| text,label | |
| An employee clicks a phishing email pretending to be HR,High Risk | |
| A developer pushes API keys to a public GitHub repository,High Risk | |
| Firewall rules are reviewed and tightened quarterly,Low Risk | |
| An unknown USB drive is plugged into an office computer,High Risk | |
| Multi-factor authentication is enabled for all admin accounts,Low Risk | |
| A server is running an outdated operating system,Medium Risk | |
| An employee reports a suspicious email to IT immediately,Low Risk | |
| Database backups are stored without encryption,High Risk | |
| Antivirus definitions are updated daily,Low Risk | |
| An open port is detected during a routine security scan,Medium Risk | |
| Employees reuse the same password across multiple systems,High Risk | |
| Security awareness training is conducted every six months,Low Risk | |
| A company laptop is lost without disk encryption enabled,High Risk | |
| Access logs are reviewed only after an incident occurs,Medium Risk | |
| Critical systems are isolated using network segmentation,Low Risk | |
| An intern is given admin access without approval,High Risk | |
| Patch management is delayed due to operational workload,Medium Risk | |
| A public Wi-Fi network is used without a VPN for work tasks,High Risk | |
| Security alerts are ignored due to alert fatigue,Medium Risk | |
| Sensitive files are shared through unsecured messaging apps,High Risk | |
| An organization enforces least-privilege access policies,Low Risk | |
| Default credentials are left unchanged on network devices,High Risk | |
| A web application lacks input validation,Medium Risk | |
| Intrusion detection systems are actively monitored,Low Risk | |
| Employees disable antivirus to improve performance,High Risk | |
| Incident response plans are documented but not tested,Medium Risk | |
| Password managers are recommended and enforced,Low Risk | |
| Third-party vendors are not security-audited,Medium Risk | |
| Logs are centrally collected and correlated,Low Risk | |
| A critical vulnerability is publicly disclosed but not patched,High Risk | |
| Developers follow secure coding guidelines,Low Risk | |
| Remote access is allowed without MFA,High Risk | |
| Security patches are applied after testing,Low Risk | |
| Unauthorized software is installed on workstations,Medium Risk | |
| Privileged access is time-bound and monitored,Low Risk | |
| A cloud storage bucket is publicly accessible,High Risk | |
| Employees share credentials to meet deadlines,High Risk | |
| Regular penetration testing is conducted,Low Risk | |
| Alerts are generated but not reviewed daily,Medium Risk | |
| An email gateway blocks known malicious domains,Low Risk |