Risk Register
Northridge Plaza Properties — Tracked findings
Twenty-five findings tracked across the engagement. Sort by severity, filter by status, or export the current view to CSV for hand-off to client IT.
- Critical
- 2
- High
- 7
- Medium
- 8
- Low
- 8
Showing 25 of 25
| ID | Finding | Severity | Category | Owner | Status | Target |
|---|---|---|---|---|---|---|
| NRP-001 | Camera firmware exposes admin interface to internet | Critical | Devices | Vendor | In progress | 2026-05-10 |
| NRP-002 | Shared admin credentials on POS systems | Critical | Identity | Client IT | Resolved | 2026-04-02 |
| NRP-003 | No network segmentation between IoT and office LAN | High | Network | IoTGuardian Analyst | In progress | 2026-05-20 |
| NRP-004 | Vendor remote-access account has standing privileges | High | Vendor | Client IT | Open | 2026-05-31 |
| NRP-005 | Door access controller runs unsupported firmware | High | Devices | Vendor | Open | 2026-07-15 |
| NRP-006 | No multi-factor on cloud property-management portal | High | Identity | IoTGuardian Analyst | Resolved | 2026-03-29 |
| NRP-007 | Guest Wi-Fi shares VLAN with office Wi-Fi | High | Network | IoTGuardian Analyst | Resolved | 2026-03-25 |
| NRP-008 | POS terminal OS one major version behind | High | Devices | Client IT | In progress | 2026-06-01 |
| NRP-009 | Office printer admin interface uses default credentials | High | Devices | Client IT | Resolved | 2026-03-30 |
| NRP-010 | Backup files stored on same NAS as primary data | Medium | Data | Client IT | Open | 2026-06-30 |
| NRP-011 | Cameras send unencrypted RTSP to NVR | Medium | Network | IoTGuardian Analyst | In progress | 2026-06-15 |
| NRP-012 | No centralised logging for door-access events | Medium | Data | IoTGuardian Analyst | Open | 2026-07-10 |
| NRP-013 | Tablet fleet lacks MDM enrolment | Medium | Devices | Client IT | In progress | 2026-05-25 |
| NRP-014 | Wi-Fi password posted in leasing offices | Medium | Identity | Client IT | Resolved | 2026-04-01 |
| NRP-015 | No password manager for shared service credentials | Medium | Identity | Client IT | Open | 2026-06-20 |
| NRP-016 | Smart thermostat reachable from guest VLAN | Medium | Network | IoTGuardian Analyst | Resolved | 2026-03-28 |
| NRP-017 | TLS certificate on portal expired on a recent renewal | Medium | Data | Vendor | Resolved | 2026-04-04 |
| NRP-018 | NVR storage at 92 % full | Low | Data | Client IT | In progress | 2026-05-15 |
| NRP-019 | Office router uses end-of-life WPA2-PSK on a hidden test SSID | Low | Network | IoTGuardian Analyst | Resolved | 2026-03-22 |
| NRP-020 | UPS firmware out of date | Low | Devices | Client IT | Open | 2026-06-05 |
| NRP-021 | SNMP enabled with default community on switch stack | Low | Network | IoTGuardian Analyst | Resolved | 2026-03-31 |
| NRP-022 | Service-provider router publishes uPnP | Low | Network | Vendor | Open | 2026-05-12 |
| NRP-023 | No security-awareness training on file | Low | Identity | IoTGuardian Analyst | Open | 2026-07-01 |
| NRP-024 | Old vendor LAN drop labelled "fax" still patched in | Low | Network | Client IT | Accepted | 2026-06-15 |
| NRP-025 | Cash-drawer trigger cable shares wiring with POS network | Low | Devices | Client IT | Won’t fix | 2026-04-01 |