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ce414923-fbb6-42dd-9d43-502fdefc7215\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-18\",\n \"Date_Last_Reviewed\": \"2024-03-16\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 392636,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"04f3cb95-13be-42d1-af8c-da1dfeb02040\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-23\",\n \"Date_Last_Reviewed\": \"2023-05-16\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 405649,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"33375c27-e49c-4c0f-837b-bfdf2a898591\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-11\",\n \"Date_Last_Reviewed\": \"2024-01-15\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1234167,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"41f4073d-5341-4add-9ce1-7d68fa91a89c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-25\",\n \"Date_Last_Reviewed\": \"2024-11-24\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1692872,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6fd3e928-e49a-473c-a920-7b133da91d4a\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-02\",\n \"Date_Last_Reviewed\": \"2023-05-25\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1194665,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f4e07174-0eaa-4b20-a6d6-defda7d6b807\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-09\",\n \"Date_Last_Reviewed\": \"2025-04-08\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 926492,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4e475bf0-2322-4dc0-b30b-77a052e61825\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-25\",\n \"Date_Last_Reviewed\": \"2024-04-03\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 212023,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6049dba1-6048-446f-92ec-02bca39a6605\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-05\",\n \"Date_Last_Reviewed\": \"2024-01-11\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1955087,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4c2d1438-1270-48ef-b179-be6aedebd3a3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-19\",\n \"Date_Last_Reviewed\": \"2024-06-23\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1607396,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6d1badfa-1536-4abf-bcfd-4fe6026dadc1\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-10\",\n \"Date_Last_Reviewed\": \"2024-02-27\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1689242,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e5fd9cb9-fd6d-4233-9c0c-a15d91220026\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-27\",\n \"Date_Last_Reviewed\": \"2024-07-03\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1130400,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"dfb6cf55-0820-4059-9900-55c948a2d49c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-12\",\n \"Date_Last_Reviewed\": \"2024-09-11\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 447505,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2d82de07-52b2-4f48-b3f7-742027b53fcf\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-09\",\n \"Date_Last_Reviewed\": \"2023-12-23\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1678499,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c443e37c-0aa7-4eb8-aad7-eba37011be20\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-08\",\n \"Date_Last_Reviewed\": \"2023-10-10\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1459270,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c8b80bf5-d016-4df6-822b-ec8d3971a6dd\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-30\",\n \"Date_Last_Reviewed\": \"2025-02-26\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 789236,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"bbda29f1-2552-457b-a1cd-6d5390ddc55c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-29\",\n \"Date_Last_Reviewed\": \"2024-02-16\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1128134,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1191d33f-a4d2-455e-93be-496e66960bc5\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-14\",\n \"Date_Last_Reviewed\": \"2025-01-21\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 499799,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"859eef83-0abd-4d24-a03c-0f1a773f3ea9\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-11\",\n \"Date_Last_Reviewed\": \"2024-03-18\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1448940,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"928eee36-1688-408e-89b3-7115b0ccb974\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-03\",\n \"Date_Last_Reviewed\": \"2024-01-09\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 228785,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"38d82376-6078-43b6-b21f-814200649e16\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-11\",\n \"Date_Last_Reviewed\": \"2024-06-19\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 714069,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b7fff6b0-4a22-41b0-8bcb-771db9616e7c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-27\",\n \"Date_Last_Reviewed\": \"2024-07-12\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 562627,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0e3f2c35-a7f2-44d6-aeb9-35282dbf0c33\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-10\",\n \"Date_Last_Reviewed\": \"2024-02-23\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1078167,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f3b5568c-74af-4306-8d55-24eaa6aed6bc\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-20\",\n \"Date_Last_Reviewed\": \"2025-04-26\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1543875,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a676ca4b-d508-4851-9e2a-78625f602eb3\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-13\",\n \"Date_Last_Reviewed\": \"2023-12-21\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 949495,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d8da95c2-5038-497c-9179-f46e15cb7cf1\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-08\",\n \"Date_Last_Reviewed\": \"2023-12-15\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1739212,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"218b49a9-a031-48b8-b1f7-68864cff1750\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-01\",\n \"Date_Last_Reviewed\": \"2025-02-12\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 118908,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4dca47e3-7e14-44bd-b617-9aace30a77a9\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-30\",\n \"Date_Last_Reviewed\": \"2025-01-18\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 714039,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ab00dacc-e2a7-4c82-bb44-1838056a62b7\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-09\",\n \"Date_Last_Reviewed\": \"2024-08-25\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1498461,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d42184b9-9f64-44ad-b16e-8e4d76723d87\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-03\",\n \"Date_Last_Reviewed\": \"2024-09-09\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1703283,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"bbca1689-e105-480f-89d2-1d4cff49d2b2\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-20\",\n \"Date_Last_Reviewed\": \"2024-09-23\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1970742,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"55b6d2df-d7ad-4692-998d-b2c52ef0bfcd\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-05\",\n \"Date_Last_Reviewed\": \"2024-02-04\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1227828,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"698a97d7-af19-4d66-bb9a-fd2f19f10272\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-05\",\n \"Date_Last_Reviewed\": \"2023-06-07\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1539409,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"4536ae0e-15fa-4ed9-8fe4-7eca77c9a98a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-25\",\n \"Date_Last_Reviewed\": \"2023-11-23\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 433501,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"832288f6-9578-4530-afde-8981f7561be9\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-17\",\n \"Date_Last_Reviewed\": \"2024-08-11\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 338259,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9e06a240-8034-40e2-8153-fa0e9e12e9be\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-20\",\n \"Date_Last_Reviewed\": \"2023-12-31\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1653032,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a93143c1-714d-4f34-89de-790b7f197541\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-13\",\n \"Date_Last_Reviewed\": \"2024-11-04\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1806623,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ff1c3fcc-edb9-4e8e-8e72-d52c361bd27f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-05\",\n \"Date_Last_Reviewed\": \"2023-07-26\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 919998,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"4bb1a4ca-293e-4bf8-996a-42ecd4bb68bc\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-04\",\n \"Date_Last_Reviewed\": \"2024-02-05\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 198545,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1929d2b4-4762-46c2-8fe0-d39ea34e6781\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-05\",\n \"Date_Last_Reviewed\": \"2024-11-01\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 366779,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"add52781-4d89-437f-95b2-b859e5dd863d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-10\",\n \"Date_Last_Reviewed\": \"2023-06-17\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1755899,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0b919f23-07e9-4167-91cd-ab7bd8ded044\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-03\",\n \"Date_Last_Reviewed\": \"2025-04-03\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1370824,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e439fcfd-2cc4-434d-bda1-a65def18fcd0\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-07\",\n \"Date_Last_Reviewed\": \"2024-10-10\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 920162,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e2dd9abe-167c-4dab-bafe-a3ae31178a50\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-28\",\n \"Date_Last_Reviewed\": \"2024-04-27\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1408449,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"444202e2-c4da-456e-871f-25ffdb91ebca\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-04\",\n \"Date_Last_Reviewed\": \"2025-02-09\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 598762,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"1b00344c-be4f-4c2e-be46-27890454ca42\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-26\",\n \"Date_Last_Reviewed\": \"2023-09-15\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 291167,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"9c9e12cd-3b0a-4a22-82d0-452b3352805c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-12\",\n \"Date_Last_Reviewed\": \"2025-05-10\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1915262,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e4559eee-2c82-4685-b79e-030f9e9db6a3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-04\",\n \"Date_Last_Reviewed\": \"2024-02-22\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1876645,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"fabb9d65-96c6-4579-b147-5ecb6e159fd1\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-29\",\n \"Date_Last_Reviewed\": \"2023-11-29\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1377638,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e10b1107-2de9-4e49-8dbc-42e2841970af\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-26\",\n \"Date_Last_Reviewed\": \"2024-11-02\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1177838,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"459262c1-fedd-455b-9851-4a73e65d0e40\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-07\",\n \"Date_Last_Reviewed\": \"2025-03-27\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 591329,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d8cc6a90-da31-43a0-8c13-9f9a9bbac266\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-15\",\n \"Date_Last_Reviewed\": \"2025-02-02\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 330070,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c849b1a2-2bea-474c-a99a-3b4920bfb29b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-06\",\n \"Date_Last_Reviewed\": \"2024-11-01\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1515380,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c422d0dc-8df2-4c70-92ee-024edef5f009\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-08\",\n \"Date_Last_Reviewed\": \"2023-09-13\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 958154,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"5395a2b7-999a-48d1-b769-73c28487eb21\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-17\",\n \"Date_Last_Reviewed\": \"2024-05-17\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1847315,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"86f50406-80d2-46f1-a185-01b172c87358\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-20\",\n \"Date_Last_Reviewed\": \"2024-05-01\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1524910,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c2da0dc3-2a78-42c1-973d-1f33b0eb80bb\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-13\",\n \"Date_Last_Reviewed\": \"2025-02-09\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1178990,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]"], "Summarize the open vendor-related risks.": ["[\n {\n \"Risk_ID\": \"059ddaf3-b351-41cb-bf7c-c9eafda4d6da\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-17\",\n \"Date_Last_Reviewed\": \"2023-07-17\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1659847,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"60234c35-3fad-4196-b0be-53ad1d9d3d89\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-24\",\n \"Date_Last_Reviewed\": \"2023-11-10\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 596610,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"64334902-e253-44f5-8526-fd329b72a4d8\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-25\",\n \"Date_Last_Reviewed\": \"2023-10-23\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 729471,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9e807035-bbfc-4c0a-80e7-232b59b2ac14\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-08\",\n \"Date_Last_Reviewed\": \"2024-01-31\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 784506,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"041cd8a5-39b8-4ec8-9afc-1f5b007bc699\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-08\",\n \"Date_Last_Reviewed\": \"2025-03-08\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1236648,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2c9382af-55ba-4c83-a855-ff3672b8792e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-11\",\n \"Date_Last_Reviewed\": \"2024-08-22\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1843581,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"e1e7a0c6-9de0-4696-ac8f-a60d801486d5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-01\",\n \"Date_Last_Reviewed\": \"2024-01-18\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 386091,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"db2d57ec-f20f-4df6-8c92-e514bfbbcb59\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-29\",\n \"Date_Last_Reviewed\": \"2024-11-03\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1798406,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"51f155fe-975b-43c1-954e-6518848f03be\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-05-03\",\n \"Date_Last_Reviewed\": \"2024-05-18\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1074733,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ec09ed05-ee74-4495-948f-a873fb865f6c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-09\",\n \"Date_Last_Reviewed\": \"2023-12-15\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1845186,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"bac49969-6188-4422-9607-057ada41a8fa\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-05\",\n \"Date_Last_Reviewed\": \"2024-05-22\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 850843,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e91c7141-8a63-4faf-a058-a44fff172bdd\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-04\",\n \"Date_Last_Reviewed\": \"2024-03-13\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1038537,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c4f6187a-ceb6-428a-9333-83f41d8511e8\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-20\",\n \"Date_Last_Reviewed\": \"2024-05-11\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 372902,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a3af79e0-4e84-4577-a4b7-93c116eeac22\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-14\",\n \"Date_Last_Reviewed\": \"2024-05-13\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1824470,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ce5ec426-779f-45e7-ba22-c0c50bfa3eed\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-06\",\n \"Date_Last_Reviewed\": \"2025-02-27\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1959433,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ccb852ac-b70a-46a9-9d95-285e1f9386db\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-14\",\n \"Date_Last_Reviewed\": \"2024-03-01\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 166689,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6c44ecd1-d531-4e3f-8b05-9c1bd76f4efd\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-06\",\n \"Date_Last_Reviewed\": \"2024-12-01\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 277699,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8d6b97b5-8be4-4ec4-99fc-0aef27cee71f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-21\",\n \"Date_Last_Reviewed\": \"2023-12-02\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1577368,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2110649b-b5dd-4a09-abc0-9ac431e6d41c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-27\",\n \"Date_Last_Reviewed\": \"2024-09-18\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1034895,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f5e38628-f904-4bd3-b1ed-f006df469bdb\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-28\",\n \"Date_Last_Reviewed\": \"2024-10-26\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1394149,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a6139ab8-b937-4a56-bc0e-816dac4b2aa4\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-12\",\n \"Date_Last_Reviewed\": \"2024-12-01\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1950054,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"735e6284-37f1-49fb-988e-a1e52ab0046f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-25\",\n \"Date_Last_Reviewed\": \"2025-02-06\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1107747,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6ea26a35-6201-47d7-97e2-fafb398d1a46\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-29\",\n \"Date_Last_Reviewed\": \"2025-01-05\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1964568,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a54ee857-cf7d-4abf-960d-6a9733f8d56c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-07\",\n \"Date_Last_Reviewed\": \"2023-11-30\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1987898,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"359f82cb-1837-4989-a326-ffc34be9ac5a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-28\",\n \"Date_Last_Reviewed\": \"2023-10-25\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1068843,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"107daca4-7e3d-4042-93a7-2a87536e1ac1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-24\",\n \"Date_Last_Reviewed\": \"2023-07-18\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1738759,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7953477a-b03c-4836-8a29-7e7201380168\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-30\",\n \"Date_Last_Reviewed\": \"2023-08-09\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 885763,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6da765f5-1455-4170-b75e-e6d5a851deb2\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-07\",\n \"Date_Last_Reviewed\": \"2024-03-10\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1143784,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"69d3878a-4544-4abe-94d8-7bdd326af8d5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-05\",\n \"Date_Last_Reviewed\": \"2023-08-12\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 969427,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f0b0f280-89e2-44a8-add8-cf4b150061fa\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-14\",\n \"Date_Last_Reviewed\": \"2023-10-25\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1470078,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4be7056f-64f4-4b6e-9284-805d232bd34d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-09\",\n \"Date_Last_Reviewed\": \"2024-02-14\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1023705,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0eeaed27-2958-4b4d-a5a1-44b82d9c0be3\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-21\",\n \"Date_Last_Reviewed\": \"2023-12-16\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1329063,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b8e74199-6b20-464a-bef4-67bdff339b5e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-01\",\n \"Date_Last_Reviewed\": \"2025-03-10\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1255984,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"54b81334-14f4-409d-a481-b555a847588b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-23\",\n \"Date_Last_Reviewed\": \"2024-06-30\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1396573,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"3f1002f9-554c-4323-abf9-2293068b43e3\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-19\",\n \"Date_Last_Reviewed\": \"2023-06-05\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 203865,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"9d96e011-c815-45ee-bad2-6dc983530d3f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-03\",\n \"Date_Last_Reviewed\": \"2024-10-24\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1306005,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"415d17eb-b0b9-4dc3-8389-28313cf8ef04\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-07\",\n \"Date_Last_Reviewed\": \"2025-02-06\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1487268,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"2e3e5163-cdd8-458d-84fc-c63fb181047e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-23\",\n \"Date_Last_Reviewed\": \"2025-04-06\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 423980,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d10b879f-f8df-48a9-802c-cd78b3c77c95\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-03\",\n \"Date_Last_Reviewed\": \"2024-05-22\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1457608,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7bc833ad-24c1-45c8-8f94-5f726714651d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-29\",\n \"Date_Last_Reviewed\": \"2025-02-22\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 820835,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2becdab5-6dd9-4a49-813f-c47a859fc338\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-06\",\n \"Date_Last_Reviewed\": \"2024-12-28\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 205190,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d808434d-9c90-4eaf-9b4e-58fed9410e05\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-05\",\n \"Date_Last_Reviewed\": \"2023-10-15\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1612833,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6773143c-b57f-480c-8377-d0e6c95d97c0\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-30\",\n \"Date_Last_Reviewed\": \"2024-06-21\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1816068,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"acbe12f0-fec6-408f-b3c8-aa2cba22e917\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-11\",\n \"Date_Last_Reviewed\": \"2025-03-08\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 268374,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"49fe5964-2d9d-4e25-818a-23867d6cb87a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-04\",\n \"Date_Last_Reviewed\": \"2024-08-12\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1982396,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b64be728-b98c-43fc-ad03-d9e9f7e3b6eb\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-09\",\n \"Date_Last_Reviewed\": \"2025-01-24\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1047816,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c2fe9000-6676-4d86-8c90-452842c3b0b7\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-29\",\n \"Date_Last_Reviewed\": \"2025-01-01\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 253344,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8d00eb4a-7160-445f-bb8a-54e8991af1fd\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-06\",\n \"Date_Last_Reviewed\": \"2023-12-04\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1808814,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4ba12ec0-5491-4ca3-bdd9-8dbf0f6c7416\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-30\",\n \"Date_Last_Reviewed\": \"2025-02-02\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 944277,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"209fc840-26d9-4aa0-99cc-b45c2bef51c7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-08\",\n \"Date_Last_Reviewed\": \"2024-09-19\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1544031,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"9ddfde97-dffb-42d0-91b8-492f3810c688\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-01\",\n \"Date_Last_Reviewed\": \"2023-07-22\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 652285,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"cfb6e010-0ed4-45a5-bb87-c1fb9522576d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-12\",\n \"Date_Last_Reviewed\": \"2024-06-10\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1989755,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"53c6f768-ed44-4ebe-870b-2d4d5150b52e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-19\",\n \"Date_Last_Reviewed\": \"2024-12-02\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 821770,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0316571c-0be2-4e7d-952c-14bb52aacc06\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-26\",\n \"Date_Last_Reviewed\": \"2025-01-28\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1902404,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"1cac9a76-1fe6-4fa6-aeb5-1cf7d35067ce\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-30\",\n \"Date_Last_Reviewed\": \"2023-06-26\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 253923,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"2b001193-ff6b-43fc-8a38-2711a56e7296\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-08\",\n \"Date_Last_Reviewed\": \"2023-11-17\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1805000,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"881a3f89-0c40-4ea7-b013-615a0c087c2a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-09\",\n \"Date_Last_Reviewed\": \"2023-09-01\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 250590,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4d1f5a1e-cb07-4730-9753-601b95661658\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-24\",\n \"Date_Last_Reviewed\": \"2025-01-08\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 163774,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0a847b9d-6724-412b-889f-c156da627a66\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-26\",\n \"Date_Last_Reviewed\": \"2024-10-18\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1101576,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"930c42d5-a2c4-4c6d-b916-aa4a67b074cb\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-28\",\n \"Date_Last_Reviewed\": \"2024-01-18\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1660188,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"bb3cea70-11c5-40e0-9eb7-1d1daf8c485c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-30\",\n \"Date_Last_Reviewed\": \"2024-07-10\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1707392,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3296415e-a95a-4044-bbea-73ddd472a153\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-11\",\n \"Date_Last_Reviewed\": \"2024-10-14\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1761533,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d9c6d4bc-8c39-4634-bbae-c3f8be593144\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-11\",\n \"Date_Last_Reviewed\": \"2023-09-05\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 917287,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"00d72e13-7f1a-41e5-a355-4b4537ad0ef3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-04\",\n \"Date_Last_Reviewed\": \"2024-08-01\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 556142,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7db9154b-2025-4fcc-ad4c-0f51cd0a683d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-30\",\n \"Date_Last_Reviewed\": \"2024-10-31\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 541657,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0684a0ba-d88d-48d8-aea8-8a93b4913c93\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-19\",\n \"Date_Last_Reviewed\": \"2025-02-26\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1965600,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e617827a-f755-404a-9293-abf67f822a65\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-25\",\n \"Date_Last_Reviewed\": \"2023-12-14\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 975822,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"aaa574e4-76ed-437e-8f13-c83d8e973e67\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-07\",\n \"Date_Last_Reviewed\": \"2025-03-04\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 574144,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"6cd6aa24-8bca-41c9-add3-475cb78b405d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-26\",\n \"Date_Last_Reviewed\": \"2023-05-23\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 959477,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"2ee74f98-dbc4-4bcb-9216-a0863b3cc83b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-10\",\n \"Date_Last_Reviewed\": \"2023-07-09\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 693486,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"79bcb657-d191-4e35-93fb-2e98aed83677\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-15\",\n \"Date_Last_Reviewed\": \"2025-03-20\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 503598,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"813fbbb1-6dba-4eab-872a-5178861fe2d1\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-05\",\n \"Date_Last_Reviewed\": \"2025-03-03\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 680417,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"bdea8e8f-75b4-4bf3-ad67-a6e733e91921\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-06\",\n \"Date_Last_Reviewed\": \"2024-05-21\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1283618,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2bc59aa3-2716-4af7-88a3-acd2178fd76f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-05\",\n \"Date_Last_Reviewed\": \"2024-10-10\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1819904,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b60b6de7-0681-4aa2-a2c5-98ba2ae0538f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-13\",\n \"Date_Last_Reviewed\": \"2025-05-05\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1369656,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1522490e-9da4-4e95-8312-f96afaba4617\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-13\",\n \"Date_Last_Reviewed\": \"2024-04-19\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 207952,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2b9c7fa1-0d94-4351-b0a9-411aeca50f0d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-05\",\n \"Date_Last_Reviewed\": \"2024-02-26\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1325486,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"74f4df9b-2d16-4ef3-8ff6-e1ff64a7bf31\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-11\",\n \"Date_Last_Reviewed\": \"2024-12-27\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1422492,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"43cbb02c-cb76-4b2b-8de9-c71a1633a7ea\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-16\",\n \"Date_Last_Reviewed\": \"2025-04-05\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1153105,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f61e1aed-70f7-48fd-8118-28ceddde68ec\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-17\",\n \"Date_Last_Reviewed\": \"2023-12-20\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 721985,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1da8c155-340b-4e54-8640-08508622fe16\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-09\",\n \"Date_Last_Reviewed\": \"2023-10-07\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 998924,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"63360649-9f0a-414f-8faf-0b758a95bf83\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-08\",\n \"Date_Last_Reviewed\": \"2024-03-02\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1694421,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"17d6869f-273e-4f0e-9fba-4d587e1bf050\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-29\",\n \"Date_Last_Reviewed\": \"2024-10-18\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1358703,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"678f7aa5-d5c2-410f-9074-21693a855d0c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-20\",\n \"Date_Last_Reviewed\": \"2025-01-24\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1089532,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b9c2bdbf-09c2-4f57-a05d-d8c9a481edbf\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-30\",\n \"Date_Last_Reviewed\": \"2023-06-09\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1551422,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8de11055-44cc-411f-bc11-9a0443350ef9\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-12\",\n \"Date_Last_Reviewed\": \"2024-12-07\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1976057,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"df073120-1222-4446-a7b3-f8f96ef0caf6\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-30\",\n \"Date_Last_Reviewed\": \"2023-08-19\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 461186,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c712ec5b-b488-482e-bb99-25376a827feb\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-16\",\n \"Date_Last_Reviewed\": \"2023-10-17\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 855636,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7b3110d2-8342-4732-aecd-0cf4e386714a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-10\",\n \"Date_Last_Reviewed\": \"2024-10-31\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1960350,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"586a48a7-b566-41fa-88a6-33d7faa7a3d8\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-10\",\n \"Date_Last_Reviewed\": \"2025-01-11\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1219801,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"90195e6d-eb2c-48a0-a414-3031f5b6fa73\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-05\",\n \"Date_Last_Reviewed\": \"2024-07-21\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 457799,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1f6a21ed-7f69-425f-8a12-d72ffccbe659\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-03\",\n \"Date_Last_Reviewed\": \"2025-04-11\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 584544,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8415c543-4eee-4f99-8b75-02abe675a976\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-03\",\n \"Date_Last_Reviewed\": \"2023-09-28\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 758435,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"60a9ad49-3a60-4bcc-9878-556480967a27\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-15\",\n \"Date_Last_Reviewed\": \"2025-04-29\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1474665,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"14ba84ee-13ca-4e80-97ab-f6129b15596b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-02\",\n \"Date_Last_Reviewed\": \"2025-02-12\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1967299,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d4275228-d06c-4c22-9f33-427a1047662c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-15\",\n \"Date_Last_Reviewed\": \"2023-11-25\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 268786,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"75e1ffc8-8c5c-4bd6-b611-84d6d04d23c5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-10\",\n \"Date_Last_Reviewed\": \"2024-11-16\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 942769,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7ad092a6-0c90-442b-9110-6f41bd50b8a5\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-28\",\n \"Date_Last_Reviewed\": \"2024-02-29\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 591314,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"b3346828-f752-497b-aeb4-3655292f5ca2\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-01\",\n \"Date_Last_Reviewed\": \"2024-09-28\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 532899,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c1e17b9d-0103-4c30-865c-f44d113bb8af\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-26\",\n \"Date_Last_Reviewed\": \"2024-08-04\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 957470,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b91b6fe8-4701-4693-865a-f0aa67dc8730\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-05\",\n \"Date_Last_Reviewed\": \"2025-04-11\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1762436,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6e55be6d-2f4d-4286-ba9d-835e201d97b1\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-05\",\n \"Date_Last_Reviewed\": \"2025-04-25\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1464179,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"31da0805-7758-4c79-8991-daad4332c6c2\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-27\",\n \"Date_Last_Reviewed\": \"2024-06-25\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1629567,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a7524b51-64af-4fda-ac41-320504c39621\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-03\",\n \"Date_Last_Reviewed\": \"2024-07-07\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1716884,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6d368985-de1d-4e28-b1fe-f0b82cc123de\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-07\",\n \"Date_Last_Reviewed\": \"2023-06-09\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 237251,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"dece0b31-1e34-4458-9b75-490062a50502\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-07\",\n \"Date_Last_Reviewed\": \"2023-06-11\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1031571,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1bb2ab8a-c343-41a6-9a71-d2d2478a9207\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-01\",\n \"Date_Last_Reviewed\": \"2025-02-24\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1933734,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ad237e93-07cf-4d19-a102-3fe176869829\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-18\",\n \"Date_Last_Reviewed\": \"2023-07-04\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 164389,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"0410f853-e516-42f4-a996-af3b594c7f48\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-22\",\n \"Date_Last_Reviewed\": \"2023-09-07\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1275457,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b71b1d40-4a23-4270-9fac-2304c2f7a643\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-06\",\n \"Date_Last_Reviewed\": \"2023-11-01\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1450837,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f3ebac58-ce9f-446f-a1fa-4d2142b239c4\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-18\",\n \"Date_Last_Reviewed\": \"2024-11-04\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 119799,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d8e557cc-1aac-4743-a37a-5ece653bfc6f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-14\",\n \"Date_Last_Reviewed\": \"2024-07-17\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 893757,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8d8cca79-e4de-461a-b1ae-0da2af386da7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-04\",\n \"Date_Last_Reviewed\": \"2024-09-26\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 471904,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b3d098d8-dfe0-43e3-8287-5a5d693048ff\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-10\",\n \"Date_Last_Reviewed\": \"2023-09-17\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 992458,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4e046635-c225-4e43-894c-949e83b36b64\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-09\",\n \"Date_Last_Reviewed\": \"2024-07-19\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 136483,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b265cdba-46cc-4bd1-88f0-ba6f89b4c683\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-16\",\n \"Date_Last_Reviewed\": \"2024-04-07\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1637974,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b9d92924-aae4-4ab6-ab3b-23d534309eb8\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-16\",\n \"Date_Last_Reviewed\": \"2024-07-13\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1401366,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c2390d9e-0cf1-447b-9065-a9cf906fd00f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-03\",\n \"Date_Last_Reviewed\": \"2024-09-25\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1525843,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"eef5fcbc-3402-4e0b-a4fb-ce5e75420b62\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-22\",\n \"Date_Last_Reviewed\": \"2024-02-02\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 767399,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0bba32f4-4625-4dd8-b00a-ae6e7cacfd77\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-22\",\n \"Date_Last_Reviewed\": \"2024-01-13\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1470382,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"be7dc538-edac-4950-ab90-4455419842aa\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-11\",\n \"Date_Last_Reviewed\": \"2023-10-04\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 667525,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"21580a95-dad5-4d5f-a80d-94863c256965\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-12\",\n \"Date_Last_Reviewed\": \"2023-09-01\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 131120,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4245fe33-db0c-4906-b99f-71dd7f66c9b0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-15\",\n \"Date_Last_Reviewed\": \"2024-01-07\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 630280,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6aaaf7cd-6055-4c2a-953a-2f5e84bafc69\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-01\",\n \"Date_Last_Reviewed\": \"2023-10-25\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 982596,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"38f0ade8-9e8f-46b6-8f38-1c88117b4d10\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-02\",\n \"Date_Last_Reviewed\": \"2024-12-01\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 118604,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"2bfaf608-de94-4ac7-9a29-b6405d5bb958\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-27\",\n \"Date_Last_Reviewed\": \"2025-01-06\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1159831,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"416ac67a-52aa-4bfb-887e-7297411751e3\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-04\",\n \"Date_Last_Reviewed\": \"2024-07-28\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 640049,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"42900f7a-8027-441d-85c1-c243b9d8ed82\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-11\",\n \"Date_Last_Reviewed\": \"2025-04-01\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1753527,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1833aa94-09d9-4f3e-8e86-1b646e8302b3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-25\",\n \"Date_Last_Reviewed\": \"2025-02-07\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1643707,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"922ad43c-51b5-41e7-8deb-122972423c1f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-24\",\n \"Date_Last_Reviewed\": \"2023-07-09\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 581613,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ab0df941-cc72-4620-b61a-675327247a1f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-25\",\n \"Date_Last_Reviewed\": \"2023-09-08\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 927800,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8b4cbe57-1495-404c-9c55-6021e19ee2f9\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-01\",\n \"Date_Last_Reviewed\": \"2024-09-08\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 546531,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c36a3bb3-f29c-4a1d-b4be-cb5066d69ba0\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-04\",\n \"Date_Last_Reviewed\": \"2023-12-13\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1829756,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0430835d-579c-442e-a57c-b44fa44bd12b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-01\",\n \"Date_Last_Reviewed\": \"2025-04-24\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1142367,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f6c78033-e3db-4225-94e2-0e1f2c3c8c1d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-20\",\n \"Date_Last_Reviewed\": \"2023-12-14\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1954792,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a97c6db8-6d54-419a-afe7-d4599dae37b5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-29\",\n \"Date_Last_Reviewed\": \"2024-07-14\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 428452,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"2006e370-d27e-4eeb-8d16-d289585f5381\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-13\",\n \"Date_Last_Reviewed\": \"2024-10-26\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1803736,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"858d715c-2a8e-40f1-a772-4f1b73af5bea\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-02\",\n \"Date_Last_Reviewed\": \"2024-06-09\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 648997,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a434d883-f0c9-429c-a7af-6634ad688498\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-08\",\n \"Date_Last_Reviewed\": \"2024-10-01\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 525492,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ba377e6b-0a29-4f96-b7a6-b0795a3253f8\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-26\",\n \"Date_Last_Reviewed\": \"2024-12-05\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 853376,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"753faace-71ab-4ddd-9b78-da7dbbc29183\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-07\",\n \"Date_Last_Reviewed\": \"2023-08-05\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 710512,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ab22908e-57eb-4de2-9d2c-e43b5e0851eb\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-29\",\n \"Date_Last_Reviewed\": \"2024-04-16\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1141185,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"1ad59a86-1f25-4672-86ec-f87c1c31f12b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-06\",\n \"Date_Last_Reviewed\": \"2023-08-27\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 779060,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"bd1a29ee-5f39-4f9f-96a1-236404feb43f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-18\",\n \"Date_Last_Reviewed\": \"2023-09-09\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 346323,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5cde3930-ef6f-4496-b9cd-9e96a77f8a8c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-14\",\n \"Date_Last_Reviewed\": \"2025-02-14\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 233794,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"767a3297-297e-41e9-8311-dcbc1a2fc210\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-08\",\n \"Date_Last_Reviewed\": \"2023-12-02\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1829034,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e120c992-e3f8-4c39-869e-67b9ae9b83ae\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-17\",\n \"Date_Last_Reviewed\": \"2024-10-21\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1601426,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"599944f5-57c0-4843-9919-2ae875c896e0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-06\",\n \"Date_Last_Reviewed\": \"2024-09-24\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1063335,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ee3a7778-fa4c-479f-8755-64579e1d3866\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-15\",\n \"Date_Last_Reviewed\": \"2024-05-02\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1421490,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"2e4f41f9-8e97-4569-ba1c-22e817d223aa\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-16\",\n \"Date_Last_Reviewed\": \"2023-07-27\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1189999,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c6c17c2d-254a-4923-ad62-68135d22d25b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-10\",\n \"Date_Last_Reviewed\": \"2023-06-16\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 474897,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3541575a-9dbd-4e69-94cf-63ec4d038bcb\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-01\",\n \"Date_Last_Reviewed\": \"2023-06-23\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 464006,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5b5acb6a-0cec-4ce2-9353-8e0d9edd08f4\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-21\",\n \"Date_Last_Reviewed\": \"2023-11-27\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1819243,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c02312e5-2bae-4c34-9b92-35042d313b38\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-14\",\n \"Date_Last_Reviewed\": \"2023-09-11\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 571249,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5cc0555f-17be-4633-ac06-c52245325a7c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-27\",\n \"Date_Last_Reviewed\": \"2025-04-23\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 797092,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"51d0dc61-e241-43c0-97d9-3d539ad898f5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-25\",\n \"Date_Last_Reviewed\": \"2024-03-23\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 711093,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e6843b4a-4a09-41f1-b5fe-409470e17caf\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-13\",\n \"Date_Last_Reviewed\": \"2024-01-20\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1241791,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1513067a-d38f-4e0d-a691-58a94dfe0c9b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-12\",\n \"Date_Last_Reviewed\": \"2025-03-05\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 238698,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0ee8c4d2-f5d4-4d15-ae2d-066acb7dbb9a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-18\",\n \"Date_Last_Reviewed\": \"2025-03-03\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 937381,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"109b93ae-d927-431c-b5fa-5792a87c1712\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-06\",\n \"Date_Last_Reviewed\": \"2025-01-24\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 212410,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c25204bf-a462-4445-aaf4-851ed1110adb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-19\",\n \"Date_Last_Reviewed\": \"2023-07-01\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 131958,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2668d6e5-8cdb-41a8-88a5-855d325c1906\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-14\",\n \"Date_Last_Reviewed\": \"2025-03-29\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 545119,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c65e1471-9bca-4e74-808a-789b16ff185c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-06\",\n \"Date_Last_Reviewed\": \"2024-01-31\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 217408,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1f8283d5-0073-4bca-9142-11486e2ae3c5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-01\",\n \"Date_Last_Reviewed\": \"2023-12-28\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1748065,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a804e22b-0dfc-45f2-bddd-1f8931645b8d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-20\",\n \"Date_Last_Reviewed\": \"2024-09-30\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 786098,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"3a472610-3b28-4707-8358-d7905ec0bf7d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-08\",\n \"Date_Last_Reviewed\": \"2025-03-30\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1431203,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"52254351-9300-41fe-a475-fe4edc451536\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-24\",\n \"Date_Last_Reviewed\": \"2023-11-07\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1679803,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8152a77c-aa41-4125-a09f-15331b4f6b6b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-29\",\n \"Date_Last_Reviewed\": \"2024-08-30\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 496658,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ce734712-4806-4d79-9213-e475ff85fd63\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-05-13\",\n \"Date_Last_Reviewed\": \"2024-11-16\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 788101,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"56e7a529-8c89-47c5-8e3f-7be8bfda59f8\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-15\",\n \"Date_Last_Reviewed\": \"2024-01-23\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1395144,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"5ecf13f2-d791-46dc-8c9f-378c171b87f3\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-16\",\n \"Date_Last_Reviewed\": \"2024-04-21\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 640443,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"1eb396e6-e049-4888-b015-bf2fde074348\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-22\",\n \"Date_Last_Reviewed\": \"2023-06-05\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 702820,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0cd19470-1b15-4b20-9630-e8718b046311\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-10\",\n \"Date_Last_Reviewed\": \"2024-09-24\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 387280,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6e58a838-0660-4088-b812-8dc53b92a8b6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-21\",\n \"Date_Last_Reviewed\": \"2023-10-17\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 810568,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ec2351d5-b0eb-4cc0-a84f-26e9995a4237\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-01-10\",\n \"Date_Last_Reviewed\": \"2023-07-07\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 356472,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1992b980-919a-409b-8d8b-2169cb4fb228\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-14\",\n \"Date_Last_Reviewed\": \"2024-06-23\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 700098,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9fca7acd-0b2a-4c77-975a-865be3da1690\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-01-09\",\n \"Date_Last_Reviewed\": \"2024-07-19\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1102000,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"572242f7-b0f0-415f-816d-377afc15d537\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-16\",\n \"Date_Last_Reviewed\": \"2023-05-28\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 631639,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"150a2180-31e0-4c2c-a833-6df1f475e1e2\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-22\",\n \"Date_Last_Reviewed\": \"2023-05-15\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 675101,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7d61a3d6-0fb8-41ab-b446-7c96f58e8dea\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-04\",\n \"Date_Last_Reviewed\": \"2025-04-23\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1554820,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"73909c67-6f39-4b42-b7d2-64100b5012df\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-24\",\n \"Date_Last_Reviewed\": \"2023-11-19\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, CCPA\",\n \"Loss_Estimate_USD\": 520694,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"c8548828-bef6-45f0-aec9-50415acb8e51\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-15\",\n \"Date_Last_Reviewed\": \"2023-06-07\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 179918,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"fade1e65-5161-465c-9696-9068556c3518\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-29\",\n \"Date_Last_Reviewed\": \"2024-07-05\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 839990,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"571d655e-7327-4fe9-a7ac-7fea7c77fd5f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-25\",\n \"Date_Last_Reviewed\": \"2023-07-23\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1046882,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"2b603a38-f338-4fe8-aa2d-56a195a9d467\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-01\",\n \"Date_Last_Reviewed\": \"2025-03-10\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 721476,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0ae1cffd-de75-4eae-99dd-48da45248dbb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-01\",\n \"Date_Last_Reviewed\": \"2024-08-04\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1310938,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e238cb87-1fa8-46a6-b786-45497f09f442\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-19\",\n \"Date_Last_Reviewed\": \"2023-07-19\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1898820,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"79bc456f-d596-417c-a391-df2d2267ab61\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-11\",\n \"Date_Last_Reviewed\": \"2025-05-11\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1456921,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"05ca8bef-a1d6-4871-b98b-b63910ed17c0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-04\",\n \"Date_Last_Reviewed\": \"2023-12-02\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 242180,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1ec0fe2c-4f4a-4f49-842c-aeaf29586000\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-16\",\n \"Date_Last_Reviewed\": \"2023-08-10\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 517381,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c3a54a89-7c66-4c03-ba4c-15acac5de49f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-17\",\n \"Date_Last_Reviewed\": \"2024-11-06\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1214824,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"518e381a-02a2-4cef-a6a6-5c021d10c2b4\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-07\",\n \"Date_Last_Reviewed\": \"2024-02-15\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 336152,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d291a709-21d1-4b72-ab3d-7aa050eb99e1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-05\",\n \"Date_Last_Reviewed\": \"2023-10-27\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 799328,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1bbc2c89-fa4e-4c95-a4e8-d592f5b23c06\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-20\",\n \"Date_Last_Reviewed\": \"2024-02-02\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1974558,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d4128a87-1b95-4604-99de-4f78ce98b37b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-21\",\n \"Date_Last_Reviewed\": \"2023-12-31\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1703434,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"9d7fbb8f-2945-4402-9f22-509f54e910c7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-15\",\n \"Date_Last_Reviewed\": \"2023-08-05\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1148038,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e1c200d0-4232-45c4-a997-761759de24e9\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-26\",\n \"Date_Last_Reviewed\": \"2024-05-21\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1966194,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"431d7c7f-3aab-4b50-928e-0a6574824993\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-04\",\n \"Date_Last_Reviewed\": \"2023-12-08\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1027001,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a03e2792-80ac-400f-87d6-8e1816a2c83c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-22\",\n \"Date_Last_Reviewed\": \"2025-03-22\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1918194,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ad587725-463e-463f-96f0-4b5f2bc11dc3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-13\",\n \"Date_Last_Reviewed\": \"2025-04-01\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 311398,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0252d5e6-d409-43a7-b3d8-3ce0234b097e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-16\",\n \"Date_Last_Reviewed\": \"2023-05-31\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 309525,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"500f2ff6-af24-450a-b451-97e06a6f8238\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-29\",\n \"Date_Last_Reviewed\": \"2025-04-28\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 263603,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"684c0779-1a0c-45d6-aeca-8ee29b76f71b\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-13\",\n \"Date_Last_Reviewed\": \"2025-04-04\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1708408,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"cf9d39cf-399d-4f8b-b169-29747c116ecb\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-07\",\n \"Date_Last_Reviewed\": \"2023-09-24\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 161612,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f46efc71-c59b-4f32-965e-e03d1a7fb59a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-03\",\n \"Date_Last_Reviewed\": \"2024-03-21\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1373669,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"27a67c8b-3ab8-4ae4-aeeb-268a58cd0fa8\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-06\",\n \"Date_Last_Reviewed\": \"2024-08-09\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1924038,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"506023c3-588e-492f-87c2-b2da82a0ee2e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-16\",\n \"Date_Last_Reviewed\": \"2024-12-17\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1891104,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c9ef8728-ec48-493f-83a4-5317ff13603b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-24\",\n \"Date_Last_Reviewed\": \"2023-05-31\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1549892,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"08c15576-4d55-410e-9f54-ed9d892c330f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-28\",\n \"Date_Last_Reviewed\": \"2023-06-19\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1223636,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"dc81fb89-b820-4743-a523-00c169ed93a0\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-29\",\n \"Date_Last_Reviewed\": \"2024-07-22\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 105311,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"24b6cf3f-3341-43a4-b48c-f33d10df3e6c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-14\",\n \"Date_Last_Reviewed\": \"2023-08-24\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1456424,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"2cbf5da9-31c2-4377-9f98-8ba31b77a114\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-05\",\n \"Date_Last_Reviewed\": \"2023-06-10\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 694429,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"68aaf563-f9f0-441e-bfa4-1fb304e82ad0\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-11\",\n \"Date_Last_Reviewed\": \"2023-10-31\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 235121,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ad7d7dfb-2c89-429b-b135-28e5d8dd1602\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-10\",\n \"Date_Last_Reviewed\": \"2023-10-05\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1604600,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4a6a1b87-b089-4b62-bc28-975a6b968a32\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-25\",\n \"Date_Last_Reviewed\": \"2023-11-14\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1679471,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"69be9920-fcfb-4f77-8ae1-a152b0151e17\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-16\",\n \"Date_Last_Reviewed\": \"2024-11-20\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 726743,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1806eb10-18b7-4aa0-aecf-9e3d55167cae\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-05\",\n \"Date_Last_Reviewed\": \"2024-08-13\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 793174,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e92b3ac9-2295-4a90-9b85-95a2c5e2443d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-11\",\n \"Date_Last_Reviewed\": \"2024-05-16\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 688473,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e03beabe-92e6-433c-883f-57c1ecf50e97\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-22\",\n \"Date_Last_Reviewed\": \"2024-08-11\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 526161,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0a124718-ce0c-49f2-8358-17fa251d097a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-26\",\n \"Date_Last_Reviewed\": \"2024-11-02\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 163041,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]"], "Does this affect any regulatory frameworks?": ["{\n \"Risk_ID\": \"d6ddafd4-74b2-401a-be3b-4738694e00ca\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-23\",\n \"Date_Last_Reviewed\": \"2025-02-02\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1119345,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"518045d4-5881-432a-a923-1f23e6f39365\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-08\",\n \"Date_Last_Reviewed\": \"2024-04-17\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1153475,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"9ee3d4bc-ce5b-4d76-bd89-5c3d70fdd2a4\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-30\",\n \"Date_Last_Reviewed\": \"2025-03-11\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 522366,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"9c5a1582-2903-4ba8-a57e-dc2f91a8a6c8\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-25\",\n \"Date_Last_Reviewed\": \"2024-10-28\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1518947,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"0a62c78e-8edf-4ccc-8b9f-297557bb86f8\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-05-01\",\n \"Date_Last_Reviewed\": \"2023-11-19\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1190943,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"5e75e8d4-1372-4ec0-a8af-d47839acc29b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-29\",\n \"Date_Last_Reviewed\": \"2024-09-01\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1080503,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"91f66f9e-8e68-4da4-92b9-3f0ca2fb00d6\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-22\",\n \"Date_Last_Reviewed\": \"2024-05-08\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1905744,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"6701c97d-cf7b-4ebd-b2d9-c2d063c01a10\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-17\",\n \"Date_Last_Reviewed\": \"2024-03-04\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 296899,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"e0c1c9a3-a900-4382-862a-8245633809d3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-07\",\n \"Date_Last_Reviewed\": \"2024-07-23\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1481349,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"555b17d9-aa4c-45dd-be69-8446208fbc11\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-01\",\n \"Date_Last_Reviewed\": \"2025-03-03\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1511464,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"43b208ab-667f-4d7f-8bc7-aad60a48aaf9\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-22\",\n \"Date_Last_Reviewed\": \"2023-11-29\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1416815,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"f95f3fdf-eef8-41d9-bd38-a8700cc2c979\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-01\",\n \"Date_Last_Reviewed\": \"2025-04-01\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1524911,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"396271bf-6926-418f-b3ba-ca68221f57eb\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-26\",\n \"Date_Last_Reviewed\": \"2023-07-01\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1128411,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"a5ef2022-2fef-4b14-a147-76c823e8b3c0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-25\",\n \"Date_Last_Reviewed\": \"2024-01-28\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 345944,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"0d257d01-2b52-4c5d-bd51-55c7417577b2\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-01\",\n \"Date_Last_Reviewed\": \"2025-03-09\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 389340,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"b1d785c8-f721-4cee-98e7-bfe875af1c0a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-05\",\n \"Date_Last_Reviewed\": \"2023-12-15\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1991267,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"26ebfcfe-26c9-4698-8ad1-a02a5fe2d8e2\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-04\",\n \"Date_Last_Reviewed\": \"2024-10-14\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1190993,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"a906746f-9a05-42fe-b33d-775e0da08057\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-04\",\n \"Date_Last_Reviewed\": \"2024-09-08\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1576160,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"94f8533e-3026-485a-a7b8-9e10be6a5b7a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-27\",\n \"Date_Last_Reviewed\": \"2024-02-25\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1207355,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"5c06d1c3-e815-439c-a3e8-353215ccd570\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-13\",\n \"Date_Last_Reviewed\": \"2023-06-26\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1854918,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n}", "{\n \"Risk_ID\": \"26bbd011-46d7-41cd-8995-3cd460fbcb36\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-22\",\n \"Date_Last_Reviewed\": \"2024-11-05\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 604673,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"56b83cae-881a-4eb9-8528-dc317dc810a2\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-01\",\n \"Date_Last_Reviewed\": \"2023-08-18\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1517171,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"13f0bb59-bece-4d7e-a24b-78144790ebcf\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-15\",\n \"Date_Last_Reviewed\": \"2023-05-23\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1498316,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"9d6cd9a7-1c0b-4c67-af3b-91c4d23b31a3\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-03\",\n \"Date_Last_Reviewed\": \"2023-06-20\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 858065,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"e8a098c5-0c0d-4cae-845e-d0df99501ad2\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-26\",\n \"Date_Last_Reviewed\": \"2024-02-11\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1561829,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"6544f8cc-4beb-48d3-8811-df58984a35d2\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-28\",\n \"Date_Last_Reviewed\": \"2024-08-14\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 814083,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}", "{\n \"Risk_ID\": \"689b656e-b007-4be3-8e13-d57c6af0b650\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-09\",\n \"Date_Last_Reviewed\": \"2023-06-11\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 568408,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n}", "{\n \"Risk_ID\": \"f07216c2-5a10-4c1c-9ad0-996710e5f2b4\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-08\",\n \"Date_Last_Reviewed\": \"2023-06-14\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 325604,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"32db621a-9fb1-4a17-812f-ecd9b25d1c0d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-16\",\n \"Date_Last_Reviewed\": \"2024-10-10\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1994459,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n}", "{\n \"Risk_ID\": \"13db883c-c12b-4fb7-8129-6f09eb07952d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-07\",\n \"Date_Last_Reviewed\": \"2023-10-17\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1574070,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n}"], "Group the open risks by business unit.": ["[\n {\n \"Risk_ID\": \"15761796-5d72-4f45-858a-45baebb9eb52\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-06\",\n \"Date_Last_Reviewed\": \"2024-08-19\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1309079,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"dea11efe-1b4c-4258-a945-c5258694748b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-24\",\n \"Date_Last_Reviewed\": \"2025-04-28\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1600789,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"fc2898ff-f8ee-45af-ae91-73c91ac7e4ea\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-23\",\n \"Date_Last_Reviewed\": \"2024-01-09\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 350158,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"55d974c1-7783-4daf-9a7a-794338e3e8a4\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-22\",\n \"Date_Last_Reviewed\": \"2024-11-29\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1857320,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"50e14622-4ce0-4e0e-99d5-5fc2d5a3e239\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-24\",\n \"Date_Last_Reviewed\": \"2023-07-09\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 801518,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d39c5d0f-78b4-4583-94af-f977f0077e19\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-07\",\n \"Date_Last_Reviewed\": \"2024-06-15\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 802750,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8c436d2f-9c13-4b9a-8879-e8b9d8915683\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-18\",\n \"Date_Last_Reviewed\": \"2023-06-27\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 424324,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c2305936-7d72-456e-8d67-30ba0372e630\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-08\",\n \"Date_Last_Reviewed\": \"2025-04-03\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1808811,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"869345fb-7a48-4c87-b9e2-06682a4e8eab\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-06\",\n \"Date_Last_Reviewed\": \"2023-08-09\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1291859,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"72b1d30c-f9e7-4791-8294-afaeaadd78f6\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-23\",\n \"Date_Last_Reviewed\": \"2025-01-12\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 144736,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"fd883c1b-c75b-4e29-af2b-a2ecd6c00f7e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-22\",\n \"Date_Last_Reviewed\": \"2025-03-29\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 569115,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a001db06-5075-4daf-b2cb-3dd840b8165b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-07\",\n \"Date_Last_Reviewed\": \"2024-05-10\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 200963,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7f695ad4-a6ac-4004-a045-4f0ee0ac59eb\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-11\",\n \"Date_Last_Reviewed\": \"2024-03-25\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 225817,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5cd933c7-e11b-4000-b393-8c18358c83d2\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-12\",\n \"Date_Last_Reviewed\": \"2023-06-06\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1071958,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c12f1dbd-dbf6-491c-a1ea-42d535556be5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-01\",\n \"Date_Last_Reviewed\": \"2023-12-29\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 808233,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"0a4fe39d-c4f6-483d-989c-1d5ad5db90f8\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-10\",\n \"Date_Last_Reviewed\": \"2023-10-01\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 808495,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b91f1f6b-e166-48bf-b0b8-e2bf649d03cb\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-09\",\n \"Date_Last_Reviewed\": \"2023-10-18\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 993349,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7a97e679-e425-4233-bcbf-dc9ab2ce1902\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-27\",\n \"Date_Last_Reviewed\": \"2023-06-15\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 864043,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"56ad04eb-5261-4756-b501-6ec728ff8e7c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-21\",\n \"Date_Last_Reviewed\": \"2023-05-31\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 676128,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"cba03996-d2c2-4c2e-a43b-f966b578bc3d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-28\",\n \"Date_Last_Reviewed\": \"2025-04-08\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 452265,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"9a96a33b-aaf3-4998-bd45-617dd574ec3f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-31\",\n \"Date_Last_Reviewed\": \"2024-10-28\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 788050,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"329350a0-3fcd-44dc-a656-01bc6a137634\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-27\",\n \"Date_Last_Reviewed\": \"2025-01-09\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 182009,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"11a7fd51-6788-4dda-9c7e-bc67644d3715\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-28\",\n \"Date_Last_Reviewed\": \"2024-01-25\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 818709,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e82046e8-ec11-45c7-8eb2-c5fd3406cd3e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-22\",\n \"Date_Last_Reviewed\": \"2024-02-08\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1036402,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"cb5d2c49-887a-47c9-912e-696ff0394997\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-12\",\n \"Date_Last_Reviewed\": \"2023-06-15\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 458573,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"753af941-3d86-45dd-a06c-e98f0c8fefda\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-24\",\n \"Date_Last_Reviewed\": \"2024-11-22\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1367707,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b33b0bd4-7541-4b7a-b54f-65cc242323c1\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-13\",\n \"Date_Last_Reviewed\": \"2024-11-09\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 365588,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e1d8e574-250e-4a24-b165-b7f8e58a22da\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-25\",\n \"Date_Last_Reviewed\": \"2025-04-15\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1977129,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"24383e05-f12f-4dde-825c-f44eb5c36acf\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-02\",\n \"Date_Last_Reviewed\": \"2024-11-30\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 108116,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9e76b510-7ecb-43b2-8e44-678423c1b643\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-17\",\n \"Date_Last_Reviewed\": \"2024-08-30\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1934958,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c05cc295-b7fb-47f2-b56e-f52b3a921b71\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-05-25\",\n \"Date_Last_Reviewed\": \"2023-05-20\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 704277,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e9aedd25-9d31-4cec-aaba-7a88feb8c5e8\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-21\",\n \"Date_Last_Reviewed\": \"2024-07-18\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 406446,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"23f456bb-c811-47a7-aaf7-8f97365e310d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-05-23\",\n \"Date_Last_Reviewed\": \"2024-04-18\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 189443,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"99e4e692-101a-4d1c-8f6b-e891eef91e54\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-06\",\n \"Date_Last_Reviewed\": \"2025-04-12\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1286216,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ff443fcf-4172-437d-b25b-66248fb92765\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-12\",\n \"Date_Last_Reviewed\": \"2025-02-18\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1063546,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d380c501-3d80-4bc2-92ff-18c4880eb08a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-30\",\n \"Date_Last_Reviewed\": \"2025-04-17\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 828593,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7e3552ef-3855-42c2-81cd-74def10393eb\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-01\",\n \"Date_Last_Reviewed\": \"2023-09-19\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1259185,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"d6e8fb20-5fbc-4f0f-9a8c-ce3154f8337a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-18\",\n \"Date_Last_Reviewed\": \"2023-09-09\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1493595,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a98287c7-123c-4173-82a6-d706cf188f8c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-29\",\n \"Date_Last_Reviewed\": \"2023-12-09\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1427594,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8cd47394-be6f-4ebe-97e7-7d2439e20bf5\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-18\",\n \"Date_Last_Reviewed\": \"2024-12-11\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1297258,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d58dc7f1-209d-46e5-a00f-4369504429c7\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-27\",\n \"Date_Last_Reviewed\": \"2024-06-02\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 150538,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b5cb8e8b-2909-42a9-a7cb-191721c83663\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-12\",\n \"Date_Last_Reviewed\": \"2025-04-19\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1290270,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1fe72f3d-afbd-4294-83c8-c59ea3b2c72d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-07\",\n \"Date_Last_Reviewed\": \"2025-05-05\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1514441,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"863aa10d-a588-4b06-b070-28fd52b7c597\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-15\",\n \"Date_Last_Reviewed\": \"2025-03-07\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1748239,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3191e12c-c28b-4a6c-b472-5dc80c7c08d0\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-09\",\n \"Date_Last_Reviewed\": \"2024-11-01\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1442036,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b4697459-8589-4435-90d0-5aab0274f769\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-01\",\n \"Date_Last_Reviewed\": \"2024-01-21\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1934537,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"323a9b26-cb91-465c-953e-6d8a01a67f63\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-03\",\n \"Date_Last_Reviewed\": \"2024-11-13\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1911699,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9abd90cc-2501-4263-8dce-736839e736c7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-05\",\n \"Date_Last_Reviewed\": \"2024-01-01\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1636143,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f5781c22-38b7-47aa-ae67-b5d06b9b4818\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-30\",\n \"Date_Last_Reviewed\": \"2024-01-23\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1793828,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c439ec63-5e39-49ad-8e35-3565f6d1356f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-25\",\n \"Date_Last_Reviewed\": \"2024-06-26\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1784065,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"56fc4a53-8a45-4d6e-9016-a31961fc6b1a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-24\",\n \"Date_Last_Reviewed\": \"2024-07-25\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 244101,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"3133bd47-baff-4dcd-b3f6-befc54a5d272\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-04\",\n \"Date_Last_Reviewed\": \"2023-12-07\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 541851,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8fecacda-8f7d-4174-8b48-c9772280f157\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-16\",\n \"Date_Last_Reviewed\": \"2024-02-09\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 996875,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"cce05b25-13ca-4395-9be4-5f116e7009c5\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-05-10\",\n \"Date_Last_Reviewed\": \"2024-09-02\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 387618,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b023e96e-292a-40fe-aa0f-4d21fb369555\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-25\",\n \"Date_Last_Reviewed\": \"2025-04-01\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1062504,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6895679a-47d3-4175-bd45-4bda38afaadb\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-08\",\n \"Date_Last_Reviewed\": \"2024-12-06\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1676986,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7bf0f3a1-be51-455b-b96c-24fcd77a5dc0\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-24\",\n \"Date_Last_Reviewed\": \"2024-05-04\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 612607,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"02571266-44e4-4947-9451-85d5af92b726\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-24\",\n \"Date_Last_Reviewed\": \"2023-10-05\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1317044,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"2c793ceb-5eec-41aa-a372-93fcd305ced1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-22\",\n \"Date_Last_Reviewed\": \"2025-05-02\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 634796,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5c0484c4-5deb-4e8c-8bbc-a356ff59c9e0\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-22\",\n \"Date_Last_Reviewed\": \"2025-02-10\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 854768,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7760f6e3-c4df-42f2-b8a8-a1a0b257b59b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-20\",\n \"Date_Last_Reviewed\": \"2023-07-12\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1662708,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"37bd5b61-16a4-4d67-99d5-c892127ec289\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-18\",\n \"Date_Last_Reviewed\": \"2023-11-03\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1768030,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"62a7997b-72f8-436f-b351-7c9c189c8079\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-25\",\n \"Date_Last_Reviewed\": \"2023-09-29\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1583758,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f966a312-b48c-42d9-8f74-c6463513a76a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-21\",\n \"Date_Last_Reviewed\": \"2025-02-20\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1178338,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"bb70052a-ae38-4cd4-b13e-f64f81012324\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-22\",\n \"Date_Last_Reviewed\": \"2024-07-09\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1213332,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c34a65fa-67a0-4a18-a403-3924aa0be327\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-01\",\n \"Date_Last_Reviewed\": \"2024-04-18\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 754061,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c0329433-004b-4e1e-9eda-5a5f2c709902\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-13\",\n \"Date_Last_Reviewed\": \"2024-06-18\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1751757,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9b82938a-d11a-40c1-a852-c9b81399b2d2\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-23\",\n \"Date_Last_Reviewed\": \"2024-09-24\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 461743,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"64ddb171-9498-4f31-89d5-8a70ed58f33e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-22\",\n \"Date_Last_Reviewed\": \"2023-05-16\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 489065,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5e37359a-b5a3-4676-b92f-449422fa2c4a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-25\",\n \"Date_Last_Reviewed\": \"2025-05-01\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 108867,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7b89d4ec-98df-4fc9-89e6-1dd157fcb7a9\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-05-16\",\n \"Date_Last_Reviewed\": \"2024-12-28\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1046620,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"2adc5458-ef18-4e16-9c61-10bb40929865\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-26\",\n \"Date_Last_Reviewed\": \"2023-12-26\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 958231,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"fc50e1b5-8ca5-4d39-8852-881b8dd7bb58\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-23\",\n \"Date_Last_Reviewed\": \"2024-12-14\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 450090,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"91e552ea-4d50-4691-b802-ded5de3f7787\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-08\",\n \"Date_Last_Reviewed\": \"2024-09-02\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 298741,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c063c000-df20-4419-ac52-bfcae382d77a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-30\",\n \"Date_Last_Reviewed\": \"2023-06-11\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 528572,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8d184880-d780-4506-9f31-ae9b168a4dc0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-27\",\n \"Date_Last_Reviewed\": \"2024-06-23\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 943725,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3a160d7c-afd6-4506-9d27-365e2b592d40\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-25\",\n \"Date_Last_Reviewed\": \"2024-09-06\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1441351,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"bdecc675-3c7e-4179-a828-209692b397a1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-16\",\n \"Date_Last_Reviewed\": \"2024-01-17\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1125365,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"72a70ed8-8178-48ce-ab7f-a18c51686359\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-13\",\n \"Date_Last_Reviewed\": \"2024-04-04\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 546498,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6a31f429-413d-4370-bbf1-57709c2653d9\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-14\",\n \"Date_Last_Reviewed\": \"2024-02-27\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 937036,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4526764d-f9f5-4db6-913d-2653da139db8\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-05-30\",\n \"Date_Last_Reviewed\": \"2024-05-22\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1066345,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"aff57a51-bacb-405c-9b15-d3ed00114c38\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-09\",\n \"Date_Last_Reviewed\": \"2025-01-30\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 697559,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e3a2c03a-8d75-4f5c-9410-cdcf049e295d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-29\",\n \"Date_Last_Reviewed\": \"2025-04-03\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1233114,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"38b27acc-dad4-444f-a526-c35ea7bf5480\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-18\",\n \"Date_Last_Reviewed\": \"2024-10-24\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1392919,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4fb6f768-b214-40b0-b39c-227e2bfbb450\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-10\",\n \"Date_Last_Reviewed\": \"2025-04-23\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 693641,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c6da6ece-adac-4960-a5f9-ca731ea8c8d3\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-24\",\n \"Date_Last_Reviewed\": \"2024-01-20\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1311527,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7171bcca-5a1a-4ef1-ab73-084b85ec3579\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-08\",\n \"Date_Last_Reviewed\": \"2023-07-31\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1710042,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"94515229-1718-46e7-a504-ca37f4b3504c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-16\",\n \"Date_Last_Reviewed\": \"2024-10-23\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 333366,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"264e3bfd-3796-474b-8dd8-c75d47ccccc3\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-21\",\n \"Date_Last_Reviewed\": \"2023-10-23\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 315043,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"79c163f1-ae80-4296-8a29-38d9ee1c9ab9\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-04\",\n \"Date_Last_Reviewed\": \"2023-07-22\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1608769,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"28bfdf9e-96a6-4524-95a8-128ebea8cced\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-21\",\n \"Date_Last_Reviewed\": \"2025-02-20\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1760790,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a8447070-950f-46c5-92e5-47814103da5c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-16\",\n \"Date_Last_Reviewed\": \"2023-05-30\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 929826,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c57cea51-62e8-44a0-9ba2-e39974d29dbb\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-25\",\n \"Date_Last_Reviewed\": \"2025-03-21\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 973106,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7d31c0e2-e3c7-4d58-ad89-34a4f8c17f2f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-26\",\n \"Date_Last_Reviewed\": \"2023-08-11\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1799134,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"72d325ef-a236-4dba-8074-821f28fa38b5\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-27\",\n \"Date_Last_Reviewed\": \"2025-03-20\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 460808,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"07a43115-fc41-4e51-8f11-dac36c22426a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-25\",\n \"Date_Last_Reviewed\": \"2024-11-22\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 920754,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"35bba167-8c80-42ab-b192-4f5ffe88a9e4\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-10\",\n \"Date_Last_Reviewed\": \"2025-05-13\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 909185,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"380ef017-354f-4cc0-9364-c30a6f7c6b29\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-28\",\n \"Date_Last_Reviewed\": \"2024-01-13\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1963663,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2c8500ea-e6a2-4659-9481-1c882911dc6e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-31\",\n \"Date_Last_Reviewed\": \"2023-12-03\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 233150,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"75e4731f-3cf1-4b19-85f1-29698f15e849\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-29\",\n \"Date_Last_Reviewed\": \"2023-08-12\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 185427,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"35f3f976-9029-487a-bc7a-91880da49f92\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-28\",\n \"Date_Last_Reviewed\": \"2025-04-30\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1450195,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"152737a9-4106-4700-8a43-817f3069293e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-10\",\n \"Date_Last_Reviewed\": \"2024-02-28\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1012627,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d424fb59-9a0b-49ac-a08c-f9df97081333\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-13\",\n \"Date_Last_Reviewed\": \"2024-05-07\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1682150,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"98e049a7-f2fb-4807-aa39-75374c3ace8e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-08\",\n \"Date_Last_Reviewed\": \"2024-03-04\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 595023,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"893dca43-b84f-4ad1-83f2-3a35fe582125\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-15\",\n \"Date_Last_Reviewed\": \"2023-08-31\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1648498,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a1d4c43f-a8a0-4faa-a810-8e81594ba98e\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-06\",\n \"Date_Last_Reviewed\": \"2024-12-03\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 679682,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5815acd4-d203-40db-ab12-fe05379ed2bf\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-25\",\n \"Date_Last_Reviewed\": \"2024-07-12\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1660413,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e651a372-489c-4d25-a4da-48e260b75fdb\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-28\",\n \"Date_Last_Reviewed\": \"2024-04-12\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1068237,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b557cc72-e324-47bc-8b2f-863c401b1dc7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-17\",\n \"Date_Last_Reviewed\": \"2025-03-25\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1810670,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f345b184-cfac-4e04-91b0-e2dbbcdc0c0d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-10\",\n \"Date_Last_Reviewed\": \"2023-11-22\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 106984,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"60c91989-1f90-4c89-bf82-7ad1c68608f7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-05\",\n \"Date_Last_Reviewed\": \"2024-01-25\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 174614,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"906c3d23-ce02-411a-88fd-74d131f12fa1\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-04\",\n \"Date_Last_Reviewed\": \"2024-01-01\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1973030,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2b3ee8bf-aff9-4a05-89e1-3b921e3a63d3\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-19\",\n \"Date_Last_Reviewed\": \"2025-05-02\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 343700,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"03307538-8744-4461-8f12-62c2abb365c3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-05\",\n \"Date_Last_Reviewed\": \"2024-03-04\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1184451,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ab9a1ca6-6247-4a12-8f03-80fd64bd4d99\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-12\",\n \"Date_Last_Reviewed\": \"2024-11-21\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 140109,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f88d477f-e768-4b6e-9710-dd7244b9681f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-15\",\n \"Date_Last_Reviewed\": \"2024-06-08\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 699880,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"79763b9b-252f-49df-b787-e2fb81f5ac67\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-01\",\n \"Date_Last_Reviewed\": \"2024-03-03\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 918958,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c153771f-79ba-47d0-9a96-37c5812c1e0d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-13\",\n \"Date_Last_Reviewed\": \"2023-12-09\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 166163,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"26c7da0e-1c76-43f0-b0c2-1791fb185b76\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-31\",\n \"Date_Last_Reviewed\": \"2025-04-04\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 732898,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"62c403f4-0d2d-4892-a2f8-e4ff8e1bcbe8\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-04\",\n \"Date_Last_Reviewed\": \"2024-03-26\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 354843,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"32973ca8-4492-4379-9acd-aec4b95a261b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-09\",\n \"Date_Last_Reviewed\": \"2024-04-03\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1780073,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0368f6e9-a932-4b66-a1fb-d023de4aab5a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-31\",\n \"Date_Last_Reviewed\": \"2024-05-24\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 826314,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"00cb2c5d-2c57-4036-af6c-7cdea3ea5ecb\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-28\",\n \"Date_Last_Reviewed\": \"2024-05-17\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 221521,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"0dcd2a1b-41b2-49de-b7a3-843881b0c88d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-24\",\n \"Date_Last_Reviewed\": \"2023-08-04\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1733230,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"4c494fed-8336-459f-ae4a-412ef5615409\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-04\",\n \"Date_Last_Reviewed\": \"2024-09-16\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1397840,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7c4d3079-be81-4033-80c2-2d26a5d336b6\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-05\",\n \"Date_Last_Reviewed\": \"2023-09-28\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 688976,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"19871aef-94ae-4dec-afa0-157cc620e03d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-07\",\n \"Date_Last_Reviewed\": \"2025-03-10\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1196994,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f991bcac-db32-42e5-bd62-1a14935526fe\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-18\",\n \"Date_Last_Reviewed\": \"2023-10-18\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1988562,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c0573c66-c9ec-46a7-9a9d-ec35937bc024\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-29\",\n \"Date_Last_Reviewed\": \"2023-11-28\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1640237,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"49f237f2-85ea-48f8-a5d2-6009bbaf4c2f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-03\",\n \"Date_Last_Reviewed\": \"2023-09-04\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1351106,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2e7113ae-7c3e-49ae-b736-1565099eb5ca\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-24\",\n \"Date_Last_Reviewed\": \"2024-03-25\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 777389,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"59f1efba-ec04-40e1-ab16-bb4f4668b132\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-25\",\n \"Date_Last_Reviewed\": \"2024-05-11\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1904871,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ea0f000b-5112-484d-8b08-138d4a40afd3\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-22\",\n \"Date_Last_Reviewed\": \"2023-07-29\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 501251,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b8f0509a-99f7-4bfe-8067-4a19c57fa541\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-04\",\n \"Date_Last_Reviewed\": \"2023-08-07\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1657333,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"870faf80-eb4d-49be-b65b-023de7a2eed3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-28\",\n \"Date_Last_Reviewed\": \"2024-06-20\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1663793,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]"], "What are the top compliance gaps by region?": ["[\n {\n \"Risk_ID\": \"7aefb38e-87f2-4418-854c-38b23e23cf24\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-24\",\n \"Date_Last_Reviewed\": \"2023-07-02\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1398781,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0df56d9c-46d7-4852-ba6d-ba72b59b1ea4\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-07\",\n \"Date_Last_Reviewed\": \"2025-01-29\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1658063,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"390f58cb-a42f-49dc-9c9d-44f5d6f26180\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-14\",\n \"Date_Last_Reviewed\": \"2023-11-03\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1112598,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0a9c7d1b-6818-40ca-a963-4a6574329354\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-02\",\n \"Date_Last_Reviewed\": \"2023-12-03\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1797762,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"916ba34e-2729-4f8c-8c4a-bae1e032a46a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-10\",\n \"Date_Last_Reviewed\": \"2023-11-20\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 337448,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3e5d0796-812c-4a27-92fc-00ac5934bb08\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-01\",\n \"Date_Last_Reviewed\": \"2024-03-05\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 926460,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"555f0745-68a3-444b-915c-5ac0ae2e089c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-02\",\n \"Date_Last_Reviewed\": \"2024-10-15\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1004226,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a27cf034-d8a6-4574-8210-6b11d313e3e2\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-06\",\n \"Date_Last_Reviewed\": \"2024-08-31\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1414573,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"77f3ec17-bc11-4ca8-a4d4-ad7acf2658d0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-11\",\n \"Date_Last_Reviewed\": \"2023-10-24\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1102870,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0b04b332-f0b7-4805-a989-d0d8599b9fd7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-26\",\n \"Date_Last_Reviewed\": \"2025-02-27\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 362973,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"122ba9b3-3f44-4e07-9bd2-dd09b0954969\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-13\",\n \"Date_Last_Reviewed\": \"2024-02-07\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 963802,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"29ef80e2-4a7d-48b4-afc4-b00d4ec0573c\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-08\",\n \"Date_Last_Reviewed\": \"2024-06-06\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 929938,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"776dff3d-577f-4047-917e-5c369c3e381e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-13\",\n \"Date_Last_Reviewed\": \"2024-10-29\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 472679,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c7237d87-3553-4128-aecb-89c97a43ec26\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-27\",\n \"Date_Last_Reviewed\": \"2024-02-13\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1435826,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d41f23f3-35db-487a-8fc1-9a9e6e3c2cce\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-08\",\n \"Date_Last_Reviewed\": \"2024-01-17\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1406877,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"712214af-d897-491f-a0e7-1eb7e929bb21\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-30\",\n \"Date_Last_Reviewed\": \"2025-04-14\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 115090,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4de7e978-1d1c-4fbd-b274-8ddc21b9a38b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-05\",\n \"Date_Last_Reviewed\": \"2025-04-25\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 839565,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b9ab9d37-a8b0-4b5d-8390-ae5b9fa8231a\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-30\",\n \"Date_Last_Reviewed\": \"2025-03-03\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1471701,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"44dab12d-0492-47c8-b65a-efb910058bac\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-06\",\n \"Date_Last_Reviewed\": \"2025-02-17\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1456163,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a587d3a9-6760-44cd-8633-fcbbe5e9ea5f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-06\",\n \"Date_Last_Reviewed\": \"2024-08-11\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 961045,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ee02b772-23d0-4ebb-9654-44bac67dbe30\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-09\",\n \"Date_Last_Reviewed\": \"2025-02-21\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 439449,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"72a111a4-4e65-4469-aed5-821011ba2b98\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-31\",\n \"Date_Last_Reviewed\": \"2025-05-07\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1269504,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"71f82cf9-43cc-4359-901d-533c8aae2605\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-02\",\n \"Date_Last_Reviewed\": \"2023-11-15\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1248531,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a640c80e-33f3-45d8-ad19-f76090e57bd3\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-05\",\n \"Date_Last_Reviewed\": \"2024-06-18\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 854545,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"33fb513d-00bf-43b8-b722-44e57dc4b175\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-09\",\n \"Date_Last_Reviewed\": \"2024-05-29\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 900647,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"8faebeff-79c3-4d23-a850-712bd762d5eb\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-21\",\n \"Date_Last_Reviewed\": \"2025-01-02\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1617487,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"de664a7b-3af5-45f5-b6c3-e1314a2ffd47\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-03\",\n \"Date_Last_Reviewed\": \"2024-09-15\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 436480,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"acfa86f9-285b-4f6e-8830-916399a0f0b2\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-15\",\n \"Date_Last_Reviewed\": \"2023-10-30\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1347471,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a55f7d89-1b3d-482e-bf9d-64ec9b1094ae\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-08\",\n \"Date_Last_Reviewed\": \"2025-04-19\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 151462,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1fa76753-6f2b-4e7f-b264-dfb4ad8497ca\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-06\",\n \"Date_Last_Reviewed\": \"2023-11-13\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 527336,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ef5b02a9-3c51-48fb-b892-9fb9b634e260\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-15\",\n \"Date_Last_Reviewed\": \"2023-11-07\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1313096,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"20140a38-9ffe-490a-b42e-33fcddbabe67\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-05-24\",\n \"Date_Last_Reviewed\": \"2024-05-31\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1544922,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5647a394-21ec-4813-8999-2b7ecd3b5da6\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-18\",\n \"Date_Last_Reviewed\": \"2024-06-01\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1954995,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7ae39d6a-b06d-4b85-966c-d31dde7fb2ec\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-30\",\n \"Date_Last_Reviewed\": \"2024-05-08\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 749529,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e989b6ec-0247-47fb-a089-391aa3ad93d4\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-05\",\n \"Date_Last_Reviewed\": \"2024-04-07\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 488449,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"bff04b4a-369d-4241-a8a7-0e5d22b510b9\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-26\",\n \"Date_Last_Reviewed\": \"2024-03-21\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 913921,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6793be79-c765-422a-96bd-c44a5acea900\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-10\",\n \"Date_Last_Reviewed\": \"2023-07-17\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 736320,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4a024318-dbab-4be7-b6ec-7a55dfbb50e2\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-22\",\n \"Date_Last_Reviewed\": \"2024-10-18\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1242380,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5687efd8-800b-42ff-95bb-af0f19f4ebd6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-22\",\n \"Date_Last_Reviewed\": \"2024-03-22\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1880945,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"711c2037-9665-4d07-bda9-38aa550ceb8d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-23\",\n \"Date_Last_Reviewed\": \"2024-10-28\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 585541,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"80d7d267-6951-46bd-81d1-e581add6e5e1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-07\",\n \"Date_Last_Reviewed\": \"2023-08-13\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1377051,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b3d629ff-164a-4fc0-8e47-200d276d096f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-30\",\n \"Date_Last_Reviewed\": \"2024-02-06\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1504624,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"2b6640af-0749-4065-89bf-19c5e360bd68\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-15\",\n \"Date_Last_Reviewed\": \"2024-02-07\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1288274,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"54c59b73-2dac-4a50-b7ba-a9514b9661d7\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-21\",\n \"Date_Last_Reviewed\": \"2024-08-17\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 346054,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b5dc8c76-ce31-43a2-8a78-331c3de30415\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-09\",\n \"Date_Last_Reviewed\": \"2024-01-26\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 616592,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"96d92d8d-b4eb-4864-a785-c0ad0b70f5de\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-16\",\n \"Date_Last_Reviewed\": \"2024-09-27\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1944317,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d5648b5b-bad8-4554-9b7e-4ec023f32f6f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-17\",\n \"Date_Last_Reviewed\": \"2024-05-02\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1058983,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"eadf68cd-7b1c-4878-b16a-a40a97e2cfce\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-11\",\n \"Date_Last_Reviewed\": \"2023-08-29\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1238397,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"fc085a90-a9b6-4b1a-8664-c0fbd5fa24c6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-13\",\n \"Date_Last_Reviewed\": \"2023-08-13\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1175459,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"1c10f529-224d-426c-bb04-1c58aac606ed\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-01\",\n \"Date_Last_Reviewed\": \"2024-07-08\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1486109,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"10a646ba-afb1-42bb-b4ae-d8ecc0f42e26\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-19\",\n \"Date_Last_Reviewed\": \"2024-02-18\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1970018,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"4c27548d-787f-4c4b-b594-db7c389600f8\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-21\",\n \"Date_Last_Reviewed\": \"2023-11-25\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1405349,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"529d7a8a-e8c1-46a8-9890-b1fe837f5c80\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-19\",\n \"Date_Last_Reviewed\": \"2025-01-13\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1966392,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"08b50e27-f28d-42af-91bd-1ff78e92ac55\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-14\",\n \"Date_Last_Reviewed\": \"2024-10-15\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1209225,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"cb975f67-c54d-48d2-8b46-11a4bb5f694b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-15\",\n \"Date_Last_Reviewed\": \"2023-07-23\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1501823,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d666e3c5-0901-406c-b39c-94251a6c1e96\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-25\",\n \"Date_Last_Reviewed\": \"2024-12-31\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1301480,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5545beb9-67b3-4372-9652-c545c9135cb2\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-28\",\n \"Date_Last_Reviewed\": \"2023-06-01\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1816701,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"15c4d02b-8b5c-4f86-80d1-dd6e151efb22\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-15\",\n \"Date_Last_Reviewed\": \"2023-10-27\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 323322,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"93b3ce0e-a333-4ffc-b314-9b81d289e715\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-23\",\n \"Date_Last_Reviewed\": \"2023-07-07\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 961376,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ca43abdc-9882-4823-90c0-e8c8414089c9\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-18\",\n \"Date_Last_Reviewed\": \"2025-03-04\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 361766,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5be17cf9-0fef-45fc-acd9-cbc025d43f3d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-05\",\n \"Date_Last_Reviewed\": \"2025-04-26\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1719150,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"50af6dcc-5b2d-41d1-a80e-d5d91f2c660d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-19\",\n \"Date_Last_Reviewed\": \"2025-01-18\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1197794,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1834d858-824f-4daa-abad-cc3c63af9d08\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-15\",\n \"Date_Last_Reviewed\": \"2024-08-13\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1660844,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"50785d7f-4965-4eb6-a663-7e2c5c713a76\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-20\",\n \"Date_Last_Reviewed\": \"2024-11-17\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1111437,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"3c129a5b-a0e2-44c8-a39c-0428a5308265\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-18\",\n \"Date_Last_Reviewed\": \"2024-03-30\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1637062,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"feef7d99-b90c-44dd-83df-28a77a335135\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-22\",\n \"Date_Last_Reviewed\": \"2024-09-20\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 716544,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4d21c816-0b5a-4fd4-ad3e-cad20e8f01c0\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-10\",\n \"Date_Last_Reviewed\": \"2024-08-17\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1229794,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"73f139b4-3439-4537-aa0f-92b2f10f2302\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-19\",\n \"Date_Last_Reviewed\": \"2025-04-11\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1709540,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9dd0215a-5027-4d4a-8a31-e487c45ed9b4\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-13\",\n \"Date_Last_Reviewed\": \"2023-11-19\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1893094,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c33df853-7e73-4b14-b5d3-8a80665f2f8a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-29\",\n \"Date_Last_Reviewed\": \"2024-09-11\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1198224,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d46fde4c-6cbc-4a5a-b75a-f36a7720e6fd\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-06\",\n \"Date_Last_Reviewed\": \"2023-08-26\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1231080,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"262d3741-6ca4-42af-bd40-e04d977b378a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-23\",\n \"Date_Last_Reviewed\": \"2025-05-09\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 404523,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8c89f792-1b03-4569-a429-7616fe21074d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-15\",\n \"Date_Last_Reviewed\": \"2024-10-15\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 506563,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8405587d-d0ef-4487-a669-de75ab4f34f3\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-15\",\n \"Date_Last_Reviewed\": \"2024-07-28\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1307262,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9f0bd30d-eae0-4e0c-81bb-9e05e620cb4a\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-05\",\n \"Date_Last_Reviewed\": \"2023-05-27\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1380019,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"fffacf8e-b82d-4d6f-870b-81cd3cb9af82\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-11\",\n \"Date_Last_Reviewed\": \"2023-11-25\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1321805,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"cd255dd4-0bc0-43dd-af00-fcb978dbe0f3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-10\",\n \"Date_Last_Reviewed\": \"2024-11-09\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1882698,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7934a787-1651-4f7b-bc85-f6fe67389260\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-05-04\",\n \"Date_Last_Reviewed\": \"2024-01-12\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1301606,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"db589386-8639-4f1b-9d37-744c4d7818cb\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-16\",\n \"Date_Last_Reviewed\": \"2024-08-07\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1156292,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1c2dce95-99d0-468d-9ef9-caea0d2d02a2\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-11\",\n \"Date_Last_Reviewed\": \"2024-03-08\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 213479,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"df09aac6-ef02-42d3-9089-5aa4d08f5707\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-25\",\n \"Date_Last_Reviewed\": \"2023-10-08\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1640859,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ff3a0632-8b98-494c-8993-9dfc5adb8c59\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-10\",\n \"Date_Last_Reviewed\": \"2025-02-21\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 239571,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ef841f43-a174-4b47-973a-decbf2f86782\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-12\",\n \"Date_Last_Reviewed\": \"2024-02-23\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1004552,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"37a1ba56-2194-480e-8588-a56c3c840730\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-15\",\n \"Date_Last_Reviewed\": \"2025-02-04\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1276867,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b30462b4-9b69-4d4b-ae54-370da325c1da\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-05\",\n \"Date_Last_Reviewed\": \"2024-01-03\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1905283,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0ddb1954-9a3e-4dab-bec1-a3bcb4ffd2fb\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-11\",\n \"Date_Last_Reviewed\": \"2024-06-20\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1811371,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9a66596c-5e97-4273-9b43-1f620a11e837\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-26\",\n \"Date_Last_Reviewed\": \"2024-09-15\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1662109,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f9d680dc-f4e2-46c4-a7d0-2c497648c51e\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-04\",\n \"Date_Last_Reviewed\": \"2024-02-17\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 442338,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"315867b4-2875-48b2-984f-e73c23f949d6\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-29\",\n \"Date_Last_Reviewed\": \"2024-03-07\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1026467,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b24e827e-764e-4106-8ce1-503a59ed687b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-05\",\n \"Date_Last_Reviewed\": \"2023-11-15\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1156347,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b3a34361-1364-4ee5-b828-4e68968d078d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-15\",\n \"Date_Last_Reviewed\": \"2025-02-19\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 977064,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9a00c5e5-929e-4dbd-af55-227233c98644\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-30\",\n \"Date_Last_Reviewed\": \"2023-12-24\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1527549,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c8058a0d-fc6c-4fa6-a7ea-b12b8b8e4e62\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-15\",\n \"Date_Last_Reviewed\": \"2025-03-29\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 116347,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"09f9f31b-d567-4652-b44f-241cfae32eb3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-30\",\n \"Date_Last_Reviewed\": \"2023-05-17\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 983314,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"2dbe07f6-9dad-4adb-aa05-8cc18377eae6\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-26\",\n \"Date_Last_Reviewed\": \"2024-08-20\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1793189,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"047a11f3-e917-4c24-907c-bff03bfed910\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-07\",\n \"Date_Last_Reviewed\": \"2024-08-17\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 974831,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"87ec7579-75be-4edc-b958-38de865ac750\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-29\",\n \"Date_Last_Reviewed\": \"2023-05-21\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1690297,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8f1e2238-da5f-49ba-a26a-ac8171b661f4\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-13\",\n \"Date_Last_Reviewed\": \"2023-05-31\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 165421,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"0910407e-1481-4e1f-89eb-7b2debc9df51\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-07\",\n \"Date_Last_Reviewed\": \"2025-03-20\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 934262,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ce09059e-31bc-4e0f-9d64-577ad1765cec\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-07\",\n \"Date_Last_Reviewed\": \"2024-10-12\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 487899,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"4716be8e-0fcf-479f-8af5-dccfc43bcba6\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-31\",\n \"Date_Last_Reviewed\": \"2024-03-17\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1267123,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2a65d512-51a4-4a2a-8505-1650788f8446\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-28\",\n \"Date_Last_Reviewed\": \"2024-10-30\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 178980,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"554e2ca7-4666-477d-b289-0b825fc98272\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-30\",\n \"Date_Last_Reviewed\": \"2024-11-17\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1314783,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0157c6cf-f10f-44ca-a8fe-87bf64bf5fc9\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-20\",\n \"Date_Last_Reviewed\": \"2025-01-31\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1573645,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ec2e8914-ecd4-45cd-95a9-e85bc88f349d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-25\",\n \"Date_Last_Reviewed\": \"2023-10-31\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 724181,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"bd871c12-ceb0-44f4-be3c-7ebda98d7da3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-02\",\n \"Date_Last_Reviewed\": \"2023-07-04\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1496432,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"e715941b-09ad-41ad-9be0-b3c4e4c7e4bc\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-07\",\n \"Date_Last_Reviewed\": \"2025-04-10\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 369906,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e0a6aadc-568e-4f82-b512-686b8b87210f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-10\",\n \"Date_Last_Reviewed\": \"2023-10-03\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 469483,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c91723b9-943e-4d76-b5ce-f5b323539b70\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-05\",\n \"Date_Last_Reviewed\": \"2024-10-19\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 712154,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"350bbb75-7c26-438e-bead-87c3ce8b1e0f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-10\",\n \"Date_Last_Reviewed\": \"2024-03-06\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 100973,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d81256ef-e836-44d7-9765-4f03c4e4a025\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-24\",\n \"Date_Last_Reviewed\": \"2024-08-12\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1754515,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"4accb565-5d04-4b58-afab-6ee560d5d940\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-29\",\n \"Date_Last_Reviewed\": \"2023-09-10\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1073535,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e0e2150a-c4ac-4e21-ae98-b09ed47e846f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-27\",\n \"Date_Last_Reviewed\": \"2024-02-18\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 752887,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5dd8f0ea-1de4-4cbd-a9e1-e5d773c91b0d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-21\",\n \"Date_Last_Reviewed\": \"2024-09-24\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 413011,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ac0c52d8-c06c-4346-9ece-26b1edc6ef36\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-21\",\n \"Date_Last_Reviewed\": \"2024-06-25\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1317168,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f40b03fd-d585-4b6f-acd7-60182ab44ede\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-14\",\n \"Date_Last_Reviewed\": \"2025-01-10\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1872401,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6c6a0031-8cf5-40b5-b60f-94349ccd320a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-04\",\n \"Date_Last_Reviewed\": \"2025-02-23\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1676352,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"4af9d8a1-f68b-40f6-8306-fa364a1edbb4\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-06\",\n \"Date_Last_Reviewed\": \"2023-05-17\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 811064,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"95ab307c-14d4-40dc-bf6b-5b5f2fd89934\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-07\",\n \"Date_Last_Reviewed\": \"2023-09-10\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 274684,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"86819cc3-274d-4553-bdee-2c5ea798836b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-17\",\n \"Date_Last_Reviewed\": \"2025-04-07\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1376560,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"bd4e29b4-d7ba-4f71-a445-f652018e584a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-10\",\n \"Date_Last_Reviewed\": \"2023-09-20\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 497044,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"13ede6c2-c441-420d-85a1-343d5fc661e0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-03\",\n \"Date_Last_Reviewed\": \"2025-01-12\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1658998,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9d307f9f-5547-49a8-981a-702b710f52e0\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-01\",\n \"Date_Last_Reviewed\": \"2025-02-18\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 502039,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9efc9aca-dacc-4720-9ea2-2c2ecc5a06e9\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-25\",\n \"Date_Last_Reviewed\": \"2025-04-30\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 208467,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a9d25e20-2ffc-4748-9c47-18f1b03cc58d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-13\",\n \"Date_Last_Reviewed\": \"2025-04-19\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1244935,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"93dfd14e-0d00-4564-abb5-8708fd3ef91a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-14\",\n \"Date_Last_Reviewed\": \"2024-06-15\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 582851,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"097bf25b-2160-4a3d-8ded-0f3c1c385fed\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-21\",\n \"Date_Last_Reviewed\": \"2025-04-11\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 441425,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"70c5cfe4-a4ee-40ab-9db8-111e1182cc3d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-28\",\n \"Date_Last_Reviewed\": \"2023-08-17\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 894495,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a8461087-14fc-4c0f-8d3d-09c08c2436df\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-15\",\n \"Date_Last_Reviewed\": \"2023-05-24\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 646961,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1625557b-7aa8-4fbe-a8a5-e4ad0cbccdcd\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-03\",\n \"Date_Last_Reviewed\": \"2024-11-17\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 339184,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f08d7c08-9977-4da6-bf60-79b00721b91c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-31\",\n \"Date_Last_Reviewed\": \"2024-02-17\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 946882,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"7ccd4de3-dfdf-48d0-8fda-d70f998cbb31\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-03\",\n \"Date_Last_Reviewed\": \"2025-01-09\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1285737,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"75d26092-8187-4043-9516-ce7b8943600e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-10\",\n \"Date_Last_Reviewed\": \"2024-01-14\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1248500,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"1a397b5e-cfa3-425b-af81-4e3da0265aae\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-18\",\n \"Date_Last_Reviewed\": \"2025-02-08\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 226336,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b1610cc6-a2e6-42b5-84c9-bbd32c2ccffd\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-15\",\n \"Date_Last_Reviewed\": \"2023-09-14\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1864439,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d55b2e9a-7c9c-43c8-a507-9fee251d539a\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-21\",\n \"Date_Last_Reviewed\": \"2023-08-10\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 661763,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"19eb1687-26bc-4b5a-bc76-68710e55f79b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-12\",\n \"Date_Last_Reviewed\": \"2023-09-10\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 100169,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ad45dc03-cac0-44f0-ba43-356ee38c3177\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-12\",\n \"Date_Last_Reviewed\": \"2024-08-01\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 775339,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"cf01c6b8-ed8d-43f7-9d0c-3d4f91e72ba0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-03\",\n \"Date_Last_Reviewed\": \"2025-03-08\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1186991,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b0b9eb60-eab3-4ce1-ba12-bab7b56bdeb3\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-12\",\n \"Date_Last_Reviewed\": \"2024-03-25\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 536849,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"35c2fa40-da0a-417e-b7fe-85e3f090ce84\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-14\",\n \"Date_Last_Reviewed\": \"2024-08-06\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1102897,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3cc6b60d-ac31-46b6-93f7-980a6d8f61ed\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-03\",\n \"Date_Last_Reviewed\": \"2023-11-17\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1648839,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4147320a-ae7c-4718-9cf5-152551eb844a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-15\",\n \"Date_Last_Reviewed\": \"2024-04-15\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1152761,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e27b9408-89f7-4f91-b5f0-3a4e2a4a353a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-22\",\n \"Date_Last_Reviewed\": \"2024-11-12\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 663701,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"201edf87-b1f6-44ce-a067-a8d33924cc28\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-17\",\n \"Date_Last_Reviewed\": \"2025-02-21\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 220791,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"76898842-2b6b-4243-bb87-482ee88d3d0c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-03\",\n \"Date_Last_Reviewed\": \"2024-12-10\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1573053,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"346af865-823d-41bb-8ce8-b1b842eba550\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-22\",\n \"Date_Last_Reviewed\": \"2023-12-18\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 222776,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"85a6aea3-d696-4216-997a-2a21c5935da3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-17\",\n \"Date_Last_Reviewed\": \"2023-10-16\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1994743,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"215c3ba6-0cb9-4ce6-9b9f-03ca6d268a1c\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-16\",\n \"Date_Last_Reviewed\": \"2024-02-11\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 739812,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f23f9dd2-1a2b-485f-a499-b6e9b98fd518\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-16\",\n \"Date_Last_Reviewed\": \"2025-04-20\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1242372,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"209560d4-1d9a-42f0-8d74-0d39b20a83fe\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-20\",\n \"Date_Last_Reviewed\": \"2023-07-21\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1435925,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3fc60ccc-3450-4265-90c6-5270e2f53535\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-02\",\n \"Date_Last_Reviewed\": \"2025-03-22\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 644348,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"af1a4a88-f9da-44ba-95e9-b0b5a2b5b0a7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-18\",\n \"Date_Last_Reviewed\": \"2023-08-28\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 256453,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9104df66-ccae-46c3-bc48-eb3017275267\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-26\",\n \"Date_Last_Reviewed\": \"2023-12-07\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1672350,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"79d15870-d4c1-4139-974b-a633c264c1f0\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-08\",\n \"Date_Last_Reviewed\": \"2024-06-29\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1817914,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8250709c-2602-4b2e-83de-9116a098eb51\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-28\",\n \"Date_Last_Reviewed\": \"2023-06-28\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1590001,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a09399e0-ccac-4da8-8978-95650af37dc4\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-08\",\n \"Date_Last_Reviewed\": \"2024-09-02\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 194380,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"5cbefdf9-b6f8-4c45-9fe6-42e3b38eff3a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-13\",\n \"Date_Last_Reviewed\": \"2023-06-02\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 480201,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f5459c2c-ed10-4da5-8d80-994f273a1ce7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-11\",\n \"Date_Last_Reviewed\": \"2023-07-06\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 980569,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6030c184-f610-4538-b4af-4df08a94ea6a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-29\",\n \"Date_Last_Reviewed\": \"2024-01-29\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1214787,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8aecb59f-0198-4e28-bf2f-ad26b57a1141\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-19\",\n \"Date_Last_Reviewed\": \"2024-06-27\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1338501,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2cc6d9d7-cc65-434c-8cba-cf3270c3a947\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-22\",\n \"Date_Last_Reviewed\": \"2023-05-17\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1866340,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"56b627d0-862c-4a98-abbf-835d66e4ca1b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-22\",\n \"Date_Last_Reviewed\": \"2024-09-05\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 693982,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"f447a2e3-8ff6-4b85-85d5-7e57eec6ec68\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-03\",\n \"Date_Last_Reviewed\": \"2024-06-03\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 765654,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"694cfcab-65fd-40be-96af-eeeb1a173908\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-04\",\n \"Date_Last_Reviewed\": \"2024-11-18\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 385407,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"0e5d383f-9ffe-4f10-a6a1-367155b6c345\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-31\",\n \"Date_Last_Reviewed\": \"2024-03-21\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1565710,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f5339241-84bb-4a2c-8f43-37e8f0e7dd06\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-01\",\n \"Date_Last_Reviewed\": \"2024-05-01\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1146163,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7c33e70c-8a23-4871-9617-7e8d0d9e36d1\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-20\",\n \"Date_Last_Reviewed\": \"2024-04-17\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 133911,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4e19f5df-1e30-4219-9881-a590efacd208\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-09\",\n \"Date_Last_Reviewed\": \"2023-06-22\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 729384,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"13a3605c-8975-459b-a10c-218d4a4e6255\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-25\",\n \"Date_Last_Reviewed\": \"2024-08-19\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1601081,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"fe16a118-17d9-4632-b6e9-e7c3afe43eb8\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-14\",\n \"Date_Last_Reviewed\": \"2024-06-07\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1033479,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"66061920-9b03-40ea-9056-b0846bdda5c7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-07\",\n \"Date_Last_Reviewed\": \"2024-06-21\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 926218,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"3778effc-9df2-4ecf-9c02-069cc70a309e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-27\",\n \"Date_Last_Reviewed\": \"2023-11-06\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 745211,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"bdbb7fff-3820-453b-ad3b-608bfedebe38\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-02\",\n \"Date_Last_Reviewed\": \"2023-09-20\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 674637,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e6659355-8592-4afd-b995-4b93323680d2\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-30\",\n \"Date_Last_Reviewed\": \"2023-07-04\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 260198,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6c0648a6-b7e5-46e1-871b-4783e299ee6c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-27\",\n \"Date_Last_Reviewed\": \"2024-03-31\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1836536,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a292f02d-471a-4d15-a2be-2238f60afaed\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-24\",\n \"Date_Last_Reviewed\": \"2024-05-13\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 936276,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7bb1c250-1655-440e-93ca-df3f8f9aa1e7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-21\",\n \"Date_Last_Reviewed\": \"2024-08-26\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1709566,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e879f1aa-00d1-4da9-aa38-06f8edf88921\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-30\",\n \"Date_Last_Reviewed\": \"2025-03-26\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1727906,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"3fe4eaff-f756-48bd-b4d7-730a40ea7381\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-02\",\n \"Date_Last_Reviewed\": \"2024-05-13\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1342295,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9866f029-cbb1-4ff9-8e18-efa712ff3074\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-10\",\n \"Date_Last_Reviewed\": \"2025-04-02\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 266776,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e0f36342-e27e-416b-af75-97dc848affa8\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-23\",\n \"Date_Last_Reviewed\": \"2024-11-17\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 259189,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1ed48e98-3604-49b6-8eed-bf61682aceb7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-12\",\n \"Date_Last_Reviewed\": \"2024-07-05\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1964302,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5f8ba538-0b4e-4fe2-b557-afea2aa17e98\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-05\",\n \"Date_Last_Reviewed\": \"2025-02-28\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 897153,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"57ff5512-8988-4eda-b906-87eb7a2fb8a1\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-24\",\n \"Date_Last_Reviewed\": \"2023-12-26\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1016611,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"086d445e-b442-486b-ad5c-22b809e54809\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-11\",\n \"Date_Last_Reviewed\": \"2023-08-21\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 435251,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7e59be89-12e0-4f70-b513-5c6d1c0086bb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-29\",\n \"Date_Last_Reviewed\": \"2025-03-25\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1284626,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"a7fda25f-6960-4d3b-bc95-5ac7c347e1ca\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-08\",\n \"Date_Last_Reviewed\": \"2024-09-22\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 118811,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d065176a-7833-42c7-a196-87dfb4a5deb5\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-11\",\n \"Date_Last_Reviewed\": \"2024-03-17\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1607726,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"2a579a1c-a4c5-4020-9b2a-bf8f8594811e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-02\",\n \"Date_Last_Reviewed\": \"2024-08-16\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 961472,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"57e6a3ee-6550-4da5-949b-09a6d03fab0c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-27\",\n \"Date_Last_Reviewed\": \"2024-03-14\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1443189,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"22b14115-12b8-44cd-b4d7-6142a2a72e0f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-01-29\",\n \"Date_Last_Reviewed\": \"2023-08-26\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1929366,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5b85e55d-cd4b-49ad-8a24-ad4623fa18c8\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-19\",\n \"Date_Last_Reviewed\": \"2025-01-08\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 585337,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7c77355d-81c8-457c-b06a-245bbfa8af57\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-26\",\n \"Date_Last_Reviewed\": \"2023-06-26\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1389266,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"77a51e94-3ed6-40ba-924d-b932a5d12fe5\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-13\",\n \"Date_Last_Reviewed\": \"2025-03-10\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1989932,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b04c9897-5aa8-43d6-bf09-4697c17768c9\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-05-18\",\n \"Date_Last_Reviewed\": \"2025-03-16\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 372508,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9fbb2bae-909b-4dfc-9c27-0c142851fd2a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-06\",\n \"Date_Last_Reviewed\": \"2023-09-12\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 203795,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8e063ca5-9453-403d-b84f-0b1ce71db857\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-26\",\n \"Date_Last_Reviewed\": \"2023-10-13\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 431833,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0dcd47d7-a716-45a5-ae27-610def9e9866\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-27\",\n \"Date_Last_Reviewed\": \"2024-09-18\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 773395,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"3c66f8a4-5152-4a13-8b47-f30d6a75d512\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-03\",\n \"Date_Last_Reviewed\": \"2024-07-06\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 994834,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f2a39b8a-af43-4a6e-bc1c-0faac2de61dc\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-01\",\n \"Date_Last_Reviewed\": \"2023-10-29\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1750746,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"301380ea-6d9e-49da-80f0-f5dee509a1d7\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-17\",\n \"Date_Last_Reviewed\": \"2024-12-27\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1755378,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"515aeefa-60ca-43c0-a700-4426712c4f6e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-05\",\n \"Date_Last_Reviewed\": \"2023-08-26\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1359595,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6f9e6c33-8c6a-4cd1-a5be-32730c2b0d9b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-12\",\n \"Date_Last_Reviewed\": \"2024-08-02\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 600699,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ca549c8e-f04c-46b7-97f5-44ea48969de9\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-26\",\n \"Date_Last_Reviewed\": \"2024-03-11\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1236065,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3e6737fb-3711-4f7b-9bf1-23a78769e291\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-03\",\n \"Date_Last_Reviewed\": \"2024-01-13\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1597068,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"62a9ba75-3044-4e1d-a2f1-69ed1b899a6f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-19\",\n \"Date_Last_Reviewed\": \"2024-07-27\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 347805,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"79aceea3-9379-4bb0-b4ce-ae02b02b8d2a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-22\",\n \"Date_Last_Reviewed\": \"2024-09-06\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1098741,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"96901711-a529-4601-8fac-00d94ca9864a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-10\",\n \"Date_Last_Reviewed\": \"2025-04-17\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 421740,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2109f853-4c5e-4a5b-a2f1-df4c5b9070ed\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-07\",\n \"Date_Last_Reviewed\": \"2025-04-28\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 952034,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"373bdc58-b51e-480d-9d59-04d58fdb0329\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-24\",\n \"Date_Last_Reviewed\": \"2024-01-23\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 203475,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"adcea8d7-b325-498c-a5c5-d85a6ee79a76\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-05-08\",\n \"Date_Last_Reviewed\": \"2023-08-17\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1660585,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e8cc39b8-fbb2-4abf-b223-f47ba44dba06\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-19\",\n \"Date_Last_Reviewed\": \"2024-06-17\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 729469,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8780a5af-af03-4c2f-8bed-d8536413d268\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-10\",\n \"Date_Last_Reviewed\": \"2024-02-10\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 357633,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d2e67ce6-42d7-4605-8da0-63dc1751e662\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-25\",\n \"Date_Last_Reviewed\": \"2023-05-25\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1838012,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"72034fea-3196-468d-8a80-11d02954c85a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-21\",\n \"Date_Last_Reviewed\": \"2024-06-02\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 378933,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"91ef7052-58ed-4d2a-9683-b22db73f42f0\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-11\",\n \"Date_Last_Reviewed\": \"2025-04-24\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1584978,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"16dabd35-9cf6-4caf-8f50-1133cfed23d9\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-14\",\n \"Date_Last_Reviewed\": \"2024-10-26\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1445345,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"88115fc2-b5bb-474f-9645-056448dc7f34\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-08\",\n \"Date_Last_Reviewed\": \"2024-12-23\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 683096,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"0608e2a6-00ff-4738-b958-70ab2e8593b2\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-13\",\n \"Date_Last_Reviewed\": \"2025-01-20\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 163127,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7518872b-3068-4d73-b3aa-0a78888b3b3f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-07\",\n \"Date_Last_Reviewed\": \"2024-04-24\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1946818,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"cbaedaba-542f-4e9f-be84-f14822c53e27\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-02\",\n \"Date_Last_Reviewed\": \"2023-12-03\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1164679,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"cb16f4c5-2a4b-4c09-961d-c1db96307776\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-09\",\n \"Date_Last_Reviewed\": \"2024-02-17\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 305409,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0d776a56-e9a2-4363-87cc-d3e26f22ef2d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-05-28\",\n \"Date_Last_Reviewed\": \"2024-12-27\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1264648,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f86eeb1a-8363-4a35-9165-6a2912a6e689\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-08\",\n \"Date_Last_Reviewed\": \"2023-10-12\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1616314,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4d2a0fb8-d1c9-45db-ac0f-bfabf48ddba8\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-27\",\n \"Date_Last_Reviewed\": \"2024-10-03\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 321414,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"45cf0484-5cf9-4c22-a51a-7b3a644e1afd\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-16\",\n \"Date_Last_Reviewed\": \"2024-07-13\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 590086,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"5f437427-7455-4a05-a1ac-4980c79d86b0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-11\",\n \"Date_Last_Reviewed\": \"2024-06-10\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 301499,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"38b0d855-cdbc-4043-acb5-7a1ab58b32c3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-14\",\n \"Date_Last_Reviewed\": \"2023-12-30\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 538914,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"65227977-6f09-4052-a103-43162c0ec291\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-20\",\n \"Date_Last_Reviewed\": \"2025-02-14\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 809155,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5bdfa266-c4cc-4a41-94fc-c1bd3d0a85bb\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-25\",\n \"Date_Last_Reviewed\": \"2024-10-06\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1620067,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"15cb3d15-5bc6-4a3d-a3c3-cbfd221bac62\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-06\",\n \"Date_Last_Reviewed\": \"2023-10-21\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 853877,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"26880e05-6a4a-4659-b65a-7307e98ef522\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-30\",\n \"Date_Last_Reviewed\": \"2023-10-09\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 468498,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"2737b757-f576-4b72-8edf-1ca4aee41669\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-18\",\n \"Date_Last_Reviewed\": \"2023-12-09\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 448270,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7adfe614-7fee-4b15-84d0-f650e05bc78f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-26\",\n \"Date_Last_Reviewed\": \"2024-06-23\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 711897,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"74dc0b31-32ef-4f64-88cb-8fcee70da411\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-13\",\n \"Date_Last_Reviewed\": \"2024-09-07\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1243455,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5e675ad7-4d5d-4180-a095-7d570ef00b7c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-10\",\n \"Date_Last_Reviewed\": \"2023-11-06\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1521764,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d83a52c8-5a54-4c83-8d3d-5811b40e52f4\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-14\",\n \"Date_Last_Reviewed\": \"2024-06-13\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1509093,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"64819f08-be76-4959-b6fb-71dbc6690052\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-07\",\n \"Date_Last_Reviewed\": \"2024-01-15\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 884934,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"52e3abc9-dd05-482f-87e2-b47498673cdf\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-10\",\n \"Date_Last_Reviewed\": \"2024-05-06\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 140566,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c3a5f5c0-6001-4728-9af7-99e1855a983f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-18\",\n \"Date_Last_Reviewed\": \"2023-12-12\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1322127,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2c77dac8-3380-4e42-ba02-03152d13348c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-18\",\n \"Date_Last_Reviewed\": \"2025-01-10\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1041531,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2262da5e-6e80-4239-be51-8a5f033a68ff\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-25\",\n \"Date_Last_Reviewed\": \"2024-03-19\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1640056,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a114545b-cdf0-4bbc-9187-53d4e6b000d0\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-22\",\n \"Date_Last_Reviewed\": \"2024-12-31\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1446912,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6a1a48d0-e528-453d-851b-72863d73761c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-02\",\n \"Date_Last_Reviewed\": \"2023-09-22\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1929930,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"71cffb58-6f97-4499-801c-47038900d92e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-04\",\n \"Date_Last_Reviewed\": \"2024-03-16\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 696238,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4846e5ab-759d-45c8-aef3-27e02d6347e2\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-23\",\n \"Date_Last_Reviewed\": \"2024-12-26\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 329787,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"cca90d33-e245-43b7-be41-937d1c2b02c7\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-09\",\n \"Date_Last_Reviewed\": \"2024-12-04\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1403932,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"26883b2f-a289-4d84-8b4d-0cde6ffae56f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-13\",\n \"Date_Last_Reviewed\": \"2024-10-26\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 693718,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6807a335-9ef6-42f7-95bb-e4754b381889\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-03\",\n \"Date_Last_Reviewed\": \"2024-08-05\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 512162,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"097ae887-914e-406d-978e-b35ea7a5b011\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-11\",\n \"Date_Last_Reviewed\": \"2023-10-10\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1867564,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"cecaec9b-fe0e-46db-912c-1574dd76f1ba\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-24\",\n \"Date_Last_Reviewed\": \"2024-08-17\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 173677,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"02533d78-64b9-46b5-85b4-297fe6b5dae9\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-19\",\n \"Date_Last_Reviewed\": \"2023-11-23\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 492587,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8c162cff-5586-4b96-9437-febcf63ddf4f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-16\",\n \"Date_Last_Reviewed\": \"2024-02-01\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 924758,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d9183d2e-496b-4f77-af80-1a1b884eecf9\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-13\",\n \"Date_Last_Reviewed\": \"2023-09-07\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 325349,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7ca079d3-f382-4bc7-b2f9-f6dbd6ed982a\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-07\",\n \"Date_Last_Reviewed\": \"2024-03-08\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 148580,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0c5770b9-a597-4b75-b178-88bfa3308ce2\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-22\",\n \"Date_Last_Reviewed\": \"2023-06-10\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 267755,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]"], "Which departments are responsible for the most risks?": ["[\n {\n \"Risk_ID\": \"5de844fe-5d54-4e7d-a9cb-74f15937a3c4\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-05\",\n \"Date_Last_Reviewed\": \"2024-08-30\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1266584,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"980a2598-3618-44de-84a7-89b2acfb3d9f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-08\",\n \"Date_Last_Reviewed\": \"2024-05-03\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 842253,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"3a34fa53-e949-429b-8897-697343147ee0\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-08\",\n \"Date_Last_Reviewed\": \"2023-09-14\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 293233,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b92588bb-83fe-48e5-a080-1eacc5c24553\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-25\",\n \"Date_Last_Reviewed\": \"2024-11-07\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 640139,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"65a76b85-8e22-4433-8b5a-1cb455774073\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-24\",\n \"Date_Last_Reviewed\": \"2023-07-20\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1032495,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3231fd1d-05bf-42ec-a5c3-68040515abf6\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-23\",\n \"Date_Last_Reviewed\": \"2023-08-08\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 772286,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"96da8ca4-a5af-45e6-941b-568530e86f30\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-19\",\n \"Date_Last_Reviewed\": \"2023-09-21\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 258481,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1eb91532-05ef-429c-93ac-18f97e1446e3\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-01\",\n \"Date_Last_Reviewed\": \"2024-05-17\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 172175,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9179eec1-c602-4c72-a316-d518850f562a\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-12\",\n \"Date_Last_Reviewed\": \"2023-06-18\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1566241,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"31aad0ec-36d5-4032-a87b-65e6851bec87\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-16\",\n \"Date_Last_Reviewed\": \"2024-01-23\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1520158,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7e8ec50f-7e60-461e-a45b-fc339a793061\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-20\",\n \"Date_Last_Reviewed\": \"2023-10-15\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1511853,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"07ba2e8c-1bec-49cc-8545-36c07c674601\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-27\",\n \"Date_Last_Reviewed\": \"2025-05-06\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 871404,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"de2fea6b-478b-4a70-89eb-729990f84dfc\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-10\",\n \"Date_Last_Reviewed\": \"2024-09-16\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1105678,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"82e2af0f-0a08-46cf-ac41-6742b0f76375\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-23\",\n \"Date_Last_Reviewed\": \"2024-08-16\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1405184,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"427198bd-0174-4819-b014-aa53e8d819c0\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-15\",\n \"Date_Last_Reviewed\": \"2024-03-26\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1250001,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"573a828f-679b-411c-9132-8b6021a3cb12\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-18\",\n \"Date_Last_Reviewed\": \"2024-08-19\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 316803,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9f177347-ec26-4ae4-b1c2-6319d46c60e2\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-03\",\n \"Date_Last_Reviewed\": \"2024-06-02\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 623050,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b591d7ad-4d53-4eab-b911-c9d8cc358da4\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-22\",\n \"Date_Last_Reviewed\": \"2023-07-27\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1721826,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"94cf3eb9-0403-4bd9-accf-2a6fec84750b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-02\",\n \"Date_Last_Reviewed\": \"2024-12-20\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1883831,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"82db0d45-b2ed-4a41-be0a-5e2693ad3f7f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-31\",\n \"Date_Last_Reviewed\": \"2025-02-08\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 408350,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3cf4475d-ebb7-4fb8-854b-dd3083483de7\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-31\",\n \"Date_Last_Reviewed\": \"2024-08-14\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 566704,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ecba7c4e-04d1-4a4f-b1a9-623b4d71d80e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-21\",\n \"Date_Last_Reviewed\": \"2023-05-28\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1887225,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a2b269da-b34f-4a12-a8ed-9565f6cd086a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-11\",\n \"Date_Last_Reviewed\": \"2024-02-14\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1639777,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"649fb5c4-61e4-4478-9bb1-74946893888d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-31\",\n \"Date_Last_Reviewed\": \"2024-09-25\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1624137,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"513a201f-2aed-4c0a-b457-1a892cd91d63\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-04\",\n \"Date_Last_Reviewed\": \"2023-12-01\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 606666,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"11abf6df-652d-49ed-8d49-28f8e2a3c9c9\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-26\",\n \"Date_Last_Reviewed\": \"2025-02-24\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 158012,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"5ef7ca1e-2907-4b4a-8aae-a4b2ff1a9d71\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-25\",\n \"Date_Last_Reviewed\": \"2024-11-14\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 807246,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"98c21544-f270-4166-b38e-2beacbd0db68\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-13\",\n \"Date_Last_Reviewed\": \"2025-01-26\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 740174,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6cc706d7-03e5-48aa-8739-bcd3959565c0\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-03\",\n \"Date_Last_Reviewed\": \"2024-08-28\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1607293,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"dad655fc-28a8-41c3-9b19-e39313efa5f9\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-30\",\n \"Date_Last_Reviewed\": \"2025-01-09\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1472290,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e36e6dfc-9746-4058-b261-3fed296dc5a2\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-08\",\n \"Date_Last_Reviewed\": \"2025-04-08\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 856125,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"2fdad978-d5d2-4f8f-a795-8a62f5833056\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-06\",\n \"Date_Last_Reviewed\": \"2024-02-07\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 165544,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"39cade57-0012-4df7-baff-42efe685e87a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-06\",\n \"Date_Last_Reviewed\": \"2024-12-11\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1454990,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"c4495043-b6f8-4eae-afd8-83f16d0486fc\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-18\",\n \"Date_Last_Reviewed\": \"2024-10-13\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 269324,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"52a8e5ba-7d0d-42eb-a913-f462b28a3c11\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-06\",\n \"Date_Last_Reviewed\": \"2024-01-13\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1890762,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9b808a50-58f9-422b-b7a5-61a8b7683fc9\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-29\",\n \"Date_Last_Reviewed\": \"2025-04-07\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1785144,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ee7b730e-1fec-4400-b199-031ec04d48ec\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-29\",\n \"Date_Last_Reviewed\": \"2024-02-17\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1253028,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"65162901-abbc-4d78-ba78-91f73d1b580e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-09\",\n \"Date_Last_Reviewed\": \"2024-07-08\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 277016,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0e6f66c1-28b3-4653-bf87-fe604327b986\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-02\",\n \"Date_Last_Reviewed\": \"2024-11-30\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1578673,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c95ed78a-fce5-4312-a223-f91a385c2036\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-01\",\n \"Date_Last_Reviewed\": \"2023-12-29\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1639724,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d7b0aa9b-6a76-4d3a-9fdc-b3d2d28873e0\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-22\",\n \"Date_Last_Reviewed\": \"2024-06-25\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1629546,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f00be9f7-9044-4d56-a315-df5fff86a395\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-16\",\n \"Date_Last_Reviewed\": \"2024-09-24\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1348927,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7ef02466-7c83-4e9b-ba34-9912242a8f93\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-04\",\n \"Date_Last_Reviewed\": \"2023-07-18\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1918739,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0eb0995e-c17e-4aea-b803-14347746c87f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-11\",\n \"Date_Last_Reviewed\": \"2023-07-05\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1732264,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6f2b05dd-d51c-48c3-9f36-cc1c5b1b2133\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-14\",\n \"Date_Last_Reviewed\": \"2024-10-27\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1470777,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c1043f03-989a-4dfc-ab22-d5b572295778\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-25\",\n \"Date_Last_Reviewed\": \"2024-01-07\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1984422,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"c60b70a7-26f1-4e0f-80ae-c72440c92d87\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-15\",\n \"Date_Last_Reviewed\": \"2025-03-10\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1380351,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5806fee0-0fd7-4106-bd53-b58322daa042\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-02\",\n \"Date_Last_Reviewed\": \"2023-10-02\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 291529,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"cb6f209e-2f5f-43f8-bf63-c9ea746a392e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-02\",\n \"Date_Last_Reviewed\": \"2024-07-27\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 797327,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ff828caf-bbaa-43e2-bad5-4c7eb53fed93\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-04\",\n \"Date_Last_Reviewed\": \"2024-09-14\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1972536,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"45ed1682-789e-4a90-bc94-0e2cc7a170fd\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-25\",\n \"Date_Last_Reviewed\": \"2024-10-24\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1573100,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0a948567-04d6-484b-adf9-1b30370de61b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-10\",\n \"Date_Last_Reviewed\": \"2023-12-13\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1028505,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"fd48c1b0-74cb-4b4f-a954-a608e1f81dd5\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-29\",\n \"Date_Last_Reviewed\": \"2023-07-31\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 908628,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ca5129ce-5bec-4ce1-86ed-d7be59c00058\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-27\",\n \"Date_Last_Reviewed\": \"2024-12-14\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 455234,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"0a6d7775-bf17-4a30-bce2-d38854a34405\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-14\",\n \"Date_Last_Reviewed\": \"2024-12-01\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1754020,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"be119f38-32ef-4630-99d3-80a1df82818a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-13\",\n \"Date_Last_Reviewed\": \"2023-06-23\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1985770,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9d1fe46f-781c-4069-8ba8-144409c92905\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-16\",\n \"Date_Last_Reviewed\": \"2024-09-19\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 827676,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"13d3e4b4-035c-4b71-ab73-39616e409bd1\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-18\",\n \"Date_Last_Reviewed\": \"2023-09-23\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1829803,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ffab5c1a-2250-42a0-99c4-e51361739831\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-27\",\n \"Date_Last_Reviewed\": \"2023-07-30\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 261908,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f5addf2a-39f3-4efe-81ad-74a471d90d37\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-12\",\n \"Date_Last_Reviewed\": \"2025-02-23\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1481085,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b08706c4-020f-4e3d-8f92-d83e26fe9df4\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-30\",\n \"Date_Last_Reviewed\": \"2024-11-24\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 549815,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"575af538-0182-48b1-adf4-22431220ee4f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-26\",\n \"Date_Last_Reviewed\": \"2023-07-11\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 954143,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"2eb0b0f2-0e59-4b9b-8546-3eafe036458c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-14\",\n \"Date_Last_Reviewed\": \"2024-08-09\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 927706,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"fe63c55d-9920-438f-b955-ba23b7e343cd\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-05\",\n \"Date_Last_Reviewed\": \"2025-03-08\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1968291,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"50791bf8-293a-49d1-a9a4-dc8f4fb4a07b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-20\",\n \"Date_Last_Reviewed\": \"2024-01-04\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 588836,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"85d1730c-6ba0-4323-8c94-808ec3fea3db\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-01\",\n \"Date_Last_Reviewed\": \"2024-03-17\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1101005,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"685e9a46-f833-4fe4-bfb5-e8dbc64c4432\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-29\",\n \"Date_Last_Reviewed\": \"2024-08-03\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 756748,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8dbe846b-4142-4f44-826c-df42a299dda5\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-06\",\n \"Date_Last_Reviewed\": \"2023-10-26\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 852419,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f41780a6-7f01-45ed-808d-3783258d1c66\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-13\",\n \"Date_Last_Reviewed\": \"2023-08-08\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1130070,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a4ddf86f-e581-424a-8f36-ff178512f48f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-29\",\n \"Date_Last_Reviewed\": \"2025-04-16\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1136765,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"238ad678-dcbc-4215-a288-31442cfca0d7\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-21\",\n \"Date_Last_Reviewed\": \"2023-08-19\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1463773,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7aea5119-9339-45a2-a6a4-b3453201337d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-14\",\n \"Date_Last_Reviewed\": \"2024-04-12\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1642864,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"267e59ac-bd5d-49c6-a355-a80a29790f85\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-20\",\n \"Date_Last_Reviewed\": \"2023-10-16\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1832110,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"0398383a-fe57-46af-a09b-bbd2495a0e81\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-05\",\n \"Date_Last_Reviewed\": \"2023-11-13\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1082051,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"32d543a7-24c4-4904-a619-9c97ea12da59\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-15\",\n \"Date_Last_Reviewed\": \"2023-06-17\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 311695,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"fdedbb31-7243-446a-8b1a-740602a47797\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-29\",\n \"Date_Last_Reviewed\": \"2025-03-10\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1522409,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d9f80793-15c0-4fac-93a5-775705346483\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-21\",\n \"Date_Last_Reviewed\": \"2024-11-29\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 434566,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"57274806-74fc-449c-b3ba-bb6b11022e7f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-28\",\n \"Date_Last_Reviewed\": \"2024-11-26\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 299169,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9b9450b5-4c24-478a-9af5-138ebd71952a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-04\",\n \"Date_Last_Reviewed\": \"2024-11-30\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 973402,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f380c60f-18b1-438f-929d-aa2cc7d57389\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-13\",\n \"Date_Last_Reviewed\": \"2024-02-05\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1606658,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e8e1906d-df5a-4174-8ad6-4e01ea5d04e6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-02\",\n \"Date_Last_Reviewed\": \"2024-12-29\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 158987,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"54bfb852-79b0-41ee-921c-f24857c82fe9\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-12\",\n \"Date_Last_Reviewed\": \"2024-09-29\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 784548,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"710c0bae-f1f5-4986-91fd-35a750cce8d5\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-19\",\n \"Date_Last_Reviewed\": \"2025-05-01\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 587552,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7f70413e-af7e-4311-867e-cebaca8ab660\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-27\",\n \"Date_Last_Reviewed\": \"2023-11-28\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1266167,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f3eef4f1-9e9c-4000-b3fe-92ddd7c56c82\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-14\",\n \"Date_Last_Reviewed\": \"2024-02-16\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1877435,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1500e63e-43e1-4852-bb6e-4cb4b81cb05c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-03\",\n \"Date_Last_Reviewed\": \"2024-03-15\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1274251,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"05671569-c41b-4c6b-b7ed-7da9e8516c15\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-02\",\n \"Date_Last_Reviewed\": \"2024-08-30\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 407036,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"92becb8c-1f75-40c8-8d98-54e36fd37eb7\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-20\",\n \"Date_Last_Reviewed\": \"2023-07-23\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1918600,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3abda421-b7b5-4bd3-a9a8-442d5e91f54c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-22\",\n \"Date_Last_Reviewed\": \"2024-01-14\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 315453,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d0013974-9db4-4450-a8fb-1198c7a023d6\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-07\",\n \"Date_Last_Reviewed\": \"2024-01-05\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1610842,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b41ec3a9-da4f-429a-8d55-3cce131dd743\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-23\",\n \"Date_Last_Reviewed\": \"2023-08-12\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1302560,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"92e4b1e7-0200-4822-b95f-09d2812641c2\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-27\",\n \"Date_Last_Reviewed\": \"2024-04-20\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1617810,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"736f70f4-c1e3-4476-9db2-6bbafe4c11a7\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-28\",\n \"Date_Last_Reviewed\": \"2023-08-03\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1662504,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"3e8b4c86-6f82-4369-b175-40f15d190572\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-05\",\n \"Date_Last_Reviewed\": \"2024-01-01\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 633150,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5dde1b66-0066-487f-b7ba-9d2786aa0b2e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-04\",\n \"Date_Last_Reviewed\": \"2025-01-07\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1663742,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2132f321-adb5-4702-9758-da14720caa3d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-13\",\n \"Date_Last_Reviewed\": \"2023-11-17\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1791133,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"619a3088-967c-46de-ac2b-409da6034142\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-19\",\n \"Date_Last_Reviewed\": \"2024-09-28\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1055856,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"63b7e210-c803-43e7-b046-c804ee7aaf40\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-16\",\n \"Date_Last_Reviewed\": \"2024-02-07\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 664603,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"1fa8a97a-c325-4398-bca9-abac80e03855\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-11\",\n \"Date_Last_Reviewed\": \"2025-03-06\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1761175,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5d33e8b4-2f04-4f97-bbb7-2f8dbf387eec\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-01\",\n \"Date_Last_Reviewed\": \"2024-12-24\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1345433,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"da0d8612-b381-4df4-9596-57264dfb9e4b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-02\",\n \"Date_Last_Reviewed\": \"2023-11-22\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 528149,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"3070f417-debf-49c4-96a1-972f5d09eb4b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-21\",\n \"Date_Last_Reviewed\": \"2024-05-03\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1798259,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"164d9f0c-3e01-4a71-b3b2-a1d4524e1387\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-05\",\n \"Date_Last_Reviewed\": \"2024-09-10\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1418012,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6afb3237-7a9d-4aff-a5c7-41fe99ca0f19\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-10\",\n \"Date_Last_Reviewed\": \"2024-11-27\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1020714,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"fbb26236-f0e7-424b-bb5b-597a05ca8411\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-03\",\n \"Date_Last_Reviewed\": \"2024-03-01\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1329510,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d5482834-eb52-498a-b3a9-3d1f690a05c7\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-17\",\n \"Date_Last_Reviewed\": \"2024-01-12\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 336913,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6bc17e14-f644-4a70-a0d2-b878f3117720\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-27\",\n \"Date_Last_Reviewed\": \"2024-06-29\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 283455,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"a2b08253-c5bf-416a-9fbd-2189fc0795b2\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-11\",\n \"Date_Last_Reviewed\": \"2023-11-01\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 158632,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"60673974-bbea-41e3-acb5-379640b54bab\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-24\",\n \"Date_Last_Reviewed\": \"2023-07-29\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 951363,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e8d31521-cec2-4f14-b4c9-a90754d6ea29\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-08\",\n \"Date_Last_Reviewed\": \"2024-12-19\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1487107,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5873f359-fd5c-4ed4-b760-f4d2e0c89f60\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-19\",\n \"Date_Last_Reviewed\": \"2024-06-07\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 540315,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"358161ab-2aa9-4014-8fba-7ad8585b4446\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-28\",\n \"Date_Last_Reviewed\": \"2023-08-05\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 202127,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ae1e38e4-0be2-4ecf-98c6-9a40f6d043c0\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-06\",\n \"Date_Last_Reviewed\": \"2023-06-26\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 176437,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"bb1b61c1-847c-45b9-b3c7-b146f50cde2b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-21\",\n \"Date_Last_Reviewed\": \"2023-06-08\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 103391,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"222f6711-b3d7-4f61-9b18-7fd7d46036c0\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-23\",\n \"Date_Last_Reviewed\": \"2024-06-09\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 825326,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"fbd4c38e-e629-4864-978b-50a87f4bd147\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-06\",\n \"Date_Last_Reviewed\": \"2024-04-29\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1208881,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"24144a30-1fef-4a6f-befb-888a61e3532f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-26\",\n \"Date_Last_Reviewed\": \"2023-11-10\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1636411,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"64549c53-7bd8-4210-9f2a-79cf4f3fd53c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-12\",\n \"Date_Last_Reviewed\": \"2025-04-02\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1076440,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"35debaa1-6338-4da6-8c71-bbdd346b7455\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-09\",\n \"Date_Last_Reviewed\": \"2024-06-24\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1447823,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ee1d34ad-3ab2-46c9-acd3-ca226d6b080b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-01\",\n \"Date_Last_Reviewed\": \"2025-03-28\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1488430,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2b6c6233-1537-419d-8546-766d282a7f60\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-20\",\n \"Date_Last_Reviewed\": \"2025-03-13\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1188902,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"808a80c3-d2ca-4b13-bf98-9f9db7759d20\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-08\",\n \"Date_Last_Reviewed\": \"2023-09-06\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 569840,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"fc6ca360-38fa-47d8-8133-9f451490d865\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-24\",\n \"Date_Last_Reviewed\": \"2023-12-01\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 544664,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"165cefac-8c56-4c1d-9171-4aba2f647763\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-17\",\n \"Date_Last_Reviewed\": \"2025-03-02\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1136059,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e000a756-fa75-46c0-9214-fa92c149b651\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-04\",\n \"Date_Last_Reviewed\": \"2023-10-31\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 815919,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8454e5b0-6317-4207-9579-93b40013a6ff\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-12\",\n \"Date_Last_Reviewed\": \"2024-12-04\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 365554,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d329ac74-7e51-4998-aeea-e2adda80b40b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-31\",\n \"Date_Last_Reviewed\": \"2023-07-15\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 976219,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3c90995f-03ed-4243-a431-3910d0cc1d06\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-04\",\n \"Date_Last_Reviewed\": \"2024-08-02\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 602529,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6260888e-7f55-4c41-b813-1375e30b4ba3\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-01-01\",\n \"Date_Last_Reviewed\": \"2023-11-24\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 706774,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"34da2f89-2baa-4b0f-a00d-9fcecfd93248\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-22\",\n \"Date_Last_Reviewed\": \"2024-10-02\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 942927,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"9d2e5982-6294-487b-b4ec-4e36e06e9e7e\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-18\",\n \"Date_Last_Reviewed\": \"2025-02-28\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1382042,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9c16c8e9-f646-4782-90e8-c37db707bdf3\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-04\",\n \"Date_Last_Reviewed\": \"2024-10-21\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1008638,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"69b2c86a-99cb-47db-bcef-32e8c3a3f67a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-27\",\n \"Date_Last_Reviewed\": \"2024-12-28\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 736145,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"15fa1411-2e2e-4c93-8577-6a3c0a3f2449\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-16\",\n \"Date_Last_Reviewed\": \"2024-12-22\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1002288,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"a5e0cd90-8b86-4171-ba82-19e7d4d682d7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-28\",\n \"Date_Last_Reviewed\": \"2023-12-13\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1246422,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0626ec28-34a5-4ce6-8e56-bc2a87139eb1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-10\",\n \"Date_Last_Reviewed\": \"2024-01-01\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1172464,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"891829b6-bd88-4bf5-84d0-b9a298f383ab\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-11\",\n \"Date_Last_Reviewed\": \"2023-08-01\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1746558,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5a9a4f20-7ffc-4bee-b4de-5148a5f2f66c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-21\",\n \"Date_Last_Reviewed\": \"2023-09-16\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 581222,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"59a2309c-b2e9-4a03-ba8b-8b3c83854eeb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-29\",\n \"Date_Last_Reviewed\": \"2024-03-24\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1728457,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"22d5b360-6039-4a29-b432-effb53d6dd89\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-19\",\n \"Date_Last_Reviewed\": \"2023-08-01\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1759211,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b432af94-e1ba-4b91-8f62-1a280090caef\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-07\",\n \"Date_Last_Reviewed\": \"2025-01-31\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1735858,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c32d8110-3048-43d3-b4c1-a3e4edeeee67\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-29\",\n \"Date_Last_Reviewed\": \"2024-03-17\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1348440,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b6c6acfd-14e5-4afe-a3e1-cd7adc072bc4\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-08\",\n \"Date_Last_Reviewed\": \"2024-07-31\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 633755,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ce243ebb-c544-4abb-84ce-405ffb62d015\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-12\",\n \"Date_Last_Reviewed\": \"2024-11-22\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 252787,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"7dc43347-b0ee-459f-b07f-658f9cf5743d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-28\",\n \"Date_Last_Reviewed\": \"2024-08-06\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1551592,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4fc1a6fc-90e0-4294-b63c-c749312463c6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-01\",\n \"Date_Last_Reviewed\": \"2023-05-19\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1263502,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"1f3e6d8b-a925-4a30-b3a2-5f068de80748\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-26\",\n \"Date_Last_Reviewed\": \"2023-06-04\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 520376,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"fc25c7fc-7621-4b60-9ada-beb8bcd25a87\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-04\",\n \"Date_Last_Reviewed\": \"2025-01-04\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 255889,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6bf6b841-1cbf-4261-85d5-d95fa5c2599b\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-06\",\n \"Date_Last_Reviewed\": \"2024-01-04\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 124908,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8cb0e78d-f927-451f-82c5-f6fb1388fb59\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-20\",\n \"Date_Last_Reviewed\": \"2023-12-31\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1308172,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"efd1a359-676b-4570-a1b9-66cc86001a34\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-19\",\n \"Date_Last_Reviewed\": \"2023-08-26\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 836589,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d7f92073-8f92-4569-8ba6-839e9899e1a4\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-08\",\n \"Date_Last_Reviewed\": \"2024-04-20\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1397823,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9bd4d31b-9830-4e3a-960c-9d5fd655006f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-26\",\n \"Date_Last_Reviewed\": \"2024-05-26\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1987076,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"628c2c85-ae23-40c2-8c6e-d99837c8249b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-11\",\n \"Date_Last_Reviewed\": \"2024-10-26\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 249222,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"63c9a365-f42e-44c9-a08e-226ef304fe85\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-09\",\n \"Date_Last_Reviewed\": \"2025-05-07\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 493900,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"51500a0a-10df-4d4f-9beb-e20eae11a25c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-14\",\n \"Date_Last_Reviewed\": \"2024-11-08\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 976611,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"aa3ad53a-142f-402a-b5c3-309d5d18acaa\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-19\",\n \"Date_Last_Reviewed\": \"2025-04-25\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1484123,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"bb5d5b0c-79d9-4c2c-a78b-3a2d7ab104da\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-14\",\n \"Date_Last_Reviewed\": \"2024-04-18\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 848883,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f7eabce7-cb33-4e57-81a4-5320c945b28c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-17\",\n \"Date_Last_Reviewed\": \"2024-12-14\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, CCPA\",\n \"Loss_Estimate_USD\": 463383,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"42630cb4-928f-4561-b8f2-1152e1c15dc2\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-10\",\n \"Date_Last_Reviewed\": \"2024-12-16\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1574476,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"89203e60-6fa3-4fcb-97f4-61b205c196a5\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-25\",\n \"Date_Last_Reviewed\": \"2024-12-31\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 759778,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8e1f575d-896c-4243-aeba-389a40950a94\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-17\",\n \"Date_Last_Reviewed\": \"2023-08-23\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1287020,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"bab461aa-23de-45d9-8309-c2bdeeeab5f3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-29\",\n \"Date_Last_Reviewed\": \"2024-06-30\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 776017,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"317434cc-6722-4704-a28c-2a65b3b13593\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-27\",\n \"Date_Last_Reviewed\": \"2023-11-29\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 674509,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"97e461d9-2198-4f06-bddb-73c3415d77c8\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-17\",\n \"Date_Last_Reviewed\": \"2023-05-18\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1906406,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a90a9707-1e55-4a9b-9f68-777456f0c067\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-29\",\n \"Date_Last_Reviewed\": \"2023-09-01\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 995054,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a4ec4f9d-1da3-4d5a-a8f2-fb7378ea7f26\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-19\",\n \"Date_Last_Reviewed\": \"2023-10-04\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1111677,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"2571c9e5-9678-4236-9163-f551c229d4c4\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-29\",\n \"Date_Last_Reviewed\": \"2024-11-24\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 264164,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"a2d1ba97-3c30-4785-b6a6-228ed023f5eb\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-28\",\n \"Date_Last_Reviewed\": \"2024-07-25\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1120321,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7e70c86a-1485-4231-a8a3-c35b08f87627\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-09\",\n \"Date_Last_Reviewed\": \"2023-12-03\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1976793,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"bdc55e1a-fb65-4a41-bfd5-eee779d8017b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-13\",\n \"Date_Last_Reviewed\": \"2023-12-19\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 763112,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8b9cb74c-4904-4108-940a-9f638ce2ab59\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-12\",\n \"Date_Last_Reviewed\": \"2023-08-04\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1507921,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5441a91e-1fab-4238-be01-b2ef002fb377\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-27\",\n \"Date_Last_Reviewed\": \"2024-02-13\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1685075,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"de0ac0f1-f921-453f-82bc-746122c1634c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-14\",\n \"Date_Last_Reviewed\": \"2023-10-12\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1603883,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0f6e27b9-d2b8-4e74-9f95-5c78cd17a2db\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-31\",\n \"Date_Last_Reviewed\": \"2024-02-08\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 238074,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a2dc8fa1-c858-4af3-8eca-5ff281a3cb90\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-11\",\n \"Date_Last_Reviewed\": \"2023-06-10\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 386276,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"289adf50-8e91-4572-90f1-d53991bf74d8\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-10\",\n \"Date_Last_Reviewed\": \"2024-08-31\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1742810,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e408c558-d44e-4ba4-893d-c8999fd4e79f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-16\",\n \"Date_Last_Reviewed\": \"2023-06-13\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1592136,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d3794033-fac7-4294-a155-cafe0778cb83\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-10\",\n \"Date_Last_Reviewed\": \"2023-07-30\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1944236,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b9bc0b4d-c77f-4de7-a774-9647a1f3a7e9\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-09\",\n \"Date_Last_Reviewed\": \"2023-08-07\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1969286,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"94bbb4fe-8b21-4151-b6da-741b5c820782\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-28\",\n \"Date_Last_Reviewed\": \"2023-06-13\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 397371,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"2edff86a-34d3-47d8-9654-f6da6a1b2515\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-16\",\n \"Date_Last_Reviewed\": \"2024-01-21\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 876958,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0f8a2e3f-09b7-4485-a854-3907d2d5d474\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-03\",\n \"Date_Last_Reviewed\": \"2024-04-11\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1259501,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"63b5a2fb-946f-4fe9-9e2f-d38368419d73\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-20\",\n \"Date_Last_Reviewed\": \"2025-05-10\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1211138,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"16ddda5c-9f48-404e-9185-55dd93db00de\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-11\",\n \"Date_Last_Reviewed\": \"2025-03-31\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1456164,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"20e60795-644e-4cdc-9eb1-466d8ac5b125\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-13\",\n \"Date_Last_Reviewed\": \"2024-07-30\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 395703,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ff832636-2351-4a29-a686-9b47855e7106\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-21\",\n \"Date_Last_Reviewed\": \"2025-01-24\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 451012,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"9e148952-f9e0-439f-96fd-b5ff4081b813\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-23\",\n \"Date_Last_Reviewed\": \"2025-03-15\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1789596,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f3947a41-a420-4b9c-9d29-115f5a59f13f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-12\",\n \"Date_Last_Reviewed\": \"2024-08-15\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1298956,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"71b003a6-a010-490c-9723-c81086bd60eb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-05\",\n \"Date_Last_Reviewed\": \"2025-01-28\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 916009,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a989aa05-25a7-4808-adba-5a32ba5a4487\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-23\",\n \"Date_Last_Reviewed\": \"2024-02-07\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 931497,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e1a5e7a4-42b1-4b0a-a6fa-109b6c914b5c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-31\",\n \"Date_Last_Reviewed\": \"2024-05-06\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1331207,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"31eb9788-5306-440d-96cc-56d2b56895b5\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-24\",\n \"Date_Last_Reviewed\": \"2023-09-27\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 990293,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ae8d193d-257a-4a1a-b419-a4348de88f17\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-01\",\n \"Date_Last_Reviewed\": \"2024-07-25\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 713628,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"da26c6ca-3b30-4299-9618-5823b29a3bce\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-24\",\n \"Date_Last_Reviewed\": \"2023-06-13\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1079655,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"20365d03-b5a0-473e-a756-a51198bf7174\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-06\",\n \"Date_Last_Reviewed\": \"2023-12-15\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 732558,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9f675e5c-50f2-4473-8eb6-984f2805c0df\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-25\",\n \"Date_Last_Reviewed\": \"2023-07-13\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 697191,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"93ccb0ce-3798-41a5-afe5-68b2bc897809\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-03\",\n \"Date_Last_Reviewed\": \"2023-06-23\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 151764,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"acdd2907-3586-4c9e-a62f-abe4a86e73f7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-31\",\n \"Date_Last_Reviewed\": \"2024-07-02\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 608292,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"2cacc98d-cf08-481d-8309-97717c46c4c9\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-19\",\n \"Date_Last_Reviewed\": \"2023-07-31\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 331534,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7e3a1e61-b1d0-4816-8d1e-8963f6f7b30e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-12\",\n \"Date_Last_Reviewed\": \"2024-08-02\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1498452,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0f3d1ec6-e007-4c65-b2d0-630ec1bfd874\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-30\",\n \"Date_Last_Reviewed\": \"2023-12-09\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1650589,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"80197caa-064a-480a-83d3-838cbfa5422b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-15\",\n \"Date_Last_Reviewed\": \"2025-04-24\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1325699,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4b99de84-6017-4ac3-bf5f-9df52a3a6ce8\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-31\",\n \"Date_Last_Reviewed\": \"2025-01-21\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1955724,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"50317a73-0597-4ac8-9c62-d69f1db6c011\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-27\",\n \"Date_Last_Reviewed\": \"2025-03-24\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 830974,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5ac19d1d-a963-4fa0-8144-d375a45ba143\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-14\",\n \"Date_Last_Reviewed\": \"2023-07-01\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1334988,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b5fd5ea3-5b27-4783-991c-d347e04982d4\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-23\",\n \"Date_Last_Reviewed\": \"2024-02-01\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1114758,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e2d28037-cddf-4cba-9120-8cbf66b0bedc\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-28\",\n \"Date_Last_Reviewed\": \"2023-08-31\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1857282,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"edf16585-850e-4efe-93a9-2bf1bb86008c\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-22\",\n \"Date_Last_Reviewed\": \"2024-01-12\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1253960,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a0b4aa4b-add2-43d1-bf0f-8a8e6240a8a8\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-01\",\n \"Date_Last_Reviewed\": \"2024-04-25\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 274705,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"336ad068-0f56-42db-a29c-b22366b7c71e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-04\",\n \"Date_Last_Reviewed\": \"2024-11-05\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1802302,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"82baf9b1-0fb1-440b-84e9-9cdd1e93ddb5\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-16\",\n \"Date_Last_Reviewed\": \"2024-10-16\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1019442,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f40f8d45-d0cc-48ae-bf2e-6c3aff211af6\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-06\",\n \"Date_Last_Reviewed\": \"2024-01-29\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1869303,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4fabd726-49f5-45db-b1ca-cf93f5c82853\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-26\",\n \"Date_Last_Reviewed\": \"2024-09-22\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 838810,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"94629d02-3b14-4f40-8ac8-4c8f7a1456d4\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-27\",\n \"Date_Last_Reviewed\": \"2024-07-12\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1305860,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8705aef2-92e7-4fec-8070-a9454108b9e4\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-14\",\n \"Date_Last_Reviewed\": \"2024-08-15\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1761200,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8c560e27-d1cd-4f90-9fc5-7dc18c1c5551\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-27\",\n \"Date_Last_Reviewed\": \"2024-06-12\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 921242,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a7f0b9bc-9929-4d61-bd93-f2072566599c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-07\",\n \"Date_Last_Reviewed\": \"2025-03-24\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1685506,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"d8d00937-7bc0-4bc3-9cf2-1c39e0964c70\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-17\",\n \"Date_Last_Reviewed\": \"2023-08-04\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1295067,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"fe08fbe1-4145-4cc8-961e-b8f32651d816\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-13\",\n \"Date_Last_Reviewed\": \"2023-11-17\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1520311,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e55a1012-90eb-45f7-943f-1e0789040503\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-08\",\n \"Date_Last_Reviewed\": \"2024-02-18\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 752717,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"eae530b3-49e0-46e7-8c3d-81a196ed0b05\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-11\",\n \"Date_Last_Reviewed\": \"2025-02-24\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1769119,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b67aad1b-073e-4a75-aa62-6bed169ff47f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-04\",\n \"Date_Last_Reviewed\": \"2024-12-07\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1063456,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ffe3ff2d-49a5-476f-a8d2-3211e87ee902\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-26\",\n \"Date_Last_Reviewed\": \"2024-06-21\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1205158,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"3d97c1e3-9279-44d0-8dcb-2cb21eaf77de\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-16\",\n \"Date_Last_Reviewed\": \"2023-11-08\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1658575,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"16ae666c-23f1-43e0-ae8f-257e4b2542a3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-14\",\n \"Date_Last_Reviewed\": \"2024-06-10\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 275296,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b265c8de-a279-45a5-afec-7561739e86ec\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-05-25\",\n \"Date_Last_Reviewed\": \"2024-03-25\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 376507,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ad7610e6-e91b-4c51-8952-81c37e73ea1c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-06\",\n \"Date_Last_Reviewed\": \"2023-12-02\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1544324,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"84136da5-190f-44aa-bdbf-67d46f119abd\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-27\",\n \"Date_Last_Reviewed\": \"2024-08-10\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 731123,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b598c182-ebec-4cee-aeba-d83d5ce87067\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-19\",\n \"Date_Last_Reviewed\": \"2025-02-25\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1883868,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"dd74de29-4e2a-41f9-ba3c-a4fb7185b329\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-13\",\n \"Date_Last_Reviewed\": \"2025-01-01\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1709850,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"39b13627-0712-4bda-ac51-d60540ad1a9c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-02\",\n \"Date_Last_Reviewed\": \"2024-12-27\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 750554,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0ac12e61-2e4e-4175-8906-4e6361ff3e2a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-01\",\n \"Date_Last_Reviewed\": \"2025-03-04\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1819602,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"09aa7223-979d-41f7-8beb-d16b110296ea\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-07\",\n \"Date_Last_Reviewed\": \"2025-02-23\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 398690,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"1d11045c-dd46-4779-80e6-2a1360ee3501\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-17\",\n \"Date_Last_Reviewed\": \"2024-12-29\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1538154,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"50748d67-2bb1-49af-9f2e-635fb037271c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-12\",\n \"Date_Last_Reviewed\": \"2023-11-03\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 863095,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6b285491-1296-4ba4-ba8d-4cb773df9488\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-29\",\n \"Date_Last_Reviewed\": \"2024-07-18\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 228306,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"eb14d05d-a0a8-4615-b05c-5921efa23435\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-26\",\n \"Date_Last_Reviewed\": \"2024-12-05\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 686481,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"129a0624-3d99-4bcd-a2a1-b7fe90bab8a3\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-10\",\n \"Date_Last_Reviewed\": \"2023-06-16\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1123392,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"51df36ab-8685-4362-a5f5-27a23a70a0bb\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-20\",\n \"Date_Last_Reviewed\": \"2023-10-31\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1368167,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"88e6e0e6-29a0-4a44-a66f-1c8bf2577cfa\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-18\",\n \"Date_Last_Reviewed\": \"2024-01-11\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 623609,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"aa3871b9-1ccf-4483-9de2-dc6236bfb3ce\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-01\",\n \"Date_Last_Reviewed\": \"2024-02-17\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1988922,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2199317d-cd58-4ba1-826d-b481541b6e06\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-12\",\n \"Date_Last_Reviewed\": \"2023-12-31\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1223331,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"49a86ca8-d5d0-4cdb-97ea-ecf3e9bc6f30\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-01\",\n \"Date_Last_Reviewed\": \"2024-07-16\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 169545,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a9ce6b5a-d634-4424-b214-b78ed346db6f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-20\",\n \"Date_Last_Reviewed\": \"2024-12-23\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1172253,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"37d51585-b9dd-480a-a9da-73d1a1eba515\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-12\",\n \"Date_Last_Reviewed\": \"2025-03-07\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1207533,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"258dac0e-869a-47a6-9abe-fad4ad90c7db\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-18\",\n \"Date_Last_Reviewed\": \"2025-04-02\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1640933,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8f34b017-bc68-4aa2-aed0-0b1e58c55f7e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-18\",\n \"Date_Last_Reviewed\": \"2023-11-17\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 191139,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"cc09ab58-3734-4027-8c24-059a5235e904\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-05-01\",\n \"Date_Last_Reviewed\": \"2023-11-14\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 777343,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b61799fa-1c9c-4766-90db-fe3a138d4fd7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-13\",\n \"Date_Last_Reviewed\": \"2023-07-01\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1614906,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"43bfe0f2-b911-4029-a19f-360993b45a97\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-12\",\n \"Date_Last_Reviewed\": \"2025-02-08\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 511726,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"260dfd23-d02b-4be2-8f6f-6ba0f6714966\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-13\",\n \"Date_Last_Reviewed\": \"2024-06-11\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 976531,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"79412e69-d698-4799-b80c-4c87af4373bb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-19\",\n \"Date_Last_Reviewed\": \"2024-12-12\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1606619,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"cd29a679-a68d-4ecb-879b-5542e7b96046\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-23\",\n \"Date_Last_Reviewed\": \"2025-05-12\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 540853,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"acc3ad57-e1ae-47da-b8c6-311dd8dbcd18\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-11\",\n \"Date_Last_Reviewed\": \"2024-02-15\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1866910,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5aa64bf7-a50e-4e4b-a216-9e28393e32b9\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-08\",\n \"Date_Last_Reviewed\": \"2024-11-13\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1122399,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"b84779c8-0702-4b19-bbc9-79b49f3e34a7\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-31\",\n \"Date_Last_Reviewed\": \"2023-12-27\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1335432,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2e84924a-5c26-47e7-b8dc-870fc37f4bba\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-19\",\n \"Date_Last_Reviewed\": \"2025-03-08\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1648380,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"303c7af9-9381-4b45-a066-7b85ba7dab05\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-09\",\n \"Date_Last_Reviewed\": \"2024-04-11\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1547203,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"55c5c3db-c3ed-4330-a49f-7e6072f4fc9c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-24\",\n \"Date_Last_Reviewed\": \"2024-05-08\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 351704,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d61eb76c-6cfc-4a18-9985-d7e9828ffcb1\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-08\",\n \"Date_Last_Reviewed\": \"2023-10-31\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1029052,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"3257ad75-f850-416b-a902-d4878140a199\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-12\",\n \"Date_Last_Reviewed\": \"2024-02-06\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1170075,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4be82d10-ecf1-4d76-8072-87c438d28fa6\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-02\",\n \"Date_Last_Reviewed\": \"2025-02-16\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1436861,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b7d4031e-00fa-439c-a4c9-35e5883801b4\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-22\",\n \"Date_Last_Reviewed\": \"2024-04-03\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 362254,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2a0fd841-c122-4f50-980f-e7de3d826f97\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-21\",\n \"Date_Last_Reviewed\": \"2024-05-30\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1229621,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"79a33a80-61e3-4b71-bd52-2bda423579e7\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-03\",\n \"Date_Last_Reviewed\": \"2023-07-10\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 113384,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f2024d57-bc1b-449c-af4c-77b6b95d4a3c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-09\",\n \"Date_Last_Reviewed\": \"2023-10-14\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1459823,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3c51b7ce-a26f-41e0-af2c-066c2d1ceb8b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-05-19\",\n \"Date_Last_Reviewed\": \"2025-01-28\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 686228,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"234868e3-6eea-46dd-9398-cba67d51f67a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-17\",\n \"Date_Last_Reviewed\": \"2025-02-13\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 749458,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"79ddb2ab-8c74-4472-930d-e0b44be53a0d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-24\",\n \"Date_Last_Reviewed\": \"2024-12-20\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 217991,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"9376f2de-dc21-4a2f-92ee-f45da616b42a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-10\",\n \"Date_Last_Reviewed\": \"2023-08-18\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 518027,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"4cbd6082-cf17-4258-a84e-81dd926970b1\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-16\",\n \"Date_Last_Reviewed\": \"2023-08-14\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1476841,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"afedf073-ed09-43de-af55-08e001334c46\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-11\",\n \"Date_Last_Reviewed\": \"2024-02-06\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 714015,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"05bb130b-0a09-4ced-9825-f81454feade4\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-25\",\n \"Date_Last_Reviewed\": \"2024-09-20\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1494974,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"826e4d97-7f7b-443f-845d-a5161d416d8c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-21\",\n \"Date_Last_Reviewed\": \"2024-10-01\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 450082,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"97c353ad-4c2c-4584-85e9-f50007ec0944\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-24\",\n \"Date_Last_Reviewed\": \"2024-05-12\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 369043,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f3b4c485-61ff-43d6-bd5c-93a599e10fa0\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-25\",\n \"Date_Last_Reviewed\": \"2024-11-06\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 737756,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"52dcadf3-1d39-480e-b368-0e6474f733d6\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-18\",\n \"Date_Last_Reviewed\": \"2024-02-18\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 632167,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2bcbbad1-dd53-4156-b24b-2c1d7937e8ab\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-07\",\n \"Date_Last_Reviewed\": \"2024-08-03\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 762205,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5e7c95e8-2961-4286-89b1-a742585b6162\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-23\",\n \"Date_Last_Reviewed\": \"2024-03-07\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 208435,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"89a9cc03-5aa5-4c93-af47-dc1ba4c4c920\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-02\",\n \"Date_Last_Reviewed\": \"2024-02-18\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 134867,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c93812e9-0558-4856-beae-d6c413ccbf14\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-28\",\n \"Date_Last_Reviewed\": \"2025-05-03\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 897034,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a2be98c5-d9e0-4a85-8c11-5fabb7284f52\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-16\",\n \"Date_Last_Reviewed\": \"2025-04-22\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 988381,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ac69307e-79be-4eab-80ec-089d26474c6f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-11\",\n \"Date_Last_Reviewed\": \"2025-02-03\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 196213,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"a9acac17-81e0-4e59-9911-0cc2ac3231df\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-22\",\n \"Date_Last_Reviewed\": \"2024-05-23\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 990264,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7cc4cd81-8f3c-4ec4-959a-eee366fdcce5\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-25\",\n \"Date_Last_Reviewed\": \"2023-09-16\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1638775,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a0034dfa-e07a-435d-9c31-93b9f7844af5\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-21\",\n \"Date_Last_Reviewed\": \"2024-06-23\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1879129,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6dad7a79-eeb5-4ebe-9735-b6f13259f45b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-17\",\n \"Date_Last_Reviewed\": \"2024-05-06\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 264737,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b5698b4f-13bb-4cff-9b22-61f099dccbd9\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-04\",\n \"Date_Last_Reviewed\": \"2025-03-16\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 587853,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8c1096da-6cd5-4bd2-b3e5-fefa3b1b3d1d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-13\",\n \"Date_Last_Reviewed\": \"2024-09-15\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 228426,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6d2b2692-7cf4-479a-a75b-4a8441c3dcad\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-25\",\n \"Date_Last_Reviewed\": \"2023-11-24\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1164646,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"151d0262-1b61-48b5-ba75-c09e5436fdb7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-26\",\n \"Date_Last_Reviewed\": \"2023-12-06\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1544933,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"bfaa7c33-b757-4876-beb2-e26d3f7fc4ec\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-17\",\n \"Date_Last_Reviewed\": \"2024-12-26\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1879752,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"14e0bec1-54d6-41db-b662-cebd122ebf8a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-11\",\n \"Date_Last_Reviewed\": \"2024-06-14\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 501600,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9f27c6c9-f7be-454c-8d6d-d8245fe42a53\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-21\",\n \"Date_Last_Reviewed\": \"2024-08-03\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1364983,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"32c521ef-34fc-468e-9468-40d6270ce20d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-24\",\n \"Date_Last_Reviewed\": \"2024-12-25\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1310265,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"61364c20-63d9-4f0c-b4a6-637f22dc70ea\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-13\",\n \"Date_Last_Reviewed\": \"2023-12-20\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1328358,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ce299d49-c897-4410-935f-01a0abe22347\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-08\",\n \"Date_Last_Reviewed\": \"2025-04-30\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 953823,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"781f114a-01d4-434b-8869-1246d80ea160\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-16\",\n \"Date_Last_Reviewed\": \"2024-07-23\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 841282,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"caf5f3a2-4802-4939-b1ae-4215c3ae889f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-19\",\n \"Date_Last_Reviewed\": \"2025-05-01\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1735040,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a2d8a734-c904-4192-8e8a-5c0ceab0e213\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-24\",\n \"Date_Last_Reviewed\": \"2024-12-06\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 347539,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"513e6625-d4fa-4fd5-9f09-45432a7eaf1b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-01\",\n \"Date_Last_Reviewed\": \"2025-01-16\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 620817,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"12e46d7e-6642-4d88-bd2d-18fb7427abb9\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-14\",\n \"Date_Last_Reviewed\": \"2023-09-05\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1987604,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e0012b6b-1c68-4e84-8f99-38d1faeb7fff\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-10\",\n \"Date_Last_Reviewed\": \"2023-07-01\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1202411,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"47c37f11-3594-432d-8d27-c37e4b94cb80\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-30\",\n \"Date_Last_Reviewed\": \"2023-08-08\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1048725,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ea3ac77a-71f2-41a5-b053-b33349fef252\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-01\",\n \"Date_Last_Reviewed\": \"2025-04-04\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1666561,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"801a36c1-4c1a-41ee-a8f5-0854d76a5916\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-24\",\n \"Date_Last_Reviewed\": \"2024-05-14\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 913523,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0e0ca33e-8443-45fb-a81d-d3260a2a8af1\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-11\",\n \"Date_Last_Reviewed\": \"2024-05-24\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1807982,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c229fa59-1890-4fd6-9070-abd2c957355e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-18\",\n \"Date_Last_Reviewed\": \"2025-01-18\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1302180,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"de9f06de-8986-4371-840e-475bdcb287a7\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-14\",\n \"Date_Last_Reviewed\": \"2025-01-26\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1840035,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"bf14f04f-8939-4808-8b5f-e9c5ae64a916\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-14\",\n \"Date_Last_Reviewed\": \"2024-09-24\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 376887,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"aac07fe9-bafd-4535-9380-fd99f660ff3d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-08\",\n \"Date_Last_Reviewed\": \"2023-11-18\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 489074,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e653a188-54e5-4309-8f73-f64203dd0e41\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-12\",\n \"Date_Last_Reviewed\": \"2023-11-20\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 146330,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3bd5743f-a7c1-4083-99d2-f4584b59af8d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-04\",\n \"Date_Last_Reviewed\": \"2023-11-25\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 567671,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"76aa1b41-8970-4614-92ee-59c6ccba8334\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-06\",\n \"Date_Last_Reviewed\": \"2023-10-02\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1459772,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8e96de00-0811-4c0d-826a-b655f47d9e83\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-04\",\n \"Date_Last_Reviewed\": \"2023-11-13\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1487831,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"686f884a-112f-40f5-8404-3a84a647c979\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-02\",\n \"Date_Last_Reviewed\": \"2024-08-10\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1614203,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"edeaf4eb-e8c2-43f7-901a-02d781d95c3e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-16\",\n \"Date_Last_Reviewed\": \"2024-05-19\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 327110,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"16a4aace-89d2-4e38-83ed-1a247f1ae5b2\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-16\",\n \"Date_Last_Reviewed\": \"2023-06-28\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 942578,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"df4dd9c3-3dbc-459c-addd-f5773b00677c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-13\",\n \"Date_Last_Reviewed\": \"2024-05-25\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 474759,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5622808c-ae4c-42be-a7d5-abdf14d5bbe1\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-15\",\n \"Date_Last_Reviewed\": \"2023-06-19\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 217538,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3fe97381-9e2e-40d4-9cd3-6fdad9bddc13\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-08\",\n \"Date_Last_Reviewed\": \"2024-07-28\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 574123,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d91a3946-3fc3-4b76-a267-613cba720543\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-07\",\n \"Date_Last_Reviewed\": \"2023-08-23\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 826718,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"56c54d56-e172-47f2-a851-2e8f76069779\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-13\",\n \"Date_Last_Reviewed\": \"2023-08-27\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1792359,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a0a529a8-d599-4574-92d9-7cab2e6a45e0\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-05\",\n \"Date_Last_Reviewed\": \"2024-04-02\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1115214,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"46018c2b-9502-444e-8bc9-d3636c5e3896\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-11\",\n \"Date_Last_Reviewed\": \"2023-05-15\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1070239,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7011decd-692a-49aa-ad84-4875b400f0ff\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-22\",\n \"Date_Last_Reviewed\": \"2025-01-27\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 427150,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d316a0bf-78c2-482b-90a2-df89c784d0ad\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-28\",\n \"Date_Last_Reviewed\": \"2024-01-04\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 801186,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"478c1363-4ed3-4910-810e-a89f4270fd25\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-29\",\n \"Date_Last_Reviewed\": \"2024-04-14\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 956057,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a4e49095-c762-416a-8262-c00fbc904228\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-28\",\n \"Date_Last_Reviewed\": \"2024-08-07\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 974657,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7337b201-e226-4bed-affa-96ee39f4e230\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-20\",\n \"Date_Last_Reviewed\": \"2024-09-09\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 366699,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ab170f63-9e93-4cb9-948d-d59c7ccd07a8\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-10\",\n \"Date_Last_Reviewed\": \"2023-10-12\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1109312,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5d90138a-9b8f-4c38-a51c-e1447d7345d5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-22\",\n \"Date_Last_Reviewed\": \"2024-11-13\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1968159,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9ed16ae2-0bc3-4a02-8435-1a8dfddc9d73\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-28\",\n \"Date_Last_Reviewed\": \"2023-06-16\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 159378,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"444189dc-4237-4a87-8e8e-94528be50caf\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-12\",\n \"Date_Last_Reviewed\": \"2024-10-14\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 286163,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"d28fc9ab-649c-4bed-a8c1-1ea930edb23e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-19\",\n \"Date_Last_Reviewed\": \"2023-07-14\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1964982,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8723dd0f-3cf3-4f4b-87e2-1ba8bcd2788a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-05\",\n \"Date_Last_Reviewed\": \"2023-10-31\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1407436,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"acc52216-4747-4382-aea9-0d6d5e17b499\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-30\",\n \"Date_Last_Reviewed\": \"2024-09-28\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 452791,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"fd3d22ff-2c42-4abb-b414-60ac523d0174\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-31\",\n \"Date_Last_Reviewed\": \"2023-08-31\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 924549,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c427da03-0f45-4a51-b12c-61277cec1442\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-22\",\n \"Date_Last_Reviewed\": \"2024-03-16\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1213398,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"65685584-4bc5-4b37-a31b-1874f941b40d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-18\",\n \"Date_Last_Reviewed\": \"2025-05-09\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 362482,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0925501a-2b81-44c5-853f-970503e597bb\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-24\",\n \"Date_Last_Reviewed\": \"2025-04-26\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 496703,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"05611324-034f-4fab-b0da-b91947b7519a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-16\",\n \"Date_Last_Reviewed\": \"2025-03-09\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 364636,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"9c6195f5-a15b-4e2f-9dad-bf789c8ba577\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-12\",\n \"Date_Last_Reviewed\": \"2023-07-05\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1126888,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"030b05e3-d84b-4217-8c57-f9fe4d0f1b51\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-02\",\n \"Date_Last_Reviewed\": \"2025-03-30\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 689490,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ff17c7d4-6cdb-487b-bae3-0a5a56e80535\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-17\",\n \"Date_Last_Reviewed\": \"2025-02-03\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1719360,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"03949285-532f-4ad9-bd51-2daa697f4fa1\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-22\",\n \"Date_Last_Reviewed\": \"2023-06-28\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 961179,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5e791198-324f-4f72-ad3f-2e6e6c0ba585\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-26\",\n \"Date_Last_Reviewed\": \"2023-06-18\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 413921,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"de273308-10b3-4596-af6d-d46a9fa4532e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-08\",\n \"Date_Last_Reviewed\": \"2024-12-31\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 261277,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e15985b3-5e15-42fc-bbc0-6f8c2ff031ea\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-29\",\n \"Date_Last_Reviewed\": \"2025-03-12\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 594870,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ce757f0c-92fb-4f20-87dc-991cc071fad8\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-01\",\n \"Date_Last_Reviewed\": \"2024-07-31\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1008651,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"2a5bd856-7428-4445-a82c-4b0defb3f5d0\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-14\",\n \"Date_Last_Reviewed\": \"2025-02-24\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1839842,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"22cbfd2f-5532-46cd-8f84-962aa4e99103\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-27\",\n \"Date_Last_Reviewed\": \"2024-05-17\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1294164,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5e4c033a-a666-44ed-9e49-6f35792eac7e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-14\",\n \"Date_Last_Reviewed\": \"2023-09-13\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1805655,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d360b46d-df3e-46fc-a8c2-7c13352f70db\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-31\",\n \"Date_Last_Reviewed\": \"2023-07-30\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1636810,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f499ff93-6991-4488-95aa-d99901af9e7e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-22\",\n \"Date_Last_Reviewed\": \"2024-08-25\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 277938,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b05dce9e-0df1-4a7f-bd01-95b7aa216f36\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-05\",\n \"Date_Last_Reviewed\": \"2024-06-18\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1182422,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"626986c9-4214-45c8-9097-1c4c629678d9\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-01\",\n \"Date_Last_Reviewed\": \"2024-11-08\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 620694,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]"], "Which risks were identified in the last 90 days?": ["[\n {\n \"Risk_ID\": \"fdf94c98-fa38-47da-8e0e-95c5bfc392ba\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-25\",\n \"Date_Last_Reviewed\": \"2024-11-04\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 872683,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"3043ebd5-f1e0-431c-838d-5f99525eb121\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-05-04\",\n \"Date_Last_Reviewed\": \"2024-02-25\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1738360,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"506266eb-8f9a-464c-b807-f95445dac762\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-21\",\n \"Date_Last_Reviewed\": \"2024-08-27\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1907096,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a5ea9c06-cefe-4694-830f-c7903ed487fd\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-21\",\n \"Date_Last_Reviewed\": \"2023-05-27\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1171987,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"86e1e240-6155-4d6d-b15d-a12302496e76\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-17\",\n \"Date_Last_Reviewed\": \"2023-12-10\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 936159,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e6837388-8796-4692-89fc-0b995e7de879\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-28\",\n \"Date_Last_Reviewed\": \"2024-04-04\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 434417,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"47488872-a007-4edc-94ee-ba4420536168\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-08\",\n \"Date_Last_Reviewed\": \"2025-03-16\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1671102,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2f86f706-c37e-4d30-b001-e9f6b4fb6999\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-24\",\n \"Date_Last_Reviewed\": \"2024-08-06\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 586070,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7d033794-0843-49ab-a4fd-f3418f27a2a6\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-22\",\n \"Date_Last_Reviewed\": \"2023-06-18\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 216909,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"39b2d9a1-895d-4522-9de7-779889322e41\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-06\",\n \"Date_Last_Reviewed\": \"2023-06-07\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 331381,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"284e02e9-0a63-4e73-84ff-63987d3cae5f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-07\",\n \"Date_Last_Reviewed\": \"2024-04-30\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1011945,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c3e9e931-2342-417b-8b7d-082d2411ad8c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-11\",\n \"Date_Last_Reviewed\": \"2023-12-15\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1821707,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7b8c03eb-2b0e-4d8f-8613-9478c258a1f4\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-27\",\n \"Date_Last_Reviewed\": \"2024-02-05\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 647121,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"fe9fbe19-b761-4bed-9965-1d8215129183\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-02\",\n \"Date_Last_Reviewed\": \"2023-07-01\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1379305,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e7c10e26-c3e1-43d7-b044-1f90150983f9\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-15\",\n \"Date_Last_Reviewed\": \"2024-04-04\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 592192,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a93e75a7-0219-4961-9082-d26b52626214\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-14\",\n \"Date_Last_Reviewed\": \"2024-04-24\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 186623,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d0ae759f-e1c2-444d-8b7a-0a14c7c738dc\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-31\",\n \"Date_Last_Reviewed\": \"2024-03-21\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1211532,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"2c712864-9b61-47d0-905e-7888d97e7761\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-13\",\n \"Date_Last_Reviewed\": \"2023-11-07\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 378533,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b9675465-129a-451b-9c42-e390f3a25b4f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-01\",\n \"Date_Last_Reviewed\": \"2024-07-19\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 860145,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"b6b98863-16b6-4d35-b150-fe7380de414d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-07\",\n \"Date_Last_Reviewed\": \"2024-12-02\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 563031,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c6b3f21d-f78e-4608-9d19-c907062d2d3e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-01\",\n \"Date_Last_Reviewed\": \"2023-08-22\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 124835,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"71c40b02-e80f-40c4-8cb9-29343ca34e8d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-28\",\n \"Date_Last_Reviewed\": \"2023-06-21\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1275672,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"123f722e-9ac1-4151-b6d7-8341069794d0\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-23\",\n \"Date_Last_Reviewed\": \"2023-12-02\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 565738,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e52220f1-2c57-4bf8-9c37-cf806ab26432\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-09\",\n \"Date_Last_Reviewed\": \"2023-12-24\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 523244,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"498f2add-759f-4ab5-bad4-5899c60d76ca\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-04\",\n \"Date_Last_Reviewed\": \"2025-04-09\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1609088,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"108cb19e-eec4-464e-9f93-65a22e17f2bb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-02\",\n \"Date_Last_Reviewed\": \"2024-01-18\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1943136,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d4246ff0-2aba-497c-b4a6-3f90b20a8ae2\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-02\",\n \"Date_Last_Reviewed\": \"2023-12-23\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 975324,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6f8007fb-892f-4404-8b54-0108c88b9172\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-17\",\n \"Date_Last_Reviewed\": \"2024-01-11\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 453330,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"52369574-a177-49c2-981a-8ad11dc2dc50\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-01-03\",\n \"Date_Last_Reviewed\": \"2024-03-27\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 375096,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"33446961-3e6c-4a71-ac7b-ee9f7ddf9b57\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-15\",\n \"Date_Last_Reviewed\": \"2024-10-29\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1189907,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ecd62756-92b1-49c4-b68d-4b6d69204f7f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-29\",\n \"Date_Last_Reviewed\": \"2024-04-15\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1923069,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"066688eb-ad78-4775-9cf6-85cc944a6416\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-17\",\n \"Date_Last_Reviewed\": \"2023-07-22\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1155873,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"9f846379-f0e2-4c62-a79e-f6671dc1cd2f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-13\",\n \"Date_Last_Reviewed\": \"2024-06-10\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1967405,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7b6d2142-4188-4e09-a229-f3e2c60a5df5\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-19\",\n \"Date_Last_Reviewed\": \"2023-11-28\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1996961,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"5a04f6bf-343b-46b9-b7bc-0088a68ade6c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-08\",\n \"Date_Last_Reviewed\": \"2023-11-05\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1834860,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ad3c69f2-231d-48ee-9a4a-5022284e6f9d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-15\",\n \"Date_Last_Reviewed\": \"2023-12-28\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1110541,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"6217f657-8e82-40ee-9ef6-88b372907122\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-06\",\n \"Date_Last_Reviewed\": \"2024-03-26\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 425617,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8a1b8eab-2cf4-436c-867b-261d79d5f0cb\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-26\",\n \"Date_Last_Reviewed\": \"2024-04-11\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 961248,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"3306a4d0-839e-4ffa-9e99-8f7fd9a2176a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-16\",\n \"Date_Last_Reviewed\": \"2024-12-05\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 450872,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3fe92419-7a13-48a4-b609-68b00dbfc035\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-16\",\n \"Date_Last_Reviewed\": \"2024-09-06\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 391502,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4c0e762e-5585-4170-b4d8-4275ba7364e6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-25\",\n \"Date_Last_Reviewed\": \"2023-11-18\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 549613,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"623f9a1b-5329-4efe-a0f5-eb7d45f64235\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-03\",\n \"Date_Last_Reviewed\": \"2023-08-24\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 940379,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7b7d7ea6-b928-4f7f-88d5-bd75db408b92\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-29\",\n \"Date_Last_Reviewed\": \"2024-04-29\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1861630,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e9e0d456-04f3-400c-82d2-9f044f9badf5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-18\",\n \"Date_Last_Reviewed\": \"2025-02-05\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1296922,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"aa7f039a-20e8-4840-ae67-33bd73b504e0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-11\",\n \"Date_Last_Reviewed\": \"2024-06-22\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 478089,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e4f90aea-1338-490c-a751-c2f670bd8888\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-29\",\n \"Date_Last_Reviewed\": \"2024-12-05\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1878282,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7330285d-ed3f-443c-8248-dc32a8f63c1a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-19\",\n \"Date_Last_Reviewed\": \"2023-06-03\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1500784,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"12159e64-1978-4096-95f1-91662875e6c0\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-21\",\n \"Date_Last_Reviewed\": \"2023-10-17\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1292352,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"96e7b030-3361-4b24-82ea-a3f8ceded233\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-23\",\n \"Date_Last_Reviewed\": \"2023-11-11\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1853429,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"5a7e3b7f-1c4e-4b21-b2d9-1dbde7dafe8e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-01\",\n \"Date_Last_Reviewed\": \"2023-08-19\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 738984,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"579be6ac-2bdd-47ca-88f2-ad7429e288f5\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-05\",\n \"Date_Last_Reviewed\": \"2024-05-01\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1484335,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"41e0f74c-da13-4451-a16d-8a32d1574280\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-01\",\n \"Date_Last_Reviewed\": \"2024-08-29\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 658309,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"68d4868f-5e8e-4cc9-b603-da72e01829c6\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-30\",\n \"Date_Last_Reviewed\": \"2023-08-14\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 976539,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"66489213-0304-426a-8ba2-d09131ab434d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-28\",\n \"Date_Last_Reviewed\": \"2024-04-12\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 456197,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d60500e2-bebe-4bb8-a25e-3760b6e2e30f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-02\",\n \"Date_Last_Reviewed\": \"2025-02-10\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 369003,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e1447e3f-f77c-4feb-b51e-d10ffbcbc94f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-25\",\n \"Date_Last_Reviewed\": \"2024-09-19\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1288859,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"611071ef-2f66-4b3a-93b2-73c51dcebdd3\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-27\",\n \"Date_Last_Reviewed\": \"2025-01-23\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 815334,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f1c46ada-dc41-4a88-97f6-7aa5a4837344\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-04\",\n \"Date_Last_Reviewed\": \"2024-09-21\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 738476,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"1fe25c34-da14-45ff-af66-74e8de936624\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-16\",\n \"Date_Last_Reviewed\": \"2023-08-12\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1324661,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0ff26f72-c5a8-4c02-b018-1372f129127c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-25\",\n \"Date_Last_Reviewed\": \"2024-03-02\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 445186,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ea87e3ab-fc66-44a6-9593-fbffbb0dd5d7\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-19\",\n \"Date_Last_Reviewed\": \"2023-05-29\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1637140,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"be57c522-ee3b-4e7a-b7e4-0a8b00030733\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-01\",\n \"Date_Last_Reviewed\": \"2024-07-19\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1177949,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"91423ac5-e5cf-46c8-8a8d-38de84d9bf71\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-26\",\n \"Date_Last_Reviewed\": \"2024-12-18\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 952216,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6863aa61-12fe-4187-8502-e2322a1600a2\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-06\",\n \"Date_Last_Reviewed\": \"2023-09-13\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 650513,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"058c61f8-bd55-477a-b7c0-ad19418d35fa\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-05\",\n \"Date_Last_Reviewed\": \"2024-11-30\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1388250,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"abeef6fe-ed28-485e-9ba1-5692130dd936\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-09\",\n \"Date_Last_Reviewed\": \"2024-05-13\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 271095,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6c6950e9-623d-4664-9326-ad32961ea9d7\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-13\",\n \"Date_Last_Reviewed\": \"2024-11-08\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1266668,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b9d0bc22-d06f-4502-9558-3dcd7718a106\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-12\",\n \"Date_Last_Reviewed\": \"2023-08-17\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1929439,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"dfb99007-449a-476a-8490-c7b105310f14\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-18\",\n \"Date_Last_Reviewed\": \"2023-07-14\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1748308,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"26df7b03-cbef-4349-9939-f71faf3f69cb\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-03\",\n \"Date_Last_Reviewed\": \"2023-12-27\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 342800,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"36b991c5-77e5-4923-a9a6-1ff4455c52ea\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-03\",\n \"Date_Last_Reviewed\": \"2025-03-14\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 371930,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ca797c46-bf60-4a8f-8d44-06ef9f22e936\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-18\",\n \"Date_Last_Reviewed\": \"2023-09-28\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 869026,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"0ec18a94-a843-4af5-9889-5ef50f47c791\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-13\",\n \"Date_Last_Reviewed\": \"2024-04-28\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 150760,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3eff6c7d-2812-4776-bc34-02c1d8095d00\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-12\",\n \"Date_Last_Reviewed\": \"2023-10-31\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1113439,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"66b8a952-800e-43c1-9ee8-1b1c111509f4\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-22\",\n \"Date_Last_Reviewed\": \"2024-09-25\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1577665,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0b7aceb5-a378-49b3-a224-56da2ddaacb9\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-09\",\n \"Date_Last_Reviewed\": \"2024-02-06\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1699550,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c8c34019-e887-4406-8319-080b04b05858\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-06\",\n \"Date_Last_Reviewed\": \"2023-09-18\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1510205,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"98b61195-e65f-4389-9dad-9a24448e0532\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-14\",\n \"Date_Last_Reviewed\": \"2023-12-12\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1277265,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e503ba53-52ed-460d-b235-e6784ea4f190\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-09\",\n \"Date_Last_Reviewed\": \"2024-11-07\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 657859,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"505df2bf-26c6-46eb-8046-84a651df9d96\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-06\",\n \"Date_Last_Reviewed\": \"2023-10-29\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1051760,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ae22236e-87c0-4b19-931a-89836787335f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-19\",\n \"Date_Last_Reviewed\": \"2023-11-26\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1217225,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c1d07480-6c5e-4d53-bdf0-ae60c8ec5064\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-05\",\n \"Date_Last_Reviewed\": \"2024-03-28\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 581336,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"40780755-fd08-4613-92d2-0d3d2b19d74e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-05\",\n \"Date_Last_Reviewed\": \"2024-08-03\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 392463,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"c1025ec2-16ac-41ce-9f56-e4d566555c1b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-05-11\",\n \"Date_Last_Reviewed\": \"2024-09-21\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 401716,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1c6f653c-24ed-4cbd-8fd6-6f1758c327ee\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-02\",\n \"Date_Last_Reviewed\": \"2023-06-22\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1949813,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6d704250-6570-4ebd-830b-8c8eade2b9b8\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-01-28\",\n \"Date_Last_Reviewed\": \"2023-06-06\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1630759,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ecbac063-5bf0-4c58-9129-c9137d9996b4\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-01\",\n \"Date_Last_Reviewed\": \"2024-01-19\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1944804,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"24913015-2547-477a-8375-563b464ddcec\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-12\",\n \"Date_Last_Reviewed\": \"2024-03-26\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1680737,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"90a5d6dd-946b-44cc-b8c9-4aa0059c9363\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-16\",\n \"Date_Last_Reviewed\": \"2025-03-31\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 968154,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6e1b5f27-d698-4a6f-bc73-359f25aeb932\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-31\",\n \"Date_Last_Reviewed\": \"2024-06-23\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1931809,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"73255348-428b-4fe5-b8e8-1f827a6f5ac0\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-01\",\n \"Date_Last_Reviewed\": \"2024-03-03\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1967088,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"422605b3-f8fd-4519-b33e-0f7eb37a040d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-23\",\n \"Date_Last_Reviewed\": \"2023-10-25\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1063317,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f8254d69-8d71-45db-bab9-d772fb1213c5\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-08\",\n \"Date_Last_Reviewed\": \"2023-05-29\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1601013,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ed74d337-a4ac-4a29-82e3-eeb31c5b2d4c\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-13\",\n \"Date_Last_Reviewed\": \"2023-08-24\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 514241,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"890503ab-311d-4cc4-803b-33801befdeaf\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-28\",\n \"Date_Last_Reviewed\": \"2023-12-16\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1980656,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2790410e-3868-4538-8cd5-2833ec85d937\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-23\",\n \"Date_Last_Reviewed\": \"2024-09-17\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1475774,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"957afb74-450e-4c61-98f0-77db290aa32d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-07\",\n \"Date_Last_Reviewed\": \"2024-07-13\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1272812,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d8d47d91-454e-42a3-8494-625155f040c6\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-01\",\n \"Date_Last_Reviewed\": \"2024-06-09\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 653263,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d3735043-3cec-483f-9395-97c8fa2610de\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-26\",\n \"Date_Last_Reviewed\": \"2024-02-08\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 692941,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f80e0c11-255d-470c-8679-4c6e987276eb\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-19\",\n \"Date_Last_Reviewed\": \"2023-09-16\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1566289,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"368c08c0-4c63-4f80-881d-98bc2bdf0336\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-13\",\n \"Date_Last_Reviewed\": \"2024-06-10\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1014595,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"47240ef9-50b9-4e16-8975-6df07bf53787\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-25\",\n \"Date_Last_Reviewed\": \"2024-11-29\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1720844,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9da20b7b-057d-4c98-827e-1b9f6e0d0917\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-06\",\n \"Date_Last_Reviewed\": \"2024-01-25\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1222195,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5622515c-7b0b-45a2-b07a-42bc3daad82c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-06\",\n \"Date_Last_Reviewed\": \"2024-04-03\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1735745,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8c430735-5a96-4478-8a2c-c2d17028591b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-17\",\n \"Date_Last_Reviewed\": \"2024-11-25\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1793760,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d258a6a3-562e-4e15-a9af-3110c81c14e3\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-30\",\n \"Date_Last_Reviewed\": \"2024-12-23\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1800177,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4549a869-03ab-4340-96e9-8488be37ebd2\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-09\",\n \"Date_Last_Reviewed\": \"2025-01-28\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 756873,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e13299a2-0c1c-4643-9f0b-0614bf02a3a4\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-15\",\n \"Date_Last_Reviewed\": \"2025-03-19\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1278174,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9a11c956-3d03-41c4-9e70-42dc937be0ff\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-24\",\n \"Date_Last_Reviewed\": \"2023-11-30\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1062085,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"3e2abe07-fd94-4a4a-8193-a89f8859e1f3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-25\",\n \"Date_Last_Reviewed\": \"2024-01-21\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1506109,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"44586ced-51ef-413b-a8ed-acc85105885a\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-13\",\n \"Date_Last_Reviewed\": \"2023-11-23\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1024782,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"178dcfc7-75a8-4062-a8ba-6a6a3155f174\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-01\",\n \"Date_Last_Reviewed\": \"2024-02-18\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 270991,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"0c8b59cb-749c-4a89-b8e8-95bcb7cc4875\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-05-31\",\n \"Date_Last_Reviewed\": \"2024-01-04\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 531824,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"36d857f8-2c6c-4290-8eaa-0e01c1972329\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-24\",\n \"Date_Last_Reviewed\": \"2025-02-20\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, SOX\",\n \"Loss_Estimate_USD\": 144451,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e0e7fc51-97df-496c-83f1-db80943b8b25\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-29\",\n \"Date_Last_Reviewed\": \"2025-01-31\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1946519,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7f91e5b5-472b-424e-a65e-d2235c757a52\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-31\",\n \"Date_Last_Reviewed\": \"2023-09-11\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 407077,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"0822e068-feb1-4c2a-9dce-1f08b558c7ab\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-20\",\n \"Date_Last_Reviewed\": \"2025-05-06\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1437489,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b3a5adb2-fd46-4a98-9f3b-55381f520dd1\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-08\",\n \"Date_Last_Reviewed\": \"2023-05-30\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 695918,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b35f2390-f7ef-47f2-94e3-bcd68c36154e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-16\",\n \"Date_Last_Reviewed\": \"2024-06-22\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 617454,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"67f3fa12-5ba8-43f9-85e9-afcefae879f9\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-03\",\n \"Date_Last_Reviewed\": \"2025-04-26\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 365604,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c6a66e18-e152-4e3d-88f4-6ff511edacbd\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-19\",\n \"Date_Last_Reviewed\": \"2024-09-03\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 477643,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"07053ab9-fd8f-4e1c-bc1f-7aac42e5f4d3\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-14\",\n \"Date_Last_Reviewed\": \"2025-03-02\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 820776,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f36b7175-5a8c-4421-8330-c70e091b14d7\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-12\",\n \"Date_Last_Reviewed\": \"2023-09-24\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 499461,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"1c7f2943-f433-4673-87e9-37101738d169\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-17\",\n \"Date_Last_Reviewed\": \"2023-05-16\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 538348,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0c356856-84da-4a79-8a61-cd1ba2ecdeb6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-21\",\n \"Date_Last_Reviewed\": \"2024-03-01\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 847529,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"63778b5a-fa9c-4305-b778-85788a48121d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-03\",\n \"Date_Last_Reviewed\": \"2023-05-21\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 964460,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e7c733df-5abb-46ba-b930-f4919bd89e26\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-17\",\n \"Date_Last_Reviewed\": \"2025-02-08\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1059774,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"82398af4-5206-4c3a-8c32-487f97607bc4\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-12\",\n \"Date_Last_Reviewed\": \"2023-06-20\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1005451,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"74362c64-23d6-43f8-b090-305f61e8284a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-30\",\n \"Date_Last_Reviewed\": \"2023-09-05\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1990445,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f9a619fc-1d98-4afc-b1bb-c54a04fcc6e1\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-16\",\n \"Date_Last_Reviewed\": \"2024-08-10\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 442250,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"601fba25-8614-4e82-b90f-d01a7ed52679\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-20\",\n \"Date_Last_Reviewed\": \"2025-02-06\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1105468,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5da73b64-0372-4684-974f-62311de3c35f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-21\",\n \"Date_Last_Reviewed\": \"2023-06-09\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1199365,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"672f93b1-de0a-4fe4-bc48-2240328b238d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-29\",\n \"Date_Last_Reviewed\": \"2023-06-27\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 792423,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"4e90ee97-ce2e-4910-9c5a-6c0f95f981c2\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-22\",\n \"Date_Last_Reviewed\": \"2023-09-19\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 674474,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"03fc3583-4a8c-451e-a5fe-1e4371eb0bc3\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-28\",\n \"Date_Last_Reviewed\": \"2024-03-11\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 301773,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"bf76b7e2-8e5c-4213-91a3-0e1c64654120\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-26\",\n \"Date_Last_Reviewed\": \"2024-09-25\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 327061,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a75175eb-f114-4661-98b7-4b1c2ed94203\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-02\",\n \"Date_Last_Reviewed\": \"2024-03-31\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1689990,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"25900565-ddfd-4a79-bac8-9f03de0ac99b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-02\",\n \"Date_Last_Reviewed\": \"2024-03-05\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1505568,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d89fc2e0-5937-4e3f-923c-04d0fef3730b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-04\",\n \"Date_Last_Reviewed\": \"2025-01-12\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1888888,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d532e3a2-79ba-4fd5-9497-42978b4ccf4c\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-02\",\n \"Date_Last_Reviewed\": \"2024-07-11\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 860860,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0047cb88-7a71-47b4-bea2-ae3a2c329ab1\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-10\",\n \"Date_Last_Reviewed\": \"2023-08-31\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1732995,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9fb0d514-05e5-450c-94dd-7add7d191a06\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-25\",\n \"Date_Last_Reviewed\": \"2024-09-05\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 574289,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f50ab0af-ba49-422b-afb1-488b9347df75\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-05-22\",\n \"Date_Last_Reviewed\": \"2024-07-23\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1967911,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"bf9babfd-d2db-407e-98b2-f2993f3ecc47\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-28\",\n \"Date_Last_Reviewed\": \"2024-12-14\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1304665,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5755e8b1-7712-498e-9384-d77da01e15a9\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-09\",\n \"Date_Last_Reviewed\": \"2023-06-28\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1737728,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"44dd7c25-c2d2-45ca-818d-39afb1eadb44\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-16\",\n \"Date_Last_Reviewed\": \"2023-05-19\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1458857,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"dcebf1dd-924d-4489-a511-5c1fa3af17bb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-26\",\n \"Date_Last_Reviewed\": \"2024-01-29\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1970641,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5d0d3284-2f6a-49f1-9002-7737cd2eee9e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-15\",\n \"Date_Last_Reviewed\": \"2024-03-25\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1481033,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"cb82166a-e6c2-43dc-adb2-f1885c3503ff\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-18\",\n \"Date_Last_Reviewed\": \"2023-07-23\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1574060,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"62088d98-fa56-4ec8-81c2-c1f0794531ff\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-06\",\n \"Date_Last_Reviewed\": \"2024-12-26\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 616788,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"060162bf-7590-4733-8783-83d91894bbb2\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-17\",\n \"Date_Last_Reviewed\": \"2025-02-04\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1125548,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7226514a-44f8-4fe1-bd86-1043a4e4a08c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-14\",\n \"Date_Last_Reviewed\": \"2023-12-07\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1140480,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ab3ca0c9-f5b9-4933-8b8e-91339ea914cc\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-07\",\n \"Date_Last_Reviewed\": \"2024-10-17\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1428044,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9a0c2cde-1f3e-4b15-8134-cf8db7a8edca\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-19\",\n \"Date_Last_Reviewed\": \"2024-12-12\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1549795,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4a386b93-ae9b-4c10-99b1-64442462cec3\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-16\",\n \"Date_Last_Reviewed\": \"2023-09-22\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1221564,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"840a8562-3f9d-4440-a497-ee775a116c1d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-25\",\n \"Date_Last_Reviewed\": \"2023-10-28\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 568854,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"787e4685-353a-425f-869d-7bbea0589655\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-05\",\n \"Date_Last_Reviewed\": \"2025-04-21\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 659198,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ec132984-8ad4-499b-9e8f-13272fd162fe\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-08\",\n \"Date_Last_Reviewed\": \"2023-12-30\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1867996,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e52a1fef-5d8b-47ef-8640-42905d42a839\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-16\",\n \"Date_Last_Reviewed\": \"2023-11-04\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 762269,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3e349c16-5da9-416b-b0d9-8a0b431e1346\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-17\",\n \"Date_Last_Reviewed\": \"2025-04-23\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 390964,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ca0d3dc1-acf9-4d78-b237-bbe3316d16ff\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-09\",\n \"Date_Last_Reviewed\": \"2024-04-28\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1621970,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"93774759-2541-419f-a785-5e9c64512eb2\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-06\",\n \"Date_Last_Reviewed\": \"2023-07-19\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1861788,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"bf8689ce-8b45-4f1e-89b9-0c83409372c1\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-27\",\n \"Date_Last_Reviewed\": \"2024-05-03\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1432501,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3a14c1fe-5bf9-4b2e-b773-f884d1f0bb57\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-14\",\n \"Date_Last_Reviewed\": \"2023-12-03\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 458332,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"82215f5f-9683-46e0-b79f-d2d722a2af60\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-06\",\n \"Date_Last_Reviewed\": \"2025-03-01\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1055477,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"587d20e0-a6a5-479d-bac2-65252a326654\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-28\",\n \"Date_Last_Reviewed\": \"2023-10-10\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 934135,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"29193f8c-ef82-4c47-8efb-3f0d7b8743ac\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-20\",\n \"Date_Last_Reviewed\": \"2024-12-25\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1241077,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"12ff73be-edb3-4282-8f03-69d5e9704dcb\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-16\",\n \"Date_Last_Reviewed\": \"2024-11-20\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1577107,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0877e201-2e44-4699-8d21-d507b5a30a21\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-27\",\n \"Date_Last_Reviewed\": \"2025-03-03\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1982590,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4050aabf-7086-47e8-af0c-02fae7565814\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-12\",\n \"Date_Last_Reviewed\": \"2024-01-01\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1090938,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"926ec705-c62d-4f57-98e7-5c2f080d730a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-02\",\n \"Date_Last_Reviewed\": \"2025-02-01\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 398526,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a0fbf4d7-ade4-4a05-8119-eb0b9034b930\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-25\",\n \"Date_Last_Reviewed\": \"2025-03-24\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 959609,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"5f9ed831-3bdd-4b65-a17b-ceda6c54c244\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-05\",\n \"Date_Last_Reviewed\": \"2025-02-11\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1450571,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"4c34a6da-9e38-41ff-bde3-09fc63e98e07\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-10\",\n \"Date_Last_Reviewed\": \"2025-03-03\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1270398,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"44c6d958-0a02-4133-8922-4a443a1bdc63\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-29\",\n \"Date_Last_Reviewed\": \"2024-02-06\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1257649,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"61539e7b-840e-4412-b189-f805d4019414\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-30\",\n \"Date_Last_Reviewed\": \"2023-06-04\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1150733,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7f9b6fc3-af48-4b77-a954-d480c663f4ac\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-24\",\n \"Date_Last_Reviewed\": \"2024-11-01\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 584341,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"ff1d163d-b5b8-4582-b318-1752cac927d7\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-30\",\n \"Date_Last_Reviewed\": \"2024-09-27\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1659819,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e28a08f9-d94c-4a45-aff1-8730e2d6808e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-29\",\n \"Date_Last_Reviewed\": \"2023-07-18\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1351788,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e01666eb-c911-41d1-b0ed-5b99e46187f3\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-28\",\n \"Date_Last_Reviewed\": \"2024-03-22\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1002390,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d32c7fc9-bb6d-42b8-88f8-f5c1edd88fb9\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-30\",\n \"Date_Last_Reviewed\": \"2024-12-14\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1752270,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"76682577-6e8d-4c3e-a9fb-c5212f89f647\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-21\",\n \"Date_Last_Reviewed\": \"2023-09-22\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 357707,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"96c83e58-9dbe-49fc-9703-e28a02fe6d40\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-18\",\n \"Date_Last_Reviewed\": \"2024-08-12\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1312233,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8d8594c8-b2f4-4715-8d0e-a843a0595c2e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-11\",\n \"Date_Last_Reviewed\": \"2023-12-09\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1776037,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1966c50a-3082-4f01-be7e-5c33fb80031c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-15\",\n \"Date_Last_Reviewed\": \"2025-02-28\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1682213,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f243b966-978e-47fd-9bd1-711f983f1dc5\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-01\",\n \"Date_Last_Reviewed\": \"2024-08-18\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 532318,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"72364c78-0e85-4e01-a2b8-d439177ace34\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-26\",\n \"Date_Last_Reviewed\": \"2024-04-07\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1722639,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b5bbc7d6-3c5f-4ebb-9a74-61a6b8f15005\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-23\",\n \"Date_Last_Reviewed\": \"2024-11-26\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 558229,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"be12850f-7a5e-4072-a75a-e8a196a87a73\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-10\",\n \"Date_Last_Reviewed\": \"2024-06-09\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 933030,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ca6926ab-3e03-4e8d-a067-268d06c67c0a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-08\",\n \"Date_Last_Reviewed\": \"2023-10-27\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1941530,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d24b96c6-8325-4ef3-84f0-bf7654646d74\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-17\",\n \"Date_Last_Reviewed\": \"2023-12-25\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 288110,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a422663a-98b7-4ab7-838e-4e85f1c1c10c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-26\",\n \"Date_Last_Reviewed\": \"2024-06-23\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 353213,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"825b5cb1-671c-450b-aff6-6511064f6b30\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-14\",\n \"Date_Last_Reviewed\": \"2023-08-01\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 144751,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"f9785dc0-497f-4192-be56-b88d481df70b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-10\",\n \"Date_Last_Reviewed\": \"2024-02-27\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 344378,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"46989f11-9c81-4c9e-be08-b78f4c713774\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-18\",\n \"Date_Last_Reviewed\": \"2024-07-20\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 220119,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ca93b93b-836d-4d31-874b-b2c0b4faa96d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-25\",\n \"Date_Last_Reviewed\": \"2023-06-23\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1256911,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a8fa6c39-e1ea-4fe2-990d-798f947ac072\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-05\",\n \"Date_Last_Reviewed\": \"2023-12-31\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1962984,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e841b66b-80c5-4b77-a250-7c7515581090\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-15\",\n \"Date_Last_Reviewed\": \"2024-08-25\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1217705,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f39ca200-a1c5-43ae-8423-88f2a179898a\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-02\",\n \"Date_Last_Reviewed\": \"2023-07-08\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1878849,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"a1bf7209-9ca7-4d9e-a17f-1466cc76c6e7\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-12\",\n \"Date_Last_Reviewed\": \"2023-11-06\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 755239,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"cb9b64b3-4847-4aef-bfb9-c1e535c58d89\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-26\",\n \"Date_Last_Reviewed\": \"2024-05-02\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1995691,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0677a47c-46e0-4471-bb77-707133ae4e31\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-03\",\n \"Date_Last_Reviewed\": \"2025-02-24\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1419653,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b611b77c-4051-4f45-b8b8-07ab4763047b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-27\",\n \"Date_Last_Reviewed\": \"2024-11-13\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 790816,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c26c5f97-e719-4286-80f4-3adcbcc53246\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-19\",\n \"Date_Last_Reviewed\": \"2024-06-29\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1794436,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"697e11f1-c630-47c4-bbdd-0f7985cf26ee\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-29\",\n \"Date_Last_Reviewed\": \"2025-05-11\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1030938,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"5744a77e-de05-48c4-883a-f7a4ccee6d49\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-18\",\n \"Date_Last_Reviewed\": \"2024-06-22\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1692046,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"86536dc3-2766-4dcb-8e11-b4e08b23ad78\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-17\",\n \"Date_Last_Reviewed\": \"2024-02-28\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 451165,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b3a8b109-6d5c-4562-9a8d-7b3503d13a7d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-02\",\n \"Date_Last_Reviewed\": \"2024-08-06\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1080263,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"3e6a4dad-fb0d-4c6e-b0fd-98464725d449\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-30\",\n \"Date_Last_Reviewed\": \"2024-04-23\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1523338,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6b716bc3-1de4-4dc3-9f85-b57f2df1eb66\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-05\",\n \"Date_Last_Reviewed\": \"2023-08-31\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1543244,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"2bb33e15-2670-4928-b7ad-7d9044cf1636\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-15\",\n \"Date_Last_Reviewed\": \"2023-09-23\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 755744,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"da282daa-8fdd-453a-967b-56d3f59f2012\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-26\",\n \"Date_Last_Reviewed\": \"2024-08-11\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 812838,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"98af2639-c7c9-4871-998a-8ae52754654d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-25\",\n \"Date_Last_Reviewed\": \"2024-03-09\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1256820,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d89d89e1-1a1e-4898-b881-54c687ad378d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-06\",\n \"Date_Last_Reviewed\": \"2023-08-26\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1467000,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"33533780-371b-4812-ab64-63369e3d46b1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-05\",\n \"Date_Last_Reviewed\": \"2025-04-08\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1774834,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f7dd3162-4f94-4489-a27a-f35b9c201434\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-22\",\n \"Date_Last_Reviewed\": \"2024-10-12\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1690218,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ca332f53-589c-41b5-96fb-112442e2d467\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-07\",\n \"Date_Last_Reviewed\": \"2024-04-24\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 884036,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"757faf01-6af8-4108-be71-58018b56ed82\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-10\",\n \"Date_Last_Reviewed\": \"2025-04-18\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1422278,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1fa05b91-d8a5-487a-9fbb-6ddcd0b24145\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-12-13\",\n \"Date_Last_Reviewed\": \"2024-02-19\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1478938,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"57ccf5c8-3246-425e-9837-4f749b2d50e3\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-22\",\n \"Date_Last_Reviewed\": \"2024-06-07\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1145957,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6c87c333-b4ab-4498-8783-92013e2222c6\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-01\",\n \"Date_Last_Reviewed\": \"2024-04-14\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 701672,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"39132a77-4019-471d-b1eb-e97e84ece5d5\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-11\",\n \"Date_Last_Reviewed\": \"2025-04-24\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1579021,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"88b229e2-0137-492c-a89e-75ba2b6a832e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-17\",\n \"Date_Last_Reviewed\": \"2024-03-05\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1415080,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c72ffcc4-2f96-4be7-80e0-f43d294543d7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-23\",\n \"Date_Last_Reviewed\": \"2025-01-31\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 414835,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"cc86838c-97f4-48b7-869a-ca9233490978\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-12\",\n \"Date_Last_Reviewed\": \"2024-03-24\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1986940,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6710f951-009f-44e7-9024-66e5fddf561d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-14\",\n \"Date_Last_Reviewed\": \"2024-09-30\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 832469,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"10472f08-545b-4e61-9c48-3b008f65540c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-16\",\n \"Date_Last_Reviewed\": \"2024-03-05\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1601319,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"843eef37-e6cb-4c6e-ace3-c8aa21989ae7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-23\",\n \"Date_Last_Reviewed\": \"2023-06-12\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 661204,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"ac55e69d-c952-4f94-ba92-d1a04b7ed93d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-13\",\n \"Date_Last_Reviewed\": \"2024-09-30\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1086854,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b74bb84a-6536-4cff-8d63-2404230e8ab7\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-07\",\n \"Date_Last_Reviewed\": \"2023-10-14\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 425170,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"151c36ab-fa19-40f8-9c49-aea02208b54e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-21\",\n \"Date_Last_Reviewed\": \"2023-05-31\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 510914,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6914a7fb-a569-47dc-b0e0-ed143cd11a8b\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-05\",\n \"Date_Last_Reviewed\": \"2025-01-16\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1645173,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"3c954480-4915-4a4b-8bbe-5efc10aebe8f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-19\",\n \"Date_Last_Reviewed\": \"2025-03-01\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1099526,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"04331cd6-9c20-4fd3-91c8-4485c38b4568\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-12\",\n \"Date_Last_Reviewed\": \"2024-05-12\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1954193,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9780b78d-9f1f-417b-8f8e-87023c42fe25\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-10\",\n \"Date_Last_Reviewed\": \"2024-12-04\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1212896,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"42cb390c-76a1-4874-a13e-db561a99b904\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-23\",\n \"Date_Last_Reviewed\": \"2024-03-05\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 656491,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9f65169c-fbed-4c28-93b2-c7795f3e0afc\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-18\",\n \"Date_Last_Reviewed\": \"2023-12-26\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1850474,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4c931ccf-366a-4927-a045-afc51936c78c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-29\",\n \"Date_Last_Reviewed\": \"2023-07-30\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1259894,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a3c32a11-06cd-4bb4-b898-5b7f43f78993\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-19\",\n \"Date_Last_Reviewed\": \"2024-02-20\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1686819,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b60dd80f-1c77-472a-afd1-393bf21e778c\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-02\",\n \"Date_Last_Reviewed\": \"2024-01-09\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 307727,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"40ef448d-7561-4c90-a03c-d41fff97ffdd\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-01\",\n \"Date_Last_Reviewed\": \"2025-03-28\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 655054,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e15f5528-b8dc-4410-b23c-0711efcb2724\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-07\",\n \"Date_Last_Reviewed\": \"2023-11-20\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 237065,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e4ab1c2e-bb1c-47ff-a673-59528278fb01\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-07\",\n \"Date_Last_Reviewed\": \"2023-05-29\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 846736,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a466425b-b99f-49ef-a5d0-a22c261aff40\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-07\",\n \"Date_Last_Reviewed\": \"2025-03-10\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 814114,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]"], "What are the top 3 high-impact risks this quarter?": ["[\n {\n \"Risk_ID\": \"960ff044-7f20-4ab1-a9eb-b0f0970c591c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-28\",\n \"Date_Last_Reviewed\": \"2024-04-28\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 881899,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2b5dc514-e641-48c1-81a3-b9c4ff6b019c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-03\",\n \"Date_Last_Reviewed\": \"2024-05-11\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1515439,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"1f3f5502-8124-4c04-a43d-3970711ca502\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-05-31\",\n \"Date_Last_Reviewed\": \"2023-11-29\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1587045,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0036eaba-f611-4470-90c7-9ca1df45d373\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-26\",\n \"Date_Last_Reviewed\": \"2023-09-01\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1475258,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e720070b-cc15-4e64-96f5-5b8a2872189f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-01-17\",\n \"Date_Last_Reviewed\": \"2023-11-05\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1752051,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"81af9a6e-73fe-43f4-ba2e-1fe73c5d26a6\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-27\",\n \"Date_Last_Reviewed\": \"2025-02-22\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 888700,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"de55d52a-7c4a-44bf-bc59-2c3024fd021a\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-10\",\n \"Date_Last_Reviewed\": \"2025-03-02\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 146696,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ccd4ebfc-1358-4b20-86c7-4ad790f66c4d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-31\",\n \"Date_Last_Reviewed\": \"2024-11-29\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1710126,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"50b03ab7-684b-4aac-ab05-259e74dc71f8\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-24\",\n \"Date_Last_Reviewed\": \"2024-06-25\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 236173,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1077e85f-40eb-46fc-8079-75fac25a9fd5\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-22\",\n \"Date_Last_Reviewed\": \"2024-04-19\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1250194,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"90b45e02-eed5-493c-a4ff-62b337d9d485\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-30\",\n \"Date_Last_Reviewed\": \"2024-06-25\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1674061,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d2e74e80-35a2-4024-8d19-8bfe70fe69a3\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-07\",\n \"Date_Last_Reviewed\": \"2024-07-19\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1798106,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a3b4a6ff-27a0-446a-9f37-fcbb98ed825e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-28\",\n \"Date_Last_Reviewed\": \"2025-03-24\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1085616,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"65910c7e-85b2-4eac-abba-8450e3f4603c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-10\",\n \"Date_Last_Reviewed\": \"2024-12-15\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1379381,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9b583a79-814d-4a39-97e3-5d21420d5e68\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-30\",\n \"Date_Last_Reviewed\": \"2023-06-12\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 946886,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c1dbfab8-b49e-4729-9bd3-76ec4fe687d0\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-24\",\n \"Date_Last_Reviewed\": \"2024-07-27\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1417516,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"74badbeb-fcbe-4bb6-80d0-62dff1b27f14\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-09\",\n \"Date_Last_Reviewed\": \"2024-09-04\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 614067,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f7607599-159e-42d7-a803-98f1d93fd822\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-20\",\n \"Date_Last_Reviewed\": \"2024-11-01\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 256342,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"72251dd4-32bc-437c-975f-d5c610d26df6\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-29\",\n \"Date_Last_Reviewed\": \"2024-04-03\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1626233,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"93bfbc71-a1ec-4f16-a3f7-85bbd098203e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-28\",\n \"Date_Last_Reviewed\": \"2023-12-28\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1349697,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c4735ad9-60ed-4cf4-9f9b-759267bd38f0\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-16\",\n \"Date_Last_Reviewed\": \"2023-06-01\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1095063,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"aa8fa353-e8da-45da-b152-5e770376e0b8\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-17\",\n \"Date_Last_Reviewed\": \"2024-06-28\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1655171,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ec4de75a-b52c-4440-aa77-57d0089b7d22\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-16\",\n \"Date_Last_Reviewed\": \"2024-02-25\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 697889,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6f316eb5-9e74-41b4-a6e3-a09d49c9e202\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-07\",\n \"Date_Last_Reviewed\": \"2025-04-07\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1227470,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"aa9c74b1-5374-41a7-905b-823974ac5773\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-08\",\n \"Date_Last_Reviewed\": \"2024-06-14\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 480739,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"95af0e1c-ade8-46d0-9cb0-ca8e38cc47d4\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-04\",\n \"Date_Last_Reviewed\": \"2024-05-24\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1531019,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"98d42a6d-aaff-4a82-bda8-bfddfb7fa915\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-05-03\",\n \"Date_Last_Reviewed\": \"2024-02-10\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1305212,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"de03a34c-363c-464b-9d60-bed219f11d52\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-30\",\n \"Date_Last_Reviewed\": \"2025-04-26\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1721476,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4309b658-7db3-41bd-b561-6222c98a6a91\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-15\",\n \"Date_Last_Reviewed\": \"2023-12-29\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1251170,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b51c47c4-0f52-40e1-a950-9689feecd06a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-16\",\n \"Date_Last_Reviewed\": \"2023-09-27\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1246550,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f1aab6cc-e63a-4a78-aaa9-fdac1e653f37\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-10\",\n \"Date_Last_Reviewed\": \"2024-03-12\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1665025,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f1510318-5fa1-4953-9ddb-16ca21fb7cf8\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-07\",\n \"Date_Last_Reviewed\": \"2024-06-17\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 420770,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e21e4bb2-fd6a-4681-b216-2074eac4f4af\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-21\",\n \"Date_Last_Reviewed\": \"2025-02-24\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1636586,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"2144f3ac-2397-48bd-9596-b657768fb781\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-05\",\n \"Date_Last_Reviewed\": \"2024-08-18\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1503411,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b840eab1-4b94-43a7-b9a5-14bdb419d8d4\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-08\",\n \"Date_Last_Reviewed\": \"2024-08-15\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1388172,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2c443384-6d2c-469f-bcda-ab7ae68c6d15\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-22\",\n \"Date_Last_Reviewed\": \"2023-07-16\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1417787,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c1c95ff2-92f2-4765-89b5-0545602f3f4d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-22\",\n \"Date_Last_Reviewed\": \"2023-11-07\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 220794,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"286d97f6-5bd7-42ee-9d96-08514400a445\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-23\",\n \"Date_Last_Reviewed\": \"2024-08-22\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1141812,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b2a4af39-bf83-408c-afcb-7e8fd301f1dc\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-06\",\n \"Date_Last_Reviewed\": \"2024-01-21\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1279909,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"2ffdfc28-acc5-4d87-96cb-fd1ff5e8372b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-11\",\n \"Date_Last_Reviewed\": \"2023-12-03\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1614394,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d18c3f5d-f13b-4f69-8437-57087c8c9d0d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-07\",\n \"Date_Last_Reviewed\": \"2025-03-08\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 756690,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"72d82917-31a8-498d-bbdf-72ab48defa5c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-21\",\n \"Date_Last_Reviewed\": \"2024-12-20\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1249965,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0a959e0c-7d54-4c85-b3f6-43529587c9bd\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-01\",\n \"Date_Last_Reviewed\": \"2025-03-08\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1982854,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d5387ea0-f8c2-4d0d-a211-860966b96f10\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-31\",\n \"Date_Last_Reviewed\": \"2025-01-02\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1242419,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2983192c-7f38-4d02-a401-5be34f2524d0\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-19\",\n \"Date_Last_Reviewed\": \"2023-10-30\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1685785,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"02a5f885-cb0e-474f-966e-2c22a8aec4da\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-15\",\n \"Date_Last_Reviewed\": \"2024-10-08\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1921071,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"460b5074-5d99-4fdc-8aaa-1ee2da470281\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-28\",\n \"Date_Last_Reviewed\": \"2024-05-01\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1639922,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"606dd1ef-86c9-451f-900f-f59041389f89\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-21\",\n \"Date_Last_Reviewed\": \"2024-06-27\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1679678,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5c74bac5-6035-4c6e-a52b-6b6dc92436fc\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-01\",\n \"Date_Last_Reviewed\": \"2024-07-06\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1126956,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"deb4fe26-e0f5-4043-b5e2-134e0a4c45fa\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-16\",\n \"Date_Last_Reviewed\": \"2024-04-25\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 680641,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"62d89862-da59-4dac-9649-c75b336b2eb1\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-23\",\n \"Date_Last_Reviewed\": \"2024-11-27\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1256456,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d1c173a1-b2f3-4d33-9609-bc9f836c70bd\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-11\",\n \"Date_Last_Reviewed\": \"2024-09-07\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1087218,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"53b1649d-2b55-46b3-9803-c0e032a5e2d7\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-07\",\n \"Date_Last_Reviewed\": \"2024-05-14\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 312612,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"aec577d2-cd9f-45c3-a58f-1d1e42ea2990\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-09\",\n \"Date_Last_Reviewed\": \"2025-03-21\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1533164,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"bf0f96f8-4e8a-4f7f-9b08-39c97c7cf6b0\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-12\",\n \"Date_Last_Reviewed\": \"2025-05-02\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 203879,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9e327717-6fe9-49be-aa6a-e8a9bee97855\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-09\",\n \"Date_Last_Reviewed\": \"2023-12-26\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1510800,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"ae70bc14-b844-4687-8052-98dab1106b49\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-19\",\n \"Date_Last_Reviewed\": \"2025-03-31\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 555141,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e2e6dad3-0efc-40b5-8bea-ca1eb3f8ad22\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-12\",\n \"Date_Last_Reviewed\": \"2024-01-31\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 591943,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5a17a2d0-d606-4e0d-afb1-a810cf6e5d66\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-27\",\n \"Date_Last_Reviewed\": \"2023-08-22\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1651945,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6307a77c-acf8-479a-8d97-8e5dfc7c7a8f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-07\",\n \"Date_Last_Reviewed\": \"2023-08-28\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 950608,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b3fc0597-a5b0-4eae-b480-ddd5c17152a2\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-05-25\",\n \"Date_Last_Reviewed\": \"2024-04-03\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1032849,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"2e53e01c-4e9e-4330-aa15-96817793a2a2\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-23\",\n \"Date_Last_Reviewed\": \"2023-08-22\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 946775,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e95e78df-2c28-4b0c-aad4-45c2d1504244\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-11\",\n \"Date_Last_Reviewed\": \"2023-11-24\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 505649,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c30538b9-2a01-4b75-bf37-a839d1c24240\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-03\",\n \"Date_Last_Reviewed\": \"2024-04-16\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 318100,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"01ca9762-7b32-4256-9a8f-1792eb0e85d5\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-30\",\n \"Date_Last_Reviewed\": \"2023-08-28\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 764787,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e7d4af34-0fee-424b-86a7-206b46134b9f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-07\",\n \"Date_Last_Reviewed\": \"2023-11-20\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, CCPA\",\n \"Loss_Estimate_USD\": 1105997,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"61181740-7344-4c95-8d56-85d02a45f02a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-16\",\n \"Date_Last_Reviewed\": \"2024-04-07\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1126756,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"d59f8d6f-5766-4330-8d13-2269efe7147f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-25\",\n \"Date_Last_Reviewed\": \"2024-06-07\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 432599,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"d38a2821-2461-46fa-bd51-4c0bc990aabf\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-15\",\n \"Date_Last_Reviewed\": \"2023-12-19\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 567949,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f0ababce-84a7-42ca-9175-cbaba6559a04\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-11\",\n \"Date_Last_Reviewed\": \"2025-03-12\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 752957,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"716b3643-fb56-475f-ab50-d3f9df391902\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-08\",\n \"Date_Last_Reviewed\": \"2025-05-03\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 879532,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0b62fd33-a57e-485a-a6ad-8856b871f1ea\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-26\",\n \"Date_Last_Reviewed\": \"2025-05-01\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1421359,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"29091c27-d738-49ce-a559-3c16e88e4e3a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-13\",\n \"Date_Last_Reviewed\": \"2024-05-11\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1836760,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8b314a56-cf65-4659-ad12-d95685472245\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-28\",\n \"Date_Last_Reviewed\": \"2023-09-30\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1070011,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"308acd55-5dbc-4680-bb26-144cf82555dc\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-04\",\n \"Date_Last_Reviewed\": \"2023-09-07\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1787923,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5894b258-94f6-4eca-9a1f-49b900cd1ab2\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-15\",\n \"Date_Last_Reviewed\": \"2023-08-14\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1039124,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e361baa5-5103-4d68-83c6-8362f80ffa8e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-14\",\n \"Date_Last_Reviewed\": \"2023-09-12\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1239248,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"842f115d-dd32-47d2-ad5c-b73d9d4098fa\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-03\",\n \"Date_Last_Reviewed\": \"2024-04-10\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1354644,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d0085da6-3bc0-49e3-8e2a-ae0aec75f29c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-31\",\n \"Date_Last_Reviewed\": \"2024-12-06\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 346096,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"512dd56c-3f91-4cb3-a431-7ac1aa91ccc1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-11\",\n \"Date_Last_Reviewed\": \"2023-12-09\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1629632,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"460f6b7a-4c9a-44e1-bac8-8f5b2efff970\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-19\",\n \"Date_Last_Reviewed\": \"2023-10-18\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 872471,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"3bc969e7-458e-4cd6-b0e4-8502d8b88f7e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-06\",\n \"Date_Last_Reviewed\": \"2023-12-02\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1424677,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"212a22c9-d4ad-488e-b778-36cd33fc4d7e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-12\",\n \"Date_Last_Reviewed\": \"2024-05-09\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1127197,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7439007d-1dba-4fb8-8401-190af5088a3e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-28\",\n \"Date_Last_Reviewed\": \"2025-03-22\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 584032,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e9bf1483-e53b-434f-9c69-982dfe1a91e3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-17\",\n \"Date_Last_Reviewed\": \"2024-09-19\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1903335,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ff73dc3d-4249-48a6-b9ed-d5ff5f152903\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-12\",\n \"Date_Last_Reviewed\": \"2023-08-04\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1459812,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"83bfc3ea-ec62-4b3e-bc2c-aa6e17f2e722\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-17\",\n \"Date_Last_Reviewed\": \"2025-03-14\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 797526,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"86ee4b8d-1aa7-4f1e-8eec-af98d0569613\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-20\",\n \"Date_Last_Reviewed\": \"2024-07-17\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 700323,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a5085f5f-8cfc-44ad-9013-c76c6651ce5e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-21\",\n \"Date_Last_Reviewed\": \"2023-09-04\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 375345,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f855d7eb-e522-496b-ba0c-783af34ce0f2\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-23\",\n \"Date_Last_Reviewed\": \"2024-10-31\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 138693,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e7cedeb0-131b-4754-a0d0-3b2ccc7e89e9\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-28\",\n \"Date_Last_Reviewed\": \"2024-06-07\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1303131,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0e7a01d7-f328-47c7-ab54-0d23989a800e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-19\",\n \"Date_Last_Reviewed\": \"2024-09-12\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 985889,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"26966d1b-abb3-44cf-874e-55a9e17d8dda\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-02\",\n \"Date_Last_Reviewed\": \"2025-03-24\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1731824,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"0f5dc887-7efa-4a69-92c6-e9e36f8cb866\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-15\",\n \"Date_Last_Reviewed\": \"2023-10-03\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 320040,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"20da27ac-5f2a-4254-b5d0-c1ee96d655c9\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-05\",\n \"Date_Last_Reviewed\": \"2025-02-21\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1439059,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"14d15335-1eb1-473f-8c37-19cbdcaf011e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-08\",\n \"Date_Last_Reviewed\": \"2024-02-07\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 923200,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7906d5d7-6646-498a-b38c-6c68a29ce878\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-21\",\n \"Date_Last_Reviewed\": \"2023-08-19\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 823747,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"902c6917-890d-4aec-bfd8-c0f18447080a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-15\",\n \"Date_Last_Reviewed\": \"2023-07-28\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 494969,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"eaa870e8-8ecb-4d2a-8af7-3b0c75e3517c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-25\",\n \"Date_Last_Reviewed\": \"2023-11-09\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1878525,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"98047243-7163-4e40-94fa-82a0c5269292\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-19\",\n \"Date_Last_Reviewed\": \"2024-09-05\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1128240,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"19f95848-3dd8-47a9-b8dd-0124d72f9ea0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-14\",\n \"Date_Last_Reviewed\": \"2024-09-01\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1907035,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"157ac8fb-c296-4cd5-a379-939bfb98948e\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-23\",\n \"Date_Last_Reviewed\": \"2023-11-21\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1214771,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"46cb2461-6d45-44df-8220-ed71ed34c53f\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-04\",\n \"Date_Last_Reviewed\": \"2024-10-02\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1195439,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"1f2adfdb-056c-4b81-8bea-e1bdef89f7e4\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-27\",\n \"Date_Last_Reviewed\": \"2023-08-11\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1646206,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ed96ea2d-9002-42bf-9604-8dc03089c148\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-28\",\n \"Date_Last_Reviewed\": \"2024-02-07\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1357957,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b1358450-4379-4266-a9e2-cc16d6f2ce17\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-13\",\n \"Date_Last_Reviewed\": \"2024-03-12\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 447536,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a3812fe8-68be-424a-a752-ea926d6f4472\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-22\",\n \"Date_Last_Reviewed\": \"2023-09-04\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 516229,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3f3f06cc-4a4e-49fb-bbc3-4a89d27f34b8\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-21\",\n \"Date_Last_Reviewed\": \"2023-11-30\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1777368,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"24de2747-d53c-454b-9e61-6664d3164e60\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-22\",\n \"Date_Last_Reviewed\": \"2023-08-28\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1253061,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"dfd9d5d8-a88a-4c4d-ad16-dd69915ece08\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-03\",\n \"Date_Last_Reviewed\": \"2024-02-24\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1540986,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"20abac15-1e5c-42d2-901b-cc3e20adf9db\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-09\",\n \"Date_Last_Reviewed\": \"2024-03-03\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 184465,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c4521af2-e44b-4278-b7dd-0e851958e4d2\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-27\",\n \"Date_Last_Reviewed\": \"2025-04-11\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1063112,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"38108750-d2d0-4d7b-8778-ddca19237816\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-05-19\",\n \"Date_Last_Reviewed\": \"2024-12-06\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1360492,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"4b516635-92b7-432e-963f-419c75f7d840\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-04\",\n \"Date_Last_Reviewed\": \"2025-05-13\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 260318,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4b0e25f2-815f-4343-a0b4-ff2a9babb9c4\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-26\",\n \"Date_Last_Reviewed\": \"2023-08-05\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 525069,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b65132fd-d772-4130-9438-02b1c349df96\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-22\",\n \"Date_Last_Reviewed\": \"2024-08-10\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 622836,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b601f37f-ac26-4c99-baa9-782585cf1881\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-14\",\n \"Date_Last_Reviewed\": \"2024-10-30\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1957709,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"15a283b7-595b-4889-b2fe-58817b535097\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-22\",\n \"Date_Last_Reviewed\": \"2025-04-21\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1241330,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0593c93e-a35e-4924-88cc-b2fab6b463a3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-07\",\n \"Date_Last_Reviewed\": \"2025-03-05\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1063300,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b01c6dd7-80b6-460d-9918-7430c46925cf\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-06\",\n \"Date_Last_Reviewed\": \"2025-04-13\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 826426,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0c64ca51-aee7-4cf9-be09-87f102a777e8\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-24\",\n \"Date_Last_Reviewed\": \"2024-01-21\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1434779,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"97e3e9aa-295b-43c3-818f-573cdb4f73e3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-06\",\n \"Date_Last_Reviewed\": \"2024-07-28\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1490505,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b6d88d18-4123-47df-9d7f-53a40b448df1\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-18\",\n \"Date_Last_Reviewed\": \"2024-02-12\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1049960,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"24314858-c72a-4104-a6ab-75261774a208\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-28\",\n \"Date_Last_Reviewed\": \"2023-12-22\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1825636,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e8df7ca2-c2d6-43b9-bfde-c5fdbf743489\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-11\",\n \"Date_Last_Reviewed\": \"2025-02-20\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 748722,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"495d4cf2-7a78-432a-9976-889ee0e26e34\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-09\",\n \"Date_Last_Reviewed\": \"2025-02-11\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1869448,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d676be36-45c4-4cfd-a975-14d918594782\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-11\",\n \"Date_Last_Reviewed\": \"2025-01-10\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 600912,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"17aec5b5-83d8-4bc6-a13c-07fe256425d8\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-09\",\n \"Date_Last_Reviewed\": \"2025-04-19\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1754406,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2f1f68e0-f72a-4bf2-8925-fd05b02bf7ff\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-06\",\n \"Date_Last_Reviewed\": \"2023-05-22\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1152060,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"14b1d619-67d4-475a-aeeb-0334ba1419c9\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-31\",\n \"Date_Last_Reviewed\": \"2024-12-25\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 743632,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"38ddd17f-91d2-4e1d-923b-478fe8e170e3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-05\",\n \"Date_Last_Reviewed\": \"2024-03-23\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1099809,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"554887cd-2e77-49aa-9a98-9175b168a81f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-07\",\n \"Date_Last_Reviewed\": \"2025-04-03\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 674544,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4ba72f4f-2ba3-497c-bd32-3bea7d57c5e6\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-11\",\n \"Date_Last_Reviewed\": \"2025-03-04\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1380979,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"66c5e353-1d17-418c-b130-24f4b7bfeb98\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-31\",\n \"Date_Last_Reviewed\": \"2024-10-18\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1211445,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"dc140477-0303-491f-9e80-8e6a6ae2d44e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-01\",\n \"Date_Last_Reviewed\": \"2023-12-27\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1300124,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2d0eb978-c97e-4a85-b258-e0160dccf3cd\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-18\",\n \"Date_Last_Reviewed\": \"2024-08-08\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 724847,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"23a04f20-dc02-490c-8476-ab9f30f6ebe0\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-12\",\n \"Date_Last_Reviewed\": \"2023-07-26\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 689302,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"99ac8376-bda3-4786-9a2e-00e20f2bd139\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-05\",\n \"Date_Last_Reviewed\": \"2025-02-22\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1420777,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"794f5f2d-d0fc-4b82-a48d-98e14331a105\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-03-20\",\n \"Date_Last_Reviewed\": \"2024-06-18\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1072864,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3c134eda-0e58-4b99-9654-780f30190368\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-13\",\n \"Date_Last_Reviewed\": \"2023-07-30\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 132626,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"85d2a580-e7de-4582-bc97-f667e94ebd6d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-09\",\n \"Date_Last_Reviewed\": \"2024-12-22\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1504771,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c25bd51f-5bb3-4d78-a136-6d9e270ee6ac\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-19\",\n \"Date_Last_Reviewed\": \"2023-09-07\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 220977,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a6c206b6-3c3c-42bb-aa49-3880a4322838\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-31\",\n \"Date_Last_Reviewed\": \"2024-04-12\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1748641,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ebfd258a-64a4-4ab7-9cb9-519933b736f6\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-19\",\n \"Date_Last_Reviewed\": \"2024-05-30\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1634111,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f2e77801-41bf-4293-a16e-f4d23e7cda15\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-18\",\n \"Date_Last_Reviewed\": \"2025-03-06\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 369169,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"33895eed-3756-4f82-b403-e30d0da57fb1\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-13\",\n \"Date_Last_Reviewed\": \"2023-12-01\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 393590,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"dfa0b389-18c8-473d-9f36-cd8323790893\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-21\",\n \"Date_Last_Reviewed\": \"2023-06-04\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1187182,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"365f1d14-6c0d-40f0-8508-ddb4b6615203\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-05\",\n \"Date_Last_Reviewed\": \"2024-12-29\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1027491,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a734b3e7-dc56-4e43-a2f6-409b54ace71f\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-15\",\n \"Date_Last_Reviewed\": \"2024-07-04\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 642438,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f74699be-47bb-45c7-b852-511e73d57aca\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-12\",\n \"Date_Last_Reviewed\": \"2023-08-19\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1232057,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b6d07015-a489-4117-b5c7-feea381a926c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-24\",\n \"Date_Last_Reviewed\": \"2023-09-23\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1772959,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0f79ba99-60ae-4d2d-acd5-c169108ade50\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-14\",\n \"Date_Last_Reviewed\": \"2024-09-04\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 885034,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"26c57079-eae1-49cc-91c4-78662930675c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-01\",\n \"Date_Last_Reviewed\": \"2025-02-09\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 447655,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2693dc10-2282-49b5-9ba1-5564d90acfbe\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-04\",\n \"Date_Last_Reviewed\": \"2024-09-06\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1585176,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"74af8ddc-9e62-4ece-8fcf-416873bb55af\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-02\",\n \"Date_Last_Reviewed\": \"2023-12-22\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1544044,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"73b144a0-2b4c-4e0e-9cd4-606f6d132d7e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-21\",\n \"Date_Last_Reviewed\": \"2023-09-24\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 399738,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"b4d9a6b5-15fe-49fe-974a-da5806b9d0df\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-19\",\n \"Date_Last_Reviewed\": \"2024-10-14\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1718419,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"65b8bf74-20ee-4242-af6c-8529360f9bfe\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-06\",\n \"Date_Last_Reviewed\": \"2024-10-16\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 403136,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"25132201-f026-4fb1-bec7-ddd6d43b15a0\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-07\",\n \"Date_Last_Reviewed\": \"2024-01-28\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 268558,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7656e763-7f9e-4ada-9941-a7e94abe9e8e\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-14\",\n \"Date_Last_Reviewed\": \"2023-09-18\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 702296,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6ed42e4a-35d5-4f62-9875-a285373d8f11\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-16\",\n \"Date_Last_Reviewed\": \"2024-12-24\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 264591,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0d6b86f4-3410-4a99-9e50-d2a23e3c2a04\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-26\",\n \"Date_Last_Reviewed\": \"2023-08-17\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 254212,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e5cd55d6-7ed5-4d21-a010-dbc7dea39376\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-29\",\n \"Date_Last_Reviewed\": \"2023-07-30\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1391082,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"58e827eb-742c-45b2-8fa7-9c82195a3c67\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-13\",\n \"Date_Last_Reviewed\": \"2023-08-07\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1263764,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"77d21fbe-6258-483b-97aa-2095d93f22f6\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-21\",\n \"Date_Last_Reviewed\": \"2024-05-21\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1550479,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"df4465c6-8068-4cd8-99e0-3fcb2cc95d5a\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-11\",\n \"Date_Last_Reviewed\": \"2024-03-13\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1013491,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"7eafce6d-791c-42e2-986d-3a4ae75f80ce\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-08\",\n \"Date_Last_Reviewed\": \"2023-12-13\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 191883,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a30f3939-12d6-4554-ba62-3d4d7a24f81f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-02\",\n \"Date_Last_Reviewed\": \"2023-09-27\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 418280,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"57712db3-95ba-42b3-951d-ba4021b993bd\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-06\",\n \"Date_Last_Reviewed\": \"2024-08-29\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1728029,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"26e1cdae-c409-4ea9-9ddb-051267cbf99a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-01\",\n \"Date_Last_Reviewed\": \"2024-01-04\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1237840,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"43eda998-6532-43f1-af8b-596f04e284e7\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-25\",\n \"Date_Last_Reviewed\": \"2024-10-27\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1994409,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"351fc6ce-8683-411e-8ffd-e80797cb6878\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-20\",\n \"Date_Last_Reviewed\": \"2023-12-30\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1706411,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b891d4a9-3c88-4b85-8552-50b5643c7755\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-06\",\n \"Date_Last_Reviewed\": \"2024-05-28\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1332288,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"0032b4e5-dc27-439c-b611-98cbbaa92e8d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-24\",\n \"Date_Last_Reviewed\": \"2023-12-06\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 720364,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"c92456c9-02c3-40e3-8d60-b995a189003c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-15\",\n \"Date_Last_Reviewed\": \"2024-06-17\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1936678,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"dfd6b583-3cad-4791-89c9-97caec131311\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-20\",\n \"Date_Last_Reviewed\": \"2025-03-10\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 661623,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8432dc61-9b76-4925-83e3-f5cacd481522\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-11\",\n \"Date_Last_Reviewed\": \"2024-10-14\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 972952,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a763784b-1bee-402b-9b81-b05dfbd5902b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-08\",\n \"Date_Last_Reviewed\": \"2025-03-09\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1340633,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"905f23c9-20c0-4414-aaf9-d94fbb59d66e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-30\",\n \"Date_Last_Reviewed\": \"2023-12-31\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1145544,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e141e999-b2e1-45d2-84c1-23bf79695c1e\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-01-31\",\n \"Date_Last_Reviewed\": \"2025-04-14\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1683234,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6f9eac90-5105-4980-8d33-908f214efc26\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-25\",\n \"Date_Last_Reviewed\": \"2024-03-03\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1643074,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"c6f1836c-d2ee-45fe-aabc-ac7ce685ab71\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-02\",\n \"Date_Last_Reviewed\": \"2023-12-01\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 480222,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0fb03258-0173-4b8b-a1db-3d11569b6d83\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-06\",\n \"Date_Last_Reviewed\": \"2023-06-21\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1337468,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a5e3704d-6902-4720-af97-9efe20720ba3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-22\",\n \"Date_Last_Reviewed\": \"2024-05-19\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1702765,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"bf84d3b1-c7be-4ce0-81a0-20a09d9ef078\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-15\",\n \"Date_Last_Reviewed\": \"2024-06-21\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1672259,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"68b486b0-b8b5-419a-a87b-9190d07f0204\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-26\",\n \"Date_Last_Reviewed\": \"2023-11-22\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 997012,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"565a2a6e-7cd5-4a4d-803d-8820779b3f06\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-05\",\n \"Date_Last_Reviewed\": \"2025-04-29\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 360702,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"95a617d6-a980-45af-bf43-fa2d86205662\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-03\",\n \"Date_Last_Reviewed\": \"2024-02-12\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1700448,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b3178f84-16f7-4a0c-beb7-1fb1f33a0b85\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-11-08\",\n \"Date_Last_Reviewed\": \"2023-09-30\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1986681,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8266546b-93da-427c-aaef-8617f8c12db9\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-11\",\n \"Date_Last_Reviewed\": \"2024-05-09\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 493769,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f98b81fa-853d-40c7-b19b-b8cb98018fed\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-19\",\n \"Date_Last_Reviewed\": \"2024-05-01\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1541212,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e0f98077-184c-4367-9a93-b75cfec50eed\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-31\",\n \"Date_Last_Reviewed\": \"2024-07-20\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 780626,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"482ca29e-75a2-4666-9f86-f891efa5e1e6\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-29\",\n \"Date_Last_Reviewed\": \"2024-12-18\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1233429,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d03c120d-4721-4a5a-8157-be826085dc2d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-25\",\n \"Date_Last_Reviewed\": \"2023-10-04\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1721842,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"62d9dfbb-700c-48f8-8789-6917b8abddf2\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-14\",\n \"Date_Last_Reviewed\": \"2024-03-04\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1058942,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8142d749-49ee-47b9-a3d7-c437f03e1629\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-16\",\n \"Date_Last_Reviewed\": \"2024-04-20\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 224085,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b0bb6b0d-0cbe-4791-81a8-3dca73647498\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-26\",\n \"Date_Last_Reviewed\": \"2024-08-26\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1094651,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a4a47e8b-5840-45d3-a9a3-8f12fa77fb6b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-12\",\n \"Date_Last_Reviewed\": \"2024-07-25\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1956827,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"46a95617-9808-417e-96d0-ba9a2166ef25\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-21\",\n \"Date_Last_Reviewed\": \"2024-08-22\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1170945,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a59f4750-c950-4944-9724-5bcc220ae00a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-29\",\n \"Date_Last_Reviewed\": \"2023-07-26\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1398652,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d109df56-83a6-4f52-8a00-b3e77bd2aea5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-15\",\n \"Date_Last_Reviewed\": \"2024-10-16\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1647796,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"bc254460-250c-4506-b077-1b6748edb021\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-02-08\",\n \"Date_Last_Reviewed\": \"2025-02-13\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 287560,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3a365ce9-bc84-4aef-9a7a-e23c291a71f3\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-02-18\",\n \"Date_Last_Reviewed\": \"2024-10-06\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1804026,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"be81affc-4be9-445b-8f8a-22da9ebc913d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-26\",\n \"Date_Last_Reviewed\": \"2025-04-28\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 900389,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f278d8e6-b759-460a-9a41-1b0df29e9576\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-08\",\n \"Date_Last_Reviewed\": \"2025-04-22\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1954733,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"0acdc4a7-c4ae-4aad-8bab-27fa348a524a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-13\",\n \"Date_Last_Reviewed\": \"2025-03-11\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 545460,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"25682469-f490-4949-bdb4-58be8b7fbb24\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-14\",\n \"Date_Last_Reviewed\": \"2024-11-09\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 984772,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a0f0469f-8fb5-4e52-927c-e71adc3b1575\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-28\",\n \"Date_Last_Reviewed\": \"2024-03-16\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 682426,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f687897d-2516-4d77-8038-7939bee10259\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-21\",\n \"Date_Last_Reviewed\": \"2024-06-30\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1452702,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2cf0fe5b-fb48-40b9-974f-875016f7f3d9\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-07\",\n \"Date_Last_Reviewed\": \"2024-09-20\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1132314,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3bd0a509-a3fc-45c1-950d-822625248673\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-20\",\n \"Date_Last_Reviewed\": \"2025-05-11\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 440855,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"11e20372-9c4f-416b-87f8-4e9af17cd090\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-28\",\n \"Date_Last_Reviewed\": \"2023-08-18\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1455281,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"0de916ef-d92e-49ef-828d-ca9568105eec\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-10\",\n \"Date_Last_Reviewed\": \"2024-03-25\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1479461,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"443a09fc-4c1d-464b-80b4-77dfd660bc54\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-29\",\n \"Date_Last_Reviewed\": \"2025-03-02\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 451924,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c54d41ad-88bd-469d-bd5d-18c721b2ddd3\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-01\",\n \"Date_Last_Reviewed\": \"2024-04-12\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1062120,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"20b5f00a-ec24-4c23-a75b-5428520a843d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-09\",\n \"Date_Last_Reviewed\": \"2023-08-03\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1561125,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"98c28909-ffda-4cd8-9738-6d2fe9f5f4fd\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-13\",\n \"Date_Last_Reviewed\": \"2024-08-14\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 479967,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"74b9b84a-be40-49a4-93eb-6310bdc7020b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-22\",\n \"Date_Last_Reviewed\": \"2023-08-09\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 251952,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1aecc553-0e73-4e65-91f6-80c4182ac202\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-07-22\",\n \"Date_Last_Reviewed\": \"2024-08-28\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1019528,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e29ebf49-3e51-45c6-b687-b8a120731555\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-12\",\n \"Date_Last_Reviewed\": \"2025-03-22\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1803195,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"07f6ebeb-86e0-47ce-accf-2ebdb971dee9\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-23\",\n \"Date_Last_Reviewed\": \"2024-04-09\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1826380,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"889f496f-c3e6-4f7e-aff8-13fc10dc1be9\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-26\",\n \"Date_Last_Reviewed\": \"2025-02-01\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1384250,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ccc52064-e9f2-4ca7-9ad6-327f602a9455\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-15\",\n \"Date_Last_Reviewed\": \"2024-04-10\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 444729,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"0ff1c9a7-4f9f-470e-9d7b-2e10db565ecc\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-20\",\n \"Date_Last_Reviewed\": \"2024-07-08\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 607743,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"88ef294e-d04f-48f7-ab92-d0f5fae2e6df\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-24\",\n \"Date_Last_Reviewed\": \"2023-09-01\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1788710,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"cb22995a-63a8-438a-a04e-784249f6eee2\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-07\",\n \"Date_Last_Reviewed\": \"2024-10-18\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1483138,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3c649ef4-9769-4b98-af7e-3b6b736c0bc5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-17\",\n \"Date_Last_Reviewed\": \"2023-10-13\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1534152,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f1f5c22f-8480-4267-ac0a-82c33d381840\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-08\",\n \"Date_Last_Reviewed\": \"2025-04-05\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 374657,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"3d9950ff-a1ce-4d28-aaf0-e2876223ea76\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-03\",\n \"Date_Last_Reviewed\": \"2023-06-24\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 193226,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"33b4308c-d3c1-4695-8d27-cf6225a1b22e\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-04\",\n \"Date_Last_Reviewed\": \"2024-11-14\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1385498,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"0f3ea5bf-47eb-4668-bd2c-24712512d046\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-22\",\n \"Date_Last_Reviewed\": \"2024-06-19\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1335348,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9c6c046a-2abe-401c-8d9f-8814c3bbf303\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-25\",\n \"Date_Last_Reviewed\": \"2024-04-18\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1920833,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"925c4a5d-3890-4b6e-9f21-2cb33125c68d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-05\",\n \"Date_Last_Reviewed\": \"2024-01-28\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 216198,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"aed1a910-1fb4-4166-9592-524dd16a4fb4\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-05\",\n \"Date_Last_Reviewed\": \"2024-02-20\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1896712,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4acf213b-2128-4b21-8809-7634a8b98944\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-19\",\n \"Date_Last_Reviewed\": \"2024-05-21\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 926423,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0aa9b213-0960-4c63-be41-0e31d0f4a450\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-14\",\n \"Date_Last_Reviewed\": \"2024-07-28\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1065519,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2a8bb545-038e-41bc-8cce-3f853f25331c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-04\",\n \"Date_Last_Reviewed\": \"2023-06-10\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 194690,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c2c476b5-7513-4c5e-9615-1339f5a4e147\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-09\",\n \"Date_Last_Reviewed\": \"2023-09-03\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1448089,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"285db46e-c6de-4443-a3e3-26ebb3b0d800\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-22\",\n \"Date_Last_Reviewed\": \"2023-11-21\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1323934,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9027d289-89df-4a85-94a5-6a3b04a55f95\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-12\",\n \"Date_Last_Reviewed\": \"2025-05-09\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1521666,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"dce1ee95-6fc7-47f2-aef0-4d9928425fe7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-05\",\n \"Date_Last_Reviewed\": \"2024-02-09\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 988209,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"a748f81b-8ae7-4266-ace2-a1fafa910ef6\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-09\",\n \"Date_Last_Reviewed\": \"2023-06-11\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 457690,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"68ef71c7-c63b-48d0-a30a-76777c02718b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-11\",\n \"Date_Last_Reviewed\": \"2025-01-05\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 117060,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"73d91001-562a-47ac-8181-fef26244bf12\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-06\",\n \"Date_Last_Reviewed\": \"2025-01-20\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 388356,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"1dccdd6d-8692-4eec-b292-1f1605f23365\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-15\",\n \"Date_Last_Reviewed\": \"2024-04-16\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1403878,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"29c5aa18-10d6-455f-a2b7-9963dd44bcd1\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-05-06\",\n \"Date_Last_Reviewed\": \"2024-10-13\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1445985,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e6419f91-ebff-4c44-9220-915bd3b49295\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-16\",\n \"Date_Last_Reviewed\": \"2023-11-02\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 325728,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"20aafa86-7fb2-4e6a-b798-d9348d88b4ba\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-10\",\n \"Date_Last_Reviewed\": \"2025-02-05\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 842332,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"59dacb82-6bbd-41af-94db-31f8f15f9baa\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-26\",\n \"Date_Last_Reviewed\": \"2024-09-24\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1080460,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"5f42253a-aa08-4fd2-9d88-7ed61c6386d3\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-06\",\n \"Date_Last_Reviewed\": \"2023-10-01\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 282875,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"3762dbde-e1c1-464b-abc1-37ec53489da1\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-18\",\n \"Date_Last_Reviewed\": \"2024-05-29\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 925240,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"1ecf989e-30e8-42d8-ad4f-8975f9f36f48\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-21\",\n \"Date_Last_Reviewed\": \"2023-07-10\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1281022,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e4c60c8f-3a9b-415e-8b1a-5adb6e5ea4d7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-27\",\n \"Date_Last_Reviewed\": \"2023-12-18\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1087672,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"7045a641-eff8-4c81-9bd6-8c817b54bd2c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-01\",\n \"Date_Last_Reviewed\": \"2024-12-08\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 173868,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"bef92d47-11d8-4d3d-b1f8-820ba39719a8\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-05\",\n \"Date_Last_Reviewed\": \"2025-02-14\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 823715,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ce3bd930-2f04-4d4f-aebc-aad3e5ede453\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-25\",\n \"Date_Last_Reviewed\": \"2024-09-16\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 819705,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b898f136-aead-4926-9480-65877a8f85ad\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-04-08\",\n \"Date_Last_Reviewed\": \"2023-11-14\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1501067,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6b12c340-be9e-4d0b-b6b5-8293135e2a88\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-05\",\n \"Date_Last_Reviewed\": \"2023-06-20\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 373514,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"75b28fe7-4708-4cd5-aab5-1ecda4f05ab6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-16\",\n \"Date_Last_Reviewed\": \"2024-08-10\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1780597,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7aa6df0e-6736-4cc7-b972-4d4086b00579\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-05-18\",\n \"Date_Last_Reviewed\": \"2025-01-11\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 467541,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"808dbf26-e28c-4c5b-a522-11ad78c81b7e\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-30\",\n \"Date_Last_Reviewed\": \"2023-11-04\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 882608,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"44b1625a-c088-4fd0-a309-081b4de46d5c\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-24\",\n \"Date_Last_Reviewed\": \"2023-12-09\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 292537,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"41ebcc7b-bcfe-47d1-950d-43d57784fae3\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-10\",\n \"Date_Last_Reviewed\": \"2024-06-03\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1908884,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"680898ae-301f-4279-a458-59db92f2063a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-12\",\n \"Date_Last_Reviewed\": \"2024-05-08\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1843555,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"452457c2-6bac-4ccb-86b9-b5f5213df769\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-10-01\",\n \"Date_Last_Reviewed\": \"2023-08-19\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 598589,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"b81fe607-4782-409b-a10c-f3fac7c33cbe\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-28\",\n \"Date_Last_Reviewed\": \"2024-10-08\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 165284,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"dff97ee8-e52d-4611-91ab-ec99f2a66bf6\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-05\",\n \"Date_Last_Reviewed\": \"2023-08-31\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 399316,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"cae13d9a-3a44-4d9d-98d6-8c62365b9293\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-15\",\n \"Date_Last_Reviewed\": \"2023-12-26\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1220896,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c7b0ee8b-50b2-4d41-aec2-9bd2c1e8a913\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-04\",\n \"Date_Last_Reviewed\": \"2025-01-02\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, CCPA\",\n \"Loss_Estimate_USD\": 487360,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"97d8898c-89ff-40bd-8b73-175444d70bee\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-19\",\n \"Date_Last_Reviewed\": \"2023-10-27\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1391487,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"5e301a04-3e8a-406a-8597-45aa2b494ad6\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-01\",\n \"Date_Last_Reviewed\": \"2023-12-09\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 140888,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"618b8d98-e52a-437f-a907-1e892459a10d\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-17\",\n \"Date_Last_Reviewed\": \"2024-02-12\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 860491,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]"], "Which risks have regulatory impacts related to GDPR?": ["[\n {\n \"Risk_ID\": \"70140c3a-39ab-494a-bbee-b4a9b429d62e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-30\",\n \"Date_Last_Reviewed\": \"2023-08-06\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 138390,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d1080b21-021a-4201-9a0d-5dec3c532b16\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-13\",\n \"Date_Last_Reviewed\": \"2024-07-24\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1137708,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a6493544-0f7b-40ee-b115-63ea8a7d6c4b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-06\",\n \"Date_Last_Reviewed\": \"2023-09-13\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 679657,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"64741cdc-a5bc-4de7-a3f2-ba5964f65771\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-05-12\",\n \"Date_Last_Reviewed\": \"2023-08-09\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1734491,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f17c6416-c4bb-45b6-a8bf-461eb5f5a855\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-22\",\n \"Date_Last_Reviewed\": \"2024-04-20\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 1987061,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"cc65f7b4-2078-4714-bfa0-a8f435426899\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-09\",\n \"Date_Last_Reviewed\": \"2023-11-29\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 375424,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"6b8073b0-354b-408b-af46-e99a1719467c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-09\",\n \"Date_Last_Reviewed\": \"2023-10-26\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 189834,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"88f20363-4b0d-4cef-bb0e-f6aa59b117da\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-03\",\n \"Date_Last_Reviewed\": \"2023-05-24\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1606087,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"922666d9-3546-442a-a3ab-769dd94c7505\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-29\",\n \"Date_Last_Reviewed\": \"2023-06-07\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1137376,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"92f7c7c7-b059-4ddc-8d5f-c0541c34ee69\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-22\",\n \"Date_Last_Reviewed\": \"2024-03-18\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 384775,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8338aa56-c269-428d-98f6-1ad14001daf1\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-16\",\n \"Date_Last_Reviewed\": \"2024-12-22\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 118076,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"054eb8f0-2bb8-479a-aeac-499b3e56cb9a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-18\",\n \"Date_Last_Reviewed\": \"2024-10-08\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1170248,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"e81a362f-c7db-4cdb-a220-0640cea9dbcd\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-12\",\n \"Date_Last_Reviewed\": \"2023-08-10\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 960542,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"84a4c7b7-1880-4524-83e2-71a05c276a6c\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-09-08\",\n \"Date_Last_Reviewed\": \"2024-11-13\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 116948,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2c516496-9357-430d-8d29-47a37c7025b7\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-04\",\n \"Date_Last_Reviewed\": \"2023-06-13\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1102058,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9e683680-3797-4242-a355-eb1c383a1075\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-29\",\n \"Date_Last_Reviewed\": \"2024-06-22\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1131960,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a58f5643-22b9-498c-bc14-0c75d511a639\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-23\",\n \"Date_Last_Reviewed\": \"2024-11-02\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, CCPA\",\n \"Loss_Estimate_USD\": 391770,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d30de23e-18a6-4d35-bf9a-bc7d4e24d3e5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-21\",\n \"Date_Last_Reviewed\": \"2025-04-19\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1573711,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"0e3848af-6aa5-49e8-8bfd-a21b0f92cf3e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-23\",\n \"Date_Last_Reviewed\": \"2024-09-02\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1890074,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8e9c5fdf-5ae4-4549-9137-4a38bcf46637\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-24\",\n \"Date_Last_Reviewed\": \"2023-10-02\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 694911,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c42da6d0-da06-4e14-a1af-a511c05f687d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-17\",\n \"Date_Last_Reviewed\": \"2024-12-14\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1313390,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"daed3930-e48b-4661-9479-3e22b3ad6387\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-08\",\n \"Date_Last_Reviewed\": \"2023-11-15\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 689005,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ef14281f-f1e8-4f9c-8d80-281159eaad43\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-07-09\",\n \"Date_Last_Reviewed\": \"2024-10-20\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 972271,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d013477c-b7fc-4932-a996-529ff4615a50\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-01-22\",\n \"Date_Last_Reviewed\": \"2023-10-27\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 1939050,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ba34e77e-e9f1-4374-8330-77cba205ed2a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-04\",\n \"Date_Last_Reviewed\": \"2024-11-24\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 194470,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"fb315df1-37cf-48bb-8e67-f62a592fdc69\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-07\",\n \"Date_Last_Reviewed\": \"2024-07-03\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1760624,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f270b049-53db-4c76-86e6-7ca3d4d8e1f7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-13\",\n \"Date_Last_Reviewed\": \"2025-03-09\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 149643,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"00107cf0-659b-416a-aee2-9c98a2cad83b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-03\",\n \"Date_Last_Reviewed\": \"2023-08-04\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1681265,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"de8eb4b5-2496-4893-9aa4-263aeec56e92\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-03-07\",\n \"Date_Last_Reviewed\": \"2025-01-07\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, CCPA\",\n \"Loss_Estimate_USD\": 682888,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8312ea3e-9703-48d8-bde4-8dbf7d549e91\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-21\",\n \"Date_Last_Reviewed\": \"2024-05-17\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 893504,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"78fed2f0-2e4c-4d00-93d7-7d6c5eefb6f7\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-07\",\n \"Date_Last_Reviewed\": \"2024-10-05\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 521750,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"77997b39-756f-4a86-a85f-288432e90130\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-25\",\n \"Date_Last_Reviewed\": \"2024-07-14\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 507101,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"bc475781-ca2b-415a-82f5-42a0992b4aa7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-11\",\n \"Date_Last_Reviewed\": \"2025-03-24\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1713133,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"41f54bb0-a08a-43ca-8f5f-3a7635863da6\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-30\",\n \"Date_Last_Reviewed\": \"2023-10-01\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 348488,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"24e9db8d-eb9e-467d-b3ca-c7098e6a17ac\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-09-08\",\n \"Date_Last_Reviewed\": \"2024-03-29\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1656357,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"d7959cf8-28bf-45df-aa78-e8cbb1e0465d\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-03\",\n \"Date_Last_Reviewed\": \"2024-12-04\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1499786,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"9eeb8806-446b-456c-8591-d0a871b5a3a1\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-01\",\n \"Date_Last_Reviewed\": \"2025-04-24\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1018624,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"85aa6491-8089-46d3-b5fa-7a2995f1ff75\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-12\",\n \"Date_Last_Reviewed\": \"2024-04-24\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1678362,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b279ca7b-a13f-4c5e-8ceb-93cbb16c4f6a\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-18\",\n \"Date_Last_Reviewed\": \"2025-01-05\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 432104,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"ce3e9455-ce9e-4095-99f1-8f4bd5997ad5\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-01\",\n \"Date_Last_Reviewed\": \"2024-06-17\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1792537,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"46cbcf2e-9a0f-46c5-bd9c-8fc41ab00d8f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-13\",\n \"Date_Last_Reviewed\": \"2023-10-19\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1430985,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"811cab3d-132d-4bd4-a78f-584de667cda2\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-24\",\n \"Date_Last_Reviewed\": \"2023-12-23\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1331892,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a6b6c6e8-0ffa-413b-9510-6b2e81177bb2\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-07-08\",\n \"Date_Last_Reviewed\": \"2025-02-02\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 797600,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"78e5605a-084c-41e1-ba09-0579352a77c7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-01-03\",\n \"Date_Last_Reviewed\": \"2023-07-06\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1060108,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"771f89b5-908a-4c66-addf-aa18fdf8d159\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-08\",\n \"Date_Last_Reviewed\": \"2025-02-24\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 350263,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"0a97b5ea-e2f1-40f9-94a9-3aee82074eff\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-17\",\n \"Date_Last_Reviewed\": \"2024-05-21\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 791258,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"cb39ec96-4dc7-4ded-a0b2-f296d9a1cbb3\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-26\",\n \"Date_Last_Reviewed\": \"2025-01-20\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1158228,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0fc7ab39-ade9-45f6-90ef-e77c53e2bcfb\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-06\",\n \"Date_Last_Reviewed\": \"2024-01-31\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1821722,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3d81ee93-5432-47d4-87ff-6c24ac88c70e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-24\",\n \"Date_Last_Reviewed\": \"2024-03-15\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1253464,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c873506e-0e90-4df7-887c-725c76b0e403\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-11\",\n \"Date_Last_Reviewed\": \"2024-12-24\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1259654,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"eec99a80-d117-4582-858b-77be19071dec\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-16\",\n \"Date_Last_Reviewed\": \"2025-03-27\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 468737,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2c1dc89a-6ce4-4379-bd3d-ffed9cbbad21\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-24\",\n \"Date_Last_Reviewed\": \"2023-06-27\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 870541,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"9511bc2e-4fd3-412e-aed8-045ed31f0cf7\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-29\",\n \"Date_Last_Reviewed\": \"2023-08-16\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 321856,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"093873bb-d54f-4f7a-abbf-a1439df00bcf\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-06\",\n \"Date_Last_Reviewed\": \"2024-08-10\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 161346,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ad40dbf5-ada3-40ab-aa01-268a7168b045\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-12\",\n \"Date_Last_Reviewed\": \"2025-03-28\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 329631,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6381ee85-a156-40cb-b7a6-c78a00dd7747\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-30\",\n \"Date_Last_Reviewed\": \"2024-06-15\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 818061,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"68a155e1-f6bc-413b-bad8-efcc15515025\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-21\",\n \"Date_Last_Reviewed\": \"2024-01-12\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1570868,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"14444d85-0ace-454c-839c-bc138a7f38d9\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-10\",\n \"Date_Last_Reviewed\": \"2024-10-28\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 642477,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"68955853-c40c-4490-aa10-0bd654a6ef8a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-13\",\n \"Date_Last_Reviewed\": \"2025-03-24\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1496728,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"87272b0a-59c9-4713-be18-7dcdb7359698\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-05-06\",\n \"Date_Last_Reviewed\": \"2024-09-11\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1200238,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e60aedac-35e1-428f-90ea-3c654bc5113f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-11-28\",\n \"Date_Last_Reviewed\": \"2024-02-25\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 313664,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"748c9fe2-db50-4c21-9d57-d05c9de0dded\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-15\",\n \"Date_Last_Reviewed\": \"2024-03-27\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1079479,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e354eb6c-8f72-4f2d-955d-8cea668a7119\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-08-21\",\n \"Date_Last_Reviewed\": \"2023-11-28\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 592600,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"457e904c-23ea-4e4b-bc6b-b0f37ea103c2\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-28\",\n \"Date_Last_Reviewed\": \"2025-03-09\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 962864,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"79ebc61e-1bee-4a38-86b6-74156c22d5e7\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-11\",\n \"Date_Last_Reviewed\": \"2025-02-19\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 879486,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"42827cb6-88e9-46db-a924-5774b103353f\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-01-14\",\n \"Date_Last_Reviewed\": \"2024-08-10\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1763308,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6e55febd-1a0f-4de8-b125-81689443f993\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-04-01\",\n \"Date_Last_Reviewed\": \"2024-01-05\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 213903,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4f90a498-71b8-4625-9683-b53d830e4b56\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-12-06\",\n \"Date_Last_Reviewed\": \"2024-04-08\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 355692,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"cd52afc5-89f8-496e-ae8b-2290006141dc\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-07\",\n \"Date_Last_Reviewed\": \"2023-07-21\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 854458,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"0af7b03c-8d2c-48a5-93e4-17eee8f037b0\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-05-29\",\n \"Date_Last_Reviewed\": \"2023-09-21\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 747763,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"977f105e-5f66-4a24-8fdd-a50208173562\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-05\",\n \"Date_Last_Reviewed\": \"2024-10-31\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1817753,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"bf660e9d-4111-4ade-bda1-f0ba40343df0\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-13\",\n \"Date_Last_Reviewed\": \"2024-04-11\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1157716,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"73e994c0-4708-4247-9302-8c8bad7e500f\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-08\",\n \"Date_Last_Reviewed\": \"2023-06-24\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1000111,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"02bcef71-f9c1-410b-b9f9-15d8ba401f19\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-30\",\n \"Date_Last_Reviewed\": \"2024-04-19\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 337890,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"086ec0b8-c9a5-4f95-8334-65456db05484\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-26\",\n \"Date_Last_Reviewed\": \"2024-04-24\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1804215,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"86f8b667-3a49-4b4a-b650-a2513f8b82ad\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-30\",\n \"Date_Last_Reviewed\": \"2023-11-08\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 988800,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"561fab65-f1ae-4777-9f26-b29c2e237b0e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-01-14\",\n \"Date_Last_Reviewed\": \"2023-06-30\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1987089,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"e9851cb9-1929-4f15-afd8-63d4a7e11e30\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-07-11\",\n \"Date_Last_Reviewed\": \"2024-11-22\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1930977,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ced79e50-28b8-4724-b557-b3fe9aa79fe6\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-09-22\",\n \"Date_Last_Reviewed\": \"2023-07-07\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 523265,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8a6a63bc-2cdb-4db4-9509-d41f7ee25625\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-22\",\n \"Date_Last_Reviewed\": \"2023-09-01\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1061908,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d68df65e-ffa7-4f88-819e-72d6b1c2a33e\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-05-02\",\n \"Date_Last_Reviewed\": \"2024-02-06\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 231320,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"58b56728-4ea2-4d36-99b0-846ced1e0cbc\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-08\",\n \"Date_Last_Reviewed\": \"2024-06-18\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 956285,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"41f1a07b-8c8a-4e72-9e8a-b4032cceaf0b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-26\",\n \"Date_Last_Reviewed\": \"2024-01-30\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1896210,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4ffd23c4-7577-45bb-af34-aa421e0cd570\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-21\",\n \"Date_Last_Reviewed\": \"2024-08-30\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 420591,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"43dfe49c-8b11-4451-9fde-e4c3ab8afb7d\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-28\",\n \"Date_Last_Reviewed\": \"2024-04-23\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1428315,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"11c3cdc3-09f2-4ae8-bfcc-f8b6a37eae96\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-15\",\n \"Date_Last_Reviewed\": \"2025-05-05\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1874168,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"dd28fe4d-3da1-46fb-a8ab-5767e2f5921a\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-21\",\n \"Date_Last_Reviewed\": \"2024-01-10\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 211965,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2d615170-d5a8-4bdf-8f8c-55adc4004a88\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-30\",\n \"Date_Last_Reviewed\": \"2023-06-03\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 916271,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"f3c3a3d8-dea3-4aed-83b3-1ad0b0752fc5\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-28\",\n \"Date_Last_Reviewed\": \"2024-04-18\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 331480,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"4d00b849-7cad-4f5c-a722-6afb1937c9d8\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-18\",\n \"Date_Last_Reviewed\": \"2023-06-17\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 241270,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d4efca9c-eae7-47f4-8f92-661beb26169f\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-11-05\",\n \"Date_Last_Reviewed\": \"2025-03-30\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 574912,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c975171d-43d3-4a16-a8b5-a0ef8840a40e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-27\",\n \"Date_Last_Reviewed\": \"2023-12-15\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1201068,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"02ea169e-c0f2-457c-9a67-40c32bc0c3a0\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-12\",\n \"Date_Last_Reviewed\": \"2024-10-20\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1915390,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c475f44b-02a6-421d-a899-a230a0130fbb\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-02-24\",\n \"Date_Last_Reviewed\": \"2024-02-07\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 116349,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"56d5f059-9280-4eb8-a2f8-00084fe9a3f7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-05\",\n \"Date_Last_Reviewed\": \"2023-06-10\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1769936,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"399375b3-14be-43e5-9996-c732cecf1681\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-20\",\n \"Date_Last_Reviewed\": \"2025-05-03\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, CCPA\",\n \"Loss_Estimate_USD\": 300665,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"e419723c-4582-4ce0-889f-03fda92d4a0c\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-10\",\n \"Date_Last_Reviewed\": \"2024-09-27\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 744190,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1248e63b-5fde-4115-a038-bc7d23c36c70\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-03\",\n \"Date_Last_Reviewed\": \"2024-07-13\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 433326,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f6fec1ff-153a-4ebc-b638-f0a46ff83265\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-26\",\n \"Date_Last_Reviewed\": \"2024-07-08\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1098173,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"419a9012-ca4b-4144-a537-71b79e46da4b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-16\",\n \"Date_Last_Reviewed\": \"2025-04-15\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 708554,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"d7ab2301-3c0c-4b83-ac44-3fb57b6ec6ed\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-29\",\n \"Date_Last_Reviewed\": \"2024-06-13\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 1656855,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7a673b01-0642-489a-b58e-3d72d37dee5b\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-12\",\n \"Date_Last_Reviewed\": \"2024-02-22\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1527459,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"35f698cb-83d2-496c-abcc-ce24d8276e46\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-04-05\",\n \"Date_Last_Reviewed\": \"2024-09-23\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1665665,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"48c5def6-68f3-4361-b0b0-d4987be3b487\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-08\",\n \"Date_Last_Reviewed\": \"2024-08-05\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 149431,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"cef47cf2-57fb-48aa-bf7f-fb7a7d4b8278\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-09\",\n \"Date_Last_Reviewed\": \"2025-04-25\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1202165,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"3834b461-89d2-48b6-82dc-8c122471a626\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-14\",\n \"Date_Last_Reviewed\": \"2024-01-02\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1751571,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"8dc8d068-a2c5-4b60-83fa-ff24dd0a2fd7\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-13\",\n \"Date_Last_Reviewed\": \"2023-06-06\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 795257,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"041a08d8-fa3c-432a-ae85-72bf4f16bacb\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-30\",\n \"Date_Last_Reviewed\": \"2023-07-25\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 733791,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8e9fa19b-7f84-4fb2-86e0-ff85603e6d0a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-17\",\n \"Date_Last_Reviewed\": \"2024-09-14\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 722719,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1cd1f97a-8ecb-47b4-9693-059bf74e8e1b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-03-22\",\n \"Date_Last_Reviewed\": \"2023-05-18\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1212023,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"972af8a2-edb3-41b8-800c-2b9c7620cc0c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-26\",\n \"Date_Last_Reviewed\": \"2024-06-08\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 162045,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8f965899-adbf-4f03-8f04-6cb28efe2d92\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-10-18\",\n \"Date_Last_Reviewed\": \"2024-05-18\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1543706,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"6e9b70f0-2d44-4c1f-8100-037f78fa9464\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-14\",\n \"Date_Last_Reviewed\": \"2024-06-15\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1171647,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"1a5b869a-5576-4f77-87b5-d5c1c4ee9a39\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-06\",\n \"Date_Last_Reviewed\": \"2025-04-22\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 1510900,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"987f7201-2513-470d-813a-0133eab61462\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-14\",\n \"Date_Last_Reviewed\": \"2023-07-21\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1477780,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"00a2ae0c-5c25-47c3-92b8-8a547611fbef\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-02\",\n \"Date_Last_Reviewed\": \"2025-02-09\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1007300,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"8eeb8f7d-1959-4bea-a7d3-5079dd5b8400\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-05-12\",\n \"Date_Last_Reviewed\": \"2024-04-10\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, GDPR\",\n \"Loss_Estimate_USD\": 798601,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"ac9a1770-b65f-4962-a057-8a3e93109f15\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-11-15\",\n \"Date_Last_Reviewed\": \"2023-06-07\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1676891,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"28805691-fefa-4976-be1a-5d300cd2428a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-02-10\",\n \"Date_Last_Reviewed\": \"2025-05-13\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 801367,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"04a5fbf2-48a0-4fa8-a044-eb3c3cbd68f7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-07\",\n \"Date_Last_Reviewed\": \"2023-06-28\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, GDPR\",\n \"Loss_Estimate_USD\": 287009,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"2961e660-c5b1-4f22-bfbc-a0120d29e182\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-21\",\n \"Date_Last_Reviewed\": \"2024-03-18\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1973678,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c5acfb22-9095-49d6-9f61-f0f786a9e65b\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-12\",\n \"Date_Last_Reviewed\": \"2023-09-27\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 1790733,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"691a58b9-f950-4fbd-904f-6b8dca4b35d4\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-12-29\",\n \"Date_Last_Reviewed\": \"2024-04-02\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 427382,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"be034647-1e09-4b1d-affc-8685d33eb79d\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-08\",\n \"Date_Last_Reviewed\": \"2025-03-26\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 867596,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"21ac1c7a-2064-4c62-89a2-e54e33c062a9\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-16\",\n \"Date_Last_Reviewed\": \"2023-10-24\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 151523,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"50e6f6ec-bbf0-4c08-b364-69de2f3d3a49\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-13\",\n \"Date_Last_Reviewed\": \"2024-12-03\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 422086,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"8e4b8543-5b49-47be-a2c3-f54a0e7db222\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-11\",\n \"Date_Last_Reviewed\": \"2023-11-28\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 405240,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"7dd103d8-5513-41b7-ad7f-7a998b2f1926\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-29\",\n \"Date_Last_Reviewed\": \"2024-04-09\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 246993,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"28bae705-2b8e-4e6d-9f0a-6e4d6c42161c\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-15\",\n \"Date_Last_Reviewed\": \"2023-11-14\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 101070,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"69e9a2af-311f-40ad-ba7e-d9af21b8abe2\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-09-19\",\n \"Date_Last_Reviewed\": \"2025-03-26\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS\",\n \"Loss_Estimate_USD\": 1561715,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e5eb60a2-33ef-4f7b-aed5-a602b9e78bc7\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-04-06\",\n \"Date_Last_Reviewed\": \"2025-03-20\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1283576,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"3a30c148-f19d-4d83-b71a-e6aeea5de163\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-13\",\n \"Date_Last_Reviewed\": \"2024-12-07\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1491375,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f89d04c9-ade4-441f-8662-bb32944607d2\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-06-18\",\n \"Date_Last_Reviewed\": \"2024-01-11\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1045770,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"0458a886-2504-461a-9eef-175a34e381b1\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-02\",\n \"Date_Last_Reviewed\": \"2024-11-09\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 728923,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"8ae79a61-d768-473f-8b85-fc8b55ce13c5\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-03-05\",\n \"Date_Last_Reviewed\": \"2023-06-22\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR\",\n \"Loss_Estimate_USD\": 909465,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"40e9b922-6ba4-4480-a0b3-cfca22edc57e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-12-04\",\n \"Date_Last_Reviewed\": \"2024-11-07\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 765482,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9e276ce7-6a25-4d1a-a715-9f37c6dba651\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-25\",\n \"Date_Last_Reviewed\": \"2024-01-24\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 238856,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"75da387d-c150-4c2c-880c-2f87526d389e\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-05-10\",\n \"Date_Last_Reviewed\": \"2023-11-22\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 997919,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"ca797a2e-514a-402d-976d-2671da41ff9b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-21\",\n \"Date_Last_Reviewed\": \"2023-10-19\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1242820,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"af9273a3-d0fe-4c6f-a8dc-d3b3f86b35be\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-04\",\n \"Date_Last_Reviewed\": \"2024-06-17\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1462887,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"2eff2e49-7824-4736-90a2-aebce26351ed\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-11\",\n \"Date_Last_Reviewed\": \"2024-11-05\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 766145,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6c76e6ef-5a17-4b22-9ebf-25746105b367\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-13\",\n \"Date_Last_Reviewed\": \"2023-08-20\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 662237,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"4da8d2cb-2dad-47cc-8580-6ac4d9cfb5b0\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-02-13\",\n \"Date_Last_Reviewed\": \"2023-12-21\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1694522,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9a9261a9-92e5-457c-a631-af53a83b8a1e\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-28\",\n \"Date_Last_Reviewed\": \"2024-08-27\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 545307,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e8302a73-8a7b-41bb-b2b7-41ff1cdd1000\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-09-01\",\n \"Date_Last_Reviewed\": \"2024-11-25\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 11,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1352886,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"1824678c-ef23-4f63-9847-e2c18371e476\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-20\",\n \"Date_Last_Reviewed\": \"2024-04-29\",\n \"Likelihood\": 1,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 914073,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"a52b992e-2854-4157-b4d8-9aed05c1bb35\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-10-17\",\n \"Date_Last_Reviewed\": \"2024-05-20\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, GDPR, CCPA\",\n \"Loss_Estimate_USD\": 736230,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f0ee035e-5cc8-44c8-8fb9-387703ed4190\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-13\",\n \"Date_Last_Reviewed\": \"2025-05-07\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 158650,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"85b5f819-5c74-4bf2-837e-1773b288296c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-10-23\",\n \"Date_Last_Reviewed\": \"2024-03-27\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1338795,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"640e7fc1-6e27-4b3d-9dc4-90fede2551b0\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-05\",\n \"Date_Last_Reviewed\": \"2023-12-08\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 688066,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"30c4814d-650c-44c8-a999-067cc6de3c92\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-03\",\n \"Date_Last_Reviewed\": \"2024-10-01\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1152674,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8752050a-6fec-419e-91fd-ed9699680185\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-11-19\",\n \"Date_Last_Reviewed\": \"2025-04-25\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 742935,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"afeed992-6fb9-4740-94d0-6bb258bcda0c\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-03-08\",\n \"Date_Last_Reviewed\": \"2024-12-05\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 894022,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"1a8aacd4-05d3-4031-8a75-b8800be1c9f4\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-09\",\n \"Date_Last_Reviewed\": \"2024-10-25\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 1456272,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"8829db6d-d565-47fc-b313-adee677da547\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-21\",\n \"Date_Last_Reviewed\": \"2024-06-07\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1875609,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d2d527f4-da39-4444-915d-f3f55bbb03a1\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-23\",\n \"Date_Last_Reviewed\": \"2023-11-16\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1763473,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"cdc394ca-7878-46d1-874d-863e85d133db\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-16\",\n \"Date_Last_Reviewed\": \"2024-05-08\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1867487,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"c2274ebc-09bc-4460-b0e9-8cd4afbf7ded\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-08\",\n \"Date_Last_Reviewed\": \"2024-09-24\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 386246,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"83de5032-6ecd-4930-b79e-a22b56312860\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-08-23\",\n \"Date_Last_Reviewed\": \"2024-09-21\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 1177035,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"6e466383-c9d4-4244-aa83-1599d16663b5\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2025-04-23\",\n \"Date_Last_Reviewed\": \"2024-02-13\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1889545,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4a5d2f5b-e97c-49f8-8176-333166d38fad\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-01\",\n \"Date_Last_Reviewed\": \"2023-08-06\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 449851,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"b15499bb-2486-4159-a7c9-0db75bd13471\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-01-30\",\n \"Date_Last_Reviewed\": \"2023-09-29\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, SOX\",\n \"Loss_Estimate_USD\": 1437801,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n }\n]", "[\n {\n \"Risk_ID\": \"0bb5f2bc-79de-4233-a905-2d444b4d5e12\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-16\",\n \"Date_Last_Reviewed\": \"2023-08-22\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 1755069,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"66b9d38b-7f5a-4275-9d69-07e7e2f07872\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-08\",\n \"Date_Last_Reviewed\": \"2024-07-14\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, SOX\",\n \"Loss_Estimate_USD\": 451295,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ab51f4f6-1a2e-46fa-a9c1-ffb7ba263b9d\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-11-17\",\n \"Date_Last_Reviewed\": \"2023-11-30\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 10,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 729276,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"250a62de-2652-4097-bf29-caa961df9229\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-01\",\n \"Date_Last_Reviewed\": \"2023-11-07\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, SOX\",\n \"Loss_Estimate_USD\": 450829,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"01ec5307-192a-41a5-9801-6a02d7f1e6d5\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-17\",\n \"Date_Last_Reviewed\": \"2024-08-29\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1929610,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b3af3d6f-83a0-4cb7-9f6c-9a3b34c5be74\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-13\",\n \"Date_Last_Reviewed\": \"2024-12-08\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 856507,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"348b75d0-675e-4d17-856f-a5bae8fe29b5\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-12-20\",\n \"Date_Last_Reviewed\": \"2025-03-25\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1779796,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"88699dd0-23de-428f-9496-b27a6feb0da0\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-03-25\",\n \"Date_Last_Reviewed\": \"2024-09-25\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 954475,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n }\n]", "[\n {\n \"Risk_ID\": \"f10bd369-080b-4acf-809c-130db1020785\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-23\",\n \"Date_Last_Reviewed\": \"2025-01-10\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1110336,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"7d9af8a6-c8fd-45dd-b6b3-fdaa76e3adcd\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-14\",\n \"Date_Last_Reviewed\": \"2023-06-27\",\n \"Likelihood\": 2,\n \"Impact\": 1,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1730487,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"61a4957b-bfa0-42d6-84c1-e4168f0bbc13\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Reporting Error\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-28\",\n \"Date_Last_Reviewed\": \"2024-04-11\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1866208,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e7a955dc-fc41-477d-ba5a-5516e8b1629b\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-11-19\",\n \"Date_Last_Reviewed\": \"2024-10-29\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 855508,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ccfcb20d-6327-4f90-9870-b651c1774162\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-08-18\",\n \"Date_Last_Reviewed\": \"2023-09-01\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 263378,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"6ab52434-2769-43c3-8bd4-321ae7a19a84\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-02-25\",\n \"Date_Last_Reviewed\": \"2025-01-11\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, GDPR\",\n \"Loss_Estimate_USD\": 1133440,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"97b3c77e-754e-4d75-b72e-31191ed00fb3\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-23\",\n \"Date_Last_Reviewed\": \"2023-06-12\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 320935,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"cffe338a-c23c-457c-afc2-f7e417ce105b\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-08-03\",\n \"Date_Last_Reviewed\": \"2023-11-23\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 1174665,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"cbab97a2-452c-4324-91d8-9174e434e356\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2025-04-16\",\n \"Date_Last_Reviewed\": \"2023-12-01\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 183274,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"2356e052-07b2-4e70-9f71-622c42622c0e\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-08-19\",\n \"Date_Last_Reviewed\": \"2023-07-27\",\n \"Likelihood\": 4,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 707353,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c3df348a-8d6d-4e49-a1e6-41117b8f3dfa\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-05-17\",\n \"Date_Last_Reviewed\": \"2024-02-11\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 25,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1884277,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"841b2a8a-c6e9-442c-8cd4-0840a773f6a7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-09\",\n \"Date_Last_Reviewed\": \"2023-10-11\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 511348,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f4103f04-3268-4f18-a2cc-4d3e6f8e0a99\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-05-28\",\n \"Date_Last_Reviewed\": \"2024-04-19\",\n \"Likelihood\": 2,\n \"Impact\": 2,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1173241,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"e9889117-ca08-443e-a77d-4119c5f67a23\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-06-01\",\n \"Date_Last_Reviewed\": \"2024-10-23\",\n \"Likelihood\": 3,\n \"Impact\": 5,\n \"Inherent_Score\": 23,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1936450,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"70dc8e06-7552-46fe-b259-85d41d229965\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-08-26\",\n \"Date_Last_Reviewed\": \"2023-08-22\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 13,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 1638011,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"2856011a-8bf2-464f-9440-c981633ca9d5\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-01\",\n \"Date_Last_Reviewed\": \"2025-05-03\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX\",\n \"Loss_Estimate_USD\": 1936578,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"92ee5598-b9b3-4924-b25a-deb189e593a9\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-01-02\",\n \"Date_Last_Reviewed\": \"2024-07-06\",\n \"Likelihood\": 2,\n \"Impact\": 5,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1794373,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"da6ae9a8-17fc-4875-ab30-4067c6d85eb9\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-08-01\",\n \"Date_Last_Reviewed\": \"2025-04-26\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA\",\n \"Loss_Estimate_USD\": 699843,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"d056cd62-66e7-497c-800b-e5fae630ce97\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-10-06\",\n \"Date_Last_Reviewed\": \"2024-06-12\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 680824,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"a15256db-7ac6-4e6d-a7db-93522b09d4c8\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-05-15\",\n \"Date_Last_Reviewed\": \"2025-03-30\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 922200,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"f133c203-328b-4d47-9901-fb8d32ea760a\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-02-26\",\n \"Date_Last_Reviewed\": \"2023-09-13\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR\",\n \"Loss_Estimate_USD\": 969828,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"22cf5f8c-7a09-4c6c-8f23-699d0fa3e144\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2025-04-10\",\n \"Date_Last_Reviewed\": \"2025-05-05\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA\",\n \"Loss_Estimate_USD\": 718459,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"bb56f547-d894-4ce7-b7a5-085f6bb05ef4\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-07-13\",\n \"Date_Last_Reviewed\": \"2024-09-09\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 15,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 1870593,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"5acce695-3cd5-4f6b-b2db-a6a8247e622f\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2025-04-23\",\n \"Date_Last_Reviewed\": \"2025-02-21\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, HIPAA, SOX\",\n \"Loss_Estimate_USD\": 806152,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9d8ab570-f2b5-4682-868b-588960976de7\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-09-26\",\n \"Date_Last_Reviewed\": \"2024-08-19\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 10,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 100036,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"d3b4d00e-4d8d-4fc3-8d44-f1361b45a75e\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-12\",\n \"Date_Last_Reviewed\": \"2025-04-29\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX\",\n \"Loss_Estimate_USD\": 1456870,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"9537e24f-f662-4bb8-80fe-66892dabea81\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-08-28\",\n \"Date_Last_Reviewed\": \"2025-04-26\",\n \"Likelihood\": 4,\n \"Impact\": 5,\n \"Inherent_Score\": 12,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, SOX\",\n \"Loss_Estimate_USD\": 1857014,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8e04f644-4ce0-48d4-b807-26e5285c0bd9\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-07-03\",\n \"Date_Last_Reviewed\": \"2023-09-21\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 528571,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n }\n]", "[\n {\n \"Risk_ID\": \"9d60501d-13fb-46fd-91d8-0f962b32ff9a\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An employee account was used to access restricted systems without proper authorization.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"Audit Finding\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-06-27\",\n \"Date_Last_Reviewed\": \"2024-12-17\",\n \"Likelihood\": 5,\n \"Impact\": 2,\n \"Inherent_Score\": 17,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS\",\n \"Loss_Estimate_USD\": 1185632,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"3513b4bd-c611-475a-92b5-9a07b9bb0c64\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-01-15\",\n \"Date_Last_Reviewed\": \"2025-04-29\",\n \"Likelihood\": 1,\n \"Impact\": 2,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 1776140,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9e83f82c-2f5d-4e50-8a13-c08f1ce5c0e0\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-02-06\",\n \"Date_Last_Reviewed\": \"2024-01-30\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 24,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 840578,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"cedd112a-0839-4100-abf4-01bfb6bea0b3\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"System Misconfiguration\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-12-07\",\n \"Date_Last_Reviewed\": \"2025-01-05\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 1237764,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"950b1485-823d-4cce-84a1-21d1c549c721\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-06-25\",\n \"Date_Last_Reviewed\": \"2023-07-27\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 244146,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"94d99fce-1cef-4a11-b168-5825e0ccd029\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-06-20\",\n \"Date_Last_Reviewed\": \"2023-10-04\",\n \"Likelihood\": 4,\n \"Impact\": 4,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, SOX, HIPAA\",\n \"Loss_Estimate_USD\": 1150358,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"b4e41d10-a0b8-4f92-afcd-b08106670f06\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2024-09-08\",\n \"Date_Last_Reviewed\": \"2024-02-08\",\n \"Likelihood\": 5,\n \"Impact\": 3,\n \"Inherent_Score\": 16,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, PCI-DSS, CCPA\",\n \"Loss_Estimate_USD\": 539465,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"9306cfce-36ba-47c5-9f9b-ebb9e3164276\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"HIPAA Risk\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-10-17\",\n \"Date_Last_Reviewed\": \"2025-05-10\",\n \"Likelihood\": 4,\n \"Impact\": 3,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 1434476,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"ce0b5186-a77c-4ce5-ae36-4e4b1f963723\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-10-01\",\n \"Date_Last_Reviewed\": \"2024-04-24\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 22,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, GDPR, HIPAA\",\n \"Loss_Estimate_USD\": 1618578,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]", "[\n {\n \"Risk_ID\": \"9029f243-16db-472f-bec7-79cb0cf40bb2\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-22\",\n \"Date_Last_Reviewed\": \"2023-10-31\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 8,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX\",\n \"Loss_Estimate_USD\": 157371,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"10d3775f-61d8-4eab-84ae-ef56cc36e9a7\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-05-20\",\n \"Date_Last_Reviewed\": \"2024-04-05\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 11,\n \"Residual_Score\": 6,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, GDPR\",\n \"Loss_Estimate_USD\": 688370,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"e21f32b3-33b8-4e1d-9720-0ce252d31c56\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-07-20\",\n \"Date_Last_Reviewed\": \"2023-06-15\",\n \"Likelihood\": 5,\n \"Impact\": 1,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 14,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, SOX\",\n \"Loss_Estimate_USD\": 1886533,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4c411554-dc9e-444e-85f8-8363d1cd871d\",\n \"Title\": \"Misconfigured Firewall Rule\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-03-18\",\n \"Date_Last_Reviewed\": \"2025-03-30\",\n \"Likelihood\": 3,\n \"Impact\": 4,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 180846,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"f2bc967d-e488-4176-8c8a-b34a30540c68\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Internal Audit\",\n \"Owner_Name\": \"Casey Liu\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-10-19\",\n \"Date_Last_Reviewed\": \"2023-06-15\",\n \"Likelihood\": 1,\n \"Impact\": 5,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA, CCPA, SOX\",\n \"Loss_Estimate_USD\": 497288,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n },\n {\n \"Risk_ID\": \"4aba24c7-fc46-4de1-bc41-4666127ae9d6\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-09-17\",\n \"Date_Last_Reviewed\": \"2024-05-24\",\n \"Likelihood\": 5,\n \"Impact\": 5,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 5,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, HIPAA, PCI-DSS\",\n \"Loss_Estimate_USD\": 398521,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"c931e289-bad5-4844-8c9e-f5c379a95c2a\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"A third-party vendor exposed sensitive data due to misconfigured cloud storage.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Operations\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Open\",\n \"Date_Identified\": \"2023-07-05\",\n \"Date_Last_Reviewed\": \"2025-05-13\",\n \"Likelihood\": 1,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 1,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS\",\n \"Loss_Estimate_USD\": 799287,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"c8c2d165-4a74-475e-b6eb-ebc3a365b2f4\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Budget Overrun\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-06-01\",\n \"Date_Last_Reviewed\": \"2023-06-10\",\n \"Likelihood\": 3,\n \"Impact\": 3,\n \"Inherent_Score\": 21,\n \"Residual_Score\": 12,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"PCI-DSS, HIPAA\",\n \"Loss_Estimate_USD\": 1065887,\n \"Region\": \"North America\",\n \"Source\": \"Internal\"\n },\n {\n \"Risk_ID\": \"ad70c3e8-f885-442b-afb2-2cbab50f21bb\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Resource Overutilization\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-06-23\",\n \"Date_Last_Reviewed\": \"2025-02-23\",\n \"Likelihood\": 5,\n \"Impact\": 4,\n \"Inherent_Score\": 18,\n \"Residual_Score\": 9,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, GDPR\",\n \"Loss_Estimate_USD\": 639321,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"f495c979-3b4b-40fe-a579-49d1e1426ae8\",\n \"Title\": \"Unpatched Critical System\",\n \"Description\": \"A key vendor failed to meet compliance requirements for GDPR and SOC 2.\",\n \"Category\": \"Compliance\",\n \"Subcategory\": \"GDPR Violation\",\n \"Owner_Department\": \"Finance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2024-06-20\",\n \"Date_Last_Reviewed\": \"2024-07-01\",\n \"Likelihood\": 3,\n \"Impact\": 1,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, CCPA\",\n \"Loss_Estimate_USD\": 558527,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"3dcd6409-2d0a-4404-8bd4-eb3c3f9a3279\",\n \"Title\": \"Financial Reporting Discrepancy\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Phishing\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2024-03-08\",\n \"Date_Last_Reviewed\": \"2024-10-23\",\n \"Likelihood\": 4,\n \"Impact\": 2,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 4,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA\",\n \"Loss_Estimate_USD\": 657809,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"a5c3c317-fd1f-431f-a708-97ab8d7c8b4b\",\n \"Title\": \"Vendor Compliance Gap\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Operations\",\n \"Subcategory\": \"Downtime\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Riley Kim\",\n \"Status\": \"Mitigated\",\n \"Date_Identified\": \"2023-12-31\",\n \"Date_Last_Reviewed\": \"2024-11-23\",\n \"Likelihood\": 2,\n \"Impact\": 4,\n \"Inherent_Score\": 19,\n \"Residual_Score\": 7,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"SOX, HIPAA, CCPA\",\n \"Loss_Estimate_USD\": 748413,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"87832b61-09ba-4fb4-bb93-dc7782d28889\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Firewall misconfigurations allowed external access to internal databases for several days.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Third-Party Risk\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Alex Monroe\",\n \"Status\": \"Under Review\",\n \"Date_Identified\": \"2023-11-26\",\n \"Date_Last_Reviewed\": \"2024-08-07\",\n \"Likelihood\": 1,\n \"Impact\": 1,\n \"Inherent_Score\": 20,\n \"Residual_Score\": 3,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"CCPA, SOX, PCI-DSS\",\n \"Loss_Estimate_USD\": 1769406,\n \"Region\": \"North America\",\n \"Source\": \"External\"\n },\n {\n \"Risk_ID\": \"df03661b-b82e-46d7-9e1d-5997622f8959\",\n \"Title\": \"Unauthorized Access Incident\",\n \"Description\": \"An inconsistency was identified in quarterly financial reporting involving deferred revenues.\",\n \"Category\": \"Finance\",\n \"Subcategory\": \"Unauthorized Transaction\",\n \"Owner_Department\": \"IT Security\",\n \"Owner_Name\": \"Morgan Patel\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2023-12-28\",\n \"Date_Last_Reviewed\": \"2023-08-31\",\n \"Likelihood\": 3,\n \"Impact\": 2,\n \"Inherent_Score\": 14,\n \"Residual_Score\": 13,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"GDPR, CCPA\",\n \"Loss_Estimate_USD\": 143552,\n \"Region\": \"North America\",\n \"Source\": \"3rd Party\"\n },\n {\n \"Risk_ID\": \"8dbbdb16-f231-4a5b-aef3-ba256464f1fc\",\n \"Title\": \"Third-Party Data Exposure\",\n \"Description\": \"Critical security patches were not applied to legacy systems within the SLA timeframe.\",\n \"Category\": \"Cyber\",\n \"Subcategory\": \"Data Breach\",\n \"Owner_Department\": \"Compliance\",\n \"Owner_Name\": \"Jordan Smith\",\n \"Status\": \"Closed\",\n \"Date_Identified\": \"2024-05-16\",\n \"Date_Last_Reviewed\": \"2023-10-28\",\n \"Likelihood\": 2,\n \"Impact\": 3,\n \"Inherent_Score\": 15,\n \"Residual_Score\": 2,\n \"Mitigation_Strategy\": \"Review affected systems and implement automated compliance checks.\",\n \"Controls_In_Place\": \"Periodic audits, firewall logging, access controls\",\n \"Regulatory_Impact\": \"HIPAA\",\n \"Loss_Estimate_USD\": 1526443,\n \"Region\": \"North America\",\n \"Source\": \"Natural\"\n }\n]"]} \ No newline at end of file