Skip to main content

Feared Events

Project description

Odoo Community Association

Feared Events

Beta License: AGPL-3 OCA/management-system Translate me on Weblate Try me on Runboat

This module allows you to manage feared events (security incidents) of your Information Security Management System (ISMS) and assess their risk using a configurable risk matrix.

Key concepts:

  • Feared Events — Security incidents that could impact your organization, each classified by the security properties they threaten: Confidentiality, Integrity, and/or Availability (CIA triad).

  • Attack Vectors — The means by which a threat could materialize. Each vector carries three risk ratings (probability × severity): Original (before any control), Current (with controls already in place), and Residual (after planned remediation). A feared event’s overall rating is automatically computed as the maximum across all its vectors.

  • Scenarios — Links between a feared event, an attack vector, and a threat source, with a description of how the attack could unfold.

  • Threat Sources — The origin of a threat (e.g. external attacker, malicious insider, compromised supplier).

  • Security Controls — Countermeasures applied to reduce risk, each flagged as Prevention, Protection, and/or Recovery.

  • Assets — Primary assets (the information or processes to protect) and Supporting assets (the infrastructure that hosts them), organized by category.

  • Risk Matrix — A visual heat-map report that plots feared events by probability and severity for a chosen risk type (original, current, or residual), with color-coded cells (green / orange / red).

Table of contents

Configuration

Risk Matrix Levels

Define which cells in the risk matrix are green, orange, or red.

Go to Management System > Configuration > Security > Risk Matrix Levels and create one record per zone. Each level covers a rectangular region of the matrix defined by a probability range and a severity range. Ranges must not overlap.

A default 4 × 4 matrix configuration is installed with the module. Adjust it to match your organization’s risk appetite.

Assets and Threat Sources

Before creating vectors and events, populate the reference data:

  • Management System > Manuals > Security > Assets > Primary Assets — the information assets or business processes you need to protect.

  • Management System > Manuals > Security > Assets > Supporting Assets — the servers, software, and infrastructure that host primary assets. Link each supporting asset to the primary assets it carries.

  • Management System > Manuals > Security > Threat Sources — the actors or causes that could exploit a vector (e.g. external attacker, malicious insider).

Usage

Typical workflow

1. Create attack vectors

Go to Management System > Manuals > Security > Vectors and create one record per attack vector. For each vector:

  • Set the Original probability and severity (risk without any control).

  • Set the Current probability and severity (risk with existing controls).

  • Set the Residual probability and severity (risk after planned remediation).

  • Optionally link the supporting assets that are exposed by this vector.

2. Create security controls

Go to Management System > Manuals > Security > Controls and create the countermeasures available in your organization.

3. Create feared events

Go to Management System > Manuals > Security > Feared Events and create one record per feared event. For each event:

  • Tick the Confidentiality, Integrity, and/or Availability flags that the event threatens.

  • In the Scenarios tab, add one line per attack scenario: select the vector and threat source, and describe how the attack could unfold. The event’s risk ratings (probability and severity) are automatically computed as the maximum across all linked vectors.

  • In the Controls tab, add the controls that mitigate this event. For each control line, indicate whether it acts as Prevention, Protection, and/or Recovery, and optionally link the specific supporting asset it protects.

Use the search bar to filter events by Confidentiality, Integrity, or Availability, or group them by system or severity.

4. Generate the risk matrix

Go to Management System > Manuals > Security > Risk Matrix, select the risk type (Original, Current, or Residual), and click Done to generate the PDF report. Each cell shows the feared events at that probability/severity intersection, color-coded by the configured risk level.

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed feedback.

Do not contact contributors directly about support or help with technical issues.

Credits

Authors

  • Savoir-faire Linux

Contributors

Maintainers

This module is maintained by the OCA.

Odoo Community Association

OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use.

This module is part of the OCA/management-system project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file odoo_addon_mgmtsystem_security_event-19.0.1.0.0.5-py3-none-any.whl.

File metadata

File hashes

Hashes for odoo_addon_mgmtsystem_security_event-19.0.1.0.0.5-py3-none-any.whl
Algorithm Hash digest
SHA256 bf82ec02d95595fba20df681ccdc0a500a297b6c1237ae616fc06de0f26a3bdb
MD5 bd2ac7ef5d655a9f0290c25db3a4f43e
BLAKE2b-256 27cc8d348d7ef3dc3f4872fd8c1d575f0ecd9d31e0500abbdd8ae329969bb94e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page