Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b4d2be83ebe7295a89fb90780d1d03cb84ab2b3d
breakpilot-compliance/docs-src/services/sdk-modules/risks.md
Benjamin Admin a1980cd12d
All checks were successful
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-ai-compliance (push) Successful in 37s
Details
CI / test-python-backend-compliance (push) Successful in 33s
Details
CI / test-python-document-crawler (push) Successful in 23s
Details
CI / test-python-dsms-gateway (push) Successful in 18s
Details
feat(reporting+docs): tenant-ID-Validierung, Go-Tests, 4 MkDocs-Einzelseiten 
- reporting_handlers.go: uuid.Nil-Check vor Store-Aufruf (→ 400)
- reporting_handlers_test.go: 4 MissingTenantID-Tests (PASS) + 4 WithTenant-Tests (SKIP)
- docs-src: requirements.md, controls.md, evidence.md, risks.md (je mit API, Schema, Tests)
- mkdocs.yml: 4 neue Nav-Einträge + \n-Bug auf Zeile 91 behoben
- compliance-kern.md: Link-Hinweise zu Detailseiten ergänzt

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-05 18:25:26 +01:00

125 lines
3.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Risiken (CP-RSK)
Verwaltet Datenschutz- und KI-Risiken mit Risikobewertung nach Likelihood × Impact.
**Prefix:** `CP-RSK` · **Frontend:** `https://macmini:3007/sdk/risks`
**Proxy:** `/api/sdk/v1/compliance/[[...path]]``backend-compliance:8002/compliance/...`
---
## Features
- Risikomatrix (Likelihood × Impact, 5×5)
- Kategorisierung nach Datenschutz, KI, Betrieb, Sicherheit
- Status-Tracking: open / mitigated / accepted / closed
- Restrisiko nach Mitigationsmaßnahmen
- Verknüpfung mit Controls
---
## Rechtsgrundlage
| Artikel | Bezug |
|---------|-------|
| Art. 24 DSGVO | Risikobasierter Ansatz |
| Art. 32 DSGVO | Risikobewertung für Sicherheitsmaßnahmen |
| Art. 35 DSGVO | DSFA bei hohem Risiko |
| Art. 9 AI Act | Risikomanagementsystem für KI |
---
## Risikobewertung
| Stufe | Likelihood × Impact | Farbe |
|-------|---------------------|-------|
| `low` | ≤ 4 | Grün |
| `medium` | 59 | Gelb |
| `high` | 1019 | Orange |
| `critical` | ≥ 20 | Rot |
---
## API Endpoints
| Methode | Pfad | Beschreibung |
|---------|------|--------------|
| `GET` | `/risks` | Liste (`category`, `status`, `risk_level`) |
| `POST` | `/risks` | Neues Risiko anlegen |
| `PUT` | `/risks/{risk_id}` | Risiko aktualisieren (Status, Restrisiko) |
| `DELETE` | `/risks/{risk_id}` | Risiko löschen |
| `GET` | `/risks/matrix` | Risikomatrix (Likelihood × Impact) |
### Risikomatrix-Response
```http
GET /risks/matrix
```
```json
{
"matrix": {
"3": { "4": ["RISK-001", "RISK-007"] },
"1": { "1": [] }
},
"risks": [...]
}
```
Die Matrix ist nach `likelihood` (15) → `impact` (15) → `[risk_ids]` strukturiert.
### Request-Beispiel (POST)
```json
{
"title": "Unbefugter Datenzugriff durch Dritte",
"category": "data_privacy",
"likelihood": 3,
"impact": 4,
"description": "Dritte könnten über unsichere APIs auf personenbezogene Daten zugreifen.",
"mitigation": "Einführung von API-Gateway mit Authentifizierung"
}
```
---
## Frontend
**URL:** `https://macmini:3007/sdk/risks`
Interaktive Risikomatrix als 5×5-Heatmap. Listenansicht mit Status-Badges und Kategorie-Filter. Neue Risiken können über ein Formular angelegt und direkt gemindert werden.
---
## Datenbankschema
```sql
compliance_risks (
id UUID PRIMARY KEY,
risk_id VARCHAR UNIQUE, -- z.B. "RISK-001"
title TEXT,
category VARCHAR, -- data_privacy/ai/operational/security
description TEXT,
likelihood INTEGER CHECK (likelihood BETWEEN 1 AND 5),
impact INTEGER CHECK (impact BETWEEN 1 AND 5),
inherent_risk VARCHAR, -- low/medium/high/critical
residual_risk VARCHAR,
status VARCHAR DEFAULT 'open',
mitigation TEXT,
owner VARCHAR,
created_at TIMESTAMP,
updated_at TIMESTAMP
)
```
---
## Tests
**Testdatei:** `backend-compliance/tests/test_risk_routes.py`
**Anzahl Tests:** 16 (+ 8 aus Paket 2) · **Status:** ✅ alle bestanden (Stand 2026-03-05)
```bash
cd backend-compliance
python3 -m pytest tests/test_risk_routes.py -v
```
Reference in New Issue View Git Blame Copy Permalink