2020-22 Data leak or installation of malware at repair shop

Risk

AssetConfidential data stored on mobile device (laptop, tablet or phone)
Threat

Repair shop gets access to (confidential data stored on) mobile device, data is leaked or malware is installed.

The likelihood of this risk will increase with a BYOD policy, as users are inclined to choose a cheaper repair shop over an authorized dealer to repair a broken screen.

Category

CONFIDENTIALITY INTEGRITY

LikelihoodL
ImpactH
ExposureM
OwnerManagement

Treatment

Treatment

MITIGATE

Measures
Residual exposureL
ResponsibleSecurity officer (role)

The exposure is expressed as a factor of the likelihood and impact.
Likelihood
/ Impact
HighMediumLow
High

H

H

M

Medium

H

M

L

Low

M

L

L

 Definitions of likelihood and impact...

Likelihood

LikelihoodDescriptionFrequency
Low
  • It is not likely to materialize
  • It has never happened to organizations similar to ours
Less than once per year
Medium
  • It is likely to materialize
  • It has happened to organizations similar to ours
Once or twice per year
High
  • It is very likely to materialize
  • It has happened to our organization before
Multiple times per year

Impact

Impact

Description

FinancialImageLegal
Low
  • Some data or information is not accurate or available
  • Small amounts of non-sensitive personal data leaked
  • Small damage or consequences
<10% of the net result/budget

Incidental (local) media attention

Possible claims

Medium
  • Most data or information is not accurate or available
  • Large amounts of non-sensitive personal data leaked
  • Considerable damage or consequences
10-30% of the net result/budget

Incidental nationwide media attention or frequent local media attention

Lawsuit, multiple claims

High
  • Most or all data or information is not accurate or available
  • Large amounts of sensitive personal data leaked
  • Large damage or consequences for the continuity of the organization
>30% of the net result/budget

Frequent nationwide media attention

Lawsuits