Simulation note: This is a controlled teaching artefact for The LotusCare Breach (Simulation).
Content is fictional and designed to model organisational decision-making under uncertainty.
No real personal data, real ransomware instructions, or operational steps are included.
Risk Register (Snapshot)
This register models organisational risk thinking: operational, legal, reputational, and client harm.
| Risk | Impact | Likelihood | Mitigation / action | Owner |
|---|---|---|---|---|
| Service disruption persists | High | Medium | Prioritise critical services; validate restore integrity. | Operations |
| Unverified exfiltration claim escalates public concern | High | Medium | Comms discipline; avoid overclaiming; update cadence. | Comms + Legal |
| Actual disclosure of sensitive client data | Very high | Uncertain | Prepare support workflows; determine plausible cohorts; notification plan. | Security + Client Services |
| Staff misinformation / inconsistent messaging | Medium | Medium | Single internal FAQ; scripted responses; manager brief. | People & Culture |
| Regulatory non-compliance (timelines, content) | High | Low–Med | Legal review of notifications; document decisions. | Legal |
IT Asset Context
Background context only. This summary is intended to help learners understand the likely technology estate supporting a national service provider like LotusCare.
| Asset group | Likely estate | Why it matters in this scenario |
|---|---|---|
| Core business systems | Finance, HR, rostering, payroll, case management, reporting. | Disruption affects staffing, payments, workforce coordination, and executive visibility. |
| Client and service platforms | Client records, appointment scheduling, service-delivery notes, and support portals. | These systems shape both operational continuity and the potential harm from unauthorised disclosure. |
| Productivity and identity | Email, file sharing, collaboration tools, identity and access management, MFA. | These are common pathways for compromise and critical for internal coordination during response. |
| Endpoint fleet | Laptops, desktops, shared frontline devices, executive devices, contractor access points. | Wide endpoint spread increases exposure and complicates containment and recovery. |
| Infrastructure and backups | Server workloads, virtual environments, storage, backups, remote access, network services. | Recovery speed and integrity depend on these assets being trustworthy and restorable. |
| Public-facing and communications systems | Corporate website, contact-centre tools, notification channels, media and stakeholder comms systems. | These influence reputation, scam risk, and how quickly clients receive reliable information. |
Reference artefact: LC-IT-01 — System / Asset Inventory Snapshot.
Use this as background context when assessing operational, client harm, and recovery risks.
Decision log (prompt)
Record major decisions with: rationale, evidence base, and review trigger.