Skip to content

data: add 9 missing risks across human capital, operations and strategic categories#822

Open
tejas0077 wants to merge 1 commit intogetprobo:mainfrom
tejas0077:fix/add-missing-risks-json
Open

data: add 9 missing risks across human capital, operations and strategic categories#822
tejas0077 wants to merge 1 commit intogetprobo:mainfrom
tejas0077:fix/add-missing-risks-json

Conversation

@tejas0077
Copy link

@tejas0077 tejas0077 commented Mar 12, 2026
edited by cubic-dev-ai bot
Loading

What does this PR do?

Probo helps startups manage compliance — but the risk library
had some gaps that compliance professionals would immediately notice.

As an ISO 27001 Lead Auditor, I went through risks.json and
found 3 categories significantly underrepresented compared to others.

So I added 9 new risks that real startups face every day.

Risks Added

Human capital (6 → 9)

  • Security awareness gap due to lack of employee training
  • Insider threat due to disgruntled employee
  • Compliance violation due to inadequate role-based training

Operations (7 → 10)

  • Data loss due to absence of backup and recovery procedures
  • Compliance failure due to untracked third party vendors
  • Service disruption due to missing incident response plan

Strategic (7 → 10)

  • Regulatory risk due to expansion into new markets
  • Security posture weakness due to rapid product scaling
  • Loss of enterprise deals due to missing security certifications

Why these specifically?

These aren't random additions. Every single risk maps directly
to ISO/IEC 27001:2022 Annex A controls and reflects real
scenarios I've studied and worked with hands-on.

A startup missing these risks in their assessment is a startup
walking into an audit unprepared.

References

  • ISO/IEC 27001:2022 Annex A
  • NIST Cybersecurity Framework
  • OWASP Risk Rating Methodology

Summary by cubic

Add 9 missing risks to the library across Human capital, Operations, and Strategic to close coverage gaps and align with ISO/IEC 27001:2022. Improves assessment completeness for startups and avoids common audit misses.

  • New Features

    • Human capital (+3): Security awareness gap due to lack of employee training; Insider threat due to disgruntled employee; Compliance violation due to inadequate role-based training.
    • Operations (+3): Data loss due to absence of backup and recovery procedures; Compliance failure due to untracked third party vendors; Service disruption due to missing incident response plan.
    • Strategic (+3): Regulatory risk due to expansion into new markets; Security posture weakness due to rapid product scaling; Loss of enterprise deals due to missing security certifications.

  • Bug Fixes

    • Normalized em dashes in a Health risk description for consistent punctuation.

Written for commit 04fb8ee. Summary will update on new commits.

data: add 9 missing risks across human capital, operations and strate…
04fb8ee 
…gic categories aligned with ISO 27001

Signed-off-by: Tejas Saubhage <tsaubhage0007@gmail.com>
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Mar 12, 2026
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

@tejas0077 tejas0077 mentioned this pull request Mar 12, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tejas0077