Feared Events
Project description
Feared Events
This module allows you to manage feared events (security incidents) of your Information Security Management System (ISMS) and assess their risk using a configurable risk matrix.
Key concepts:
Feared Events — Security incidents that could impact your organization, each classified by the security properties they threaten: Confidentiality, Integrity, and/or Availability (CIA triad).
Attack Vectors — The means by which a threat could materialize. Each vector carries three risk ratings (probability × severity): Original (before any control), Current (with controls already in place), and Residual (after planned remediation). A feared event’s overall rating is automatically computed as the maximum across all its vectors.
Scenarios — Links between a feared event, an attack vector, and a threat source, with a description of how the attack could unfold.
Threat Sources — The origin of a threat (e.g. external attacker, malicious insider, compromised supplier).
Security Controls — Countermeasures applied to reduce risk, each flagged as Prevention, Protection, and/or Recovery.
Assets — Primary assets (the information or processes to protect) and Supporting assets (the infrastructure that hosts them), organized by category.
Risk Matrix — A visual heat-map report that plots feared events by probability and severity for a chosen risk type (original, current, or residual), with color-coded cells (green / orange / red).
Table of contents
Configuration
Risk Matrix Levels
Define which cells in the risk matrix are green, orange, or red.
Go to Management System > Configuration > Security > Risk Matrix Levels and create one record per zone. Each level covers a rectangular region of the matrix defined by a probability range and a severity range. Ranges must not overlap.
A default 4 × 4 matrix configuration is installed with the module. Adjust it to match your organization’s risk appetite.
Assets and Threat Sources
Before creating vectors and events, populate the reference data:
Management System > Manuals > Security > Assets > Primary Assets — the information assets or business processes you need to protect.
Management System > Manuals > Security > Assets > Supporting Assets — the servers, software, and infrastructure that host primary assets. Link each supporting asset to the primary assets it carries.
Management System > Manuals > Security > Threat Sources — the actors or causes that could exploit a vector (e.g. external attacker, malicious insider).
Usage
Typical workflow
1. Create attack vectors
Go to Management System > Manuals > Security > Vectors and create one record per attack vector. For each vector:
Set the Original probability and severity (risk without any control).
Set the Current probability and severity (risk with existing controls).
Set the Residual probability and severity (risk after planned remediation).
Optionally link the supporting assets that are exposed by this vector.
2. Create security controls
Go to Management System > Manuals > Security > Controls and create the countermeasures available in your organization.
3. Create feared events
Go to Management System > Manuals > Security > Feared Events and create one record per feared event. For each event:
Tick the Confidentiality, Integrity, and/or Availability flags that the event threatens.
In the Scenarios tab, add one line per attack scenario: select the vector and threat source, and describe how the attack could unfold. The event’s risk ratings (probability and severity) are automatically computed as the maximum across all linked vectors.
In the Controls tab, add the controls that mitigate this event. For each control line, indicate whether it acts as Prevention, Protection, and/or Recovery, and optionally link the specific supporting asset it protects.
Use the search bar to filter events by Confidentiality, Integrity, or Availability, or group them by system or severity.
4. Generate the risk matrix
Go to Management System > Manuals > Security > Risk Matrix, select the risk type (Original, Current, or Residual), and click Done to generate the PDF report. Each cell shows the feared events at that probability/severity intersection, color-coded by the configured risk level.
Bug Tracker
Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed feedback.
Do not contact contributors directly about support or help with technical issues.
Credits
Contributors
-
Loïc Faure-Lacroix loic.lacroix@savoirfairelinux.com
David Dufresne david.dufresne@savoirfairelinux.com
Maxime Chambreuil maxime.chambreuil@savoirfairelinux.com
Nicolas Zin nicolas.zin@savoirfairelinux.com
-
Maxime Chambreuil maxime.chambreuil@graymatterlogic.com
Maintainers
This module is maintained by the OCA.
OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use.
Current maintainer:
This module is part of the OCA/management-system project on GitHub.
You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file odoo_addon_mgmtsystem_security_event-19.0.2.0.0.1-py3-none-any.whl.
File metadata
- Download URL: odoo_addon_mgmtsystem_security_event-19.0.2.0.0.1-py3-none-any.whl
- Upload date:
- Size: 92.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
67fb85f25ea40770698e3cf0bb02e12e535cad09843c2fe6e1eefd23cadf93ea
|
|
| MD5 |
7bab3c5d53c0b483b4237217d372bfd4
|
|
| BLAKE2b-256 |
898d075bf2175eade7db500c2e963f8e50cfa4e4d9202948d4abd878fb8470f0
|