# 📉 Modul 4: DSFA Risk Matrix & Mitigation Plan
This notebook defines a GDPR-compliant risk assessment matrix (DSFA-style) for healthcare AI detection use cases.
The matrix supports audit reporting and shows how risks are mitigated with technical and organizational measures.

In [None]:
import pandas as pd

# DSFA Matrix: Risk, Likelihood, Severity, Mitigation
dsfa = pd.DataFrame([
    {
        'use_case': 'UC-01',
        'risk_description': 'Data transfer to non-EU without consent',
        'likelihood': 3,  # 1–5 scale
        'severity': 4,
        'gdpr_article': 'Art. 44',
        'mitigation': 'GeoIP block + Consent enforcement'
    },
    {
        'use_case': 'UC-03',
        'risk_description': 'Consent flag manipulation prior to export',
        'likelihood': 3,
        'severity': 3,
        'gdpr_article': 'Art. 7',
        'mitigation': 'Audit trail + UI hardening'
    },
    {
        'use_case': 'UC-05',
        'risk_description': 'Admin access outside working hours',
        'likelihood': 4,
        'severity': 3,
        'gdpr_article': 'Art. 32',
        'mitigation': 'SSO + off-hours alerting'
    },
    {
        'use_case': 'UC-04',
        'risk_description': 'AI model drift or manipulation',
        'likelihood': 2,
        'severity': 4,
        'gdpr_article': 'Art. 22',
        'mitigation': 'Drift detection pipeline + human review'
    },
    {
        'use_case': 'UC-02',
        'risk_description': 'Access to unmasked diagnostic data',
        'likelihood': 3,
        'severity': 5,
        'gdpr_article': 'Art. 5, 32',
        'mitigation': 'Pseudonymization + masking enforcement'
    }
])

# Risk Score berechnen
dsfa['risk_score'] = dsfa['likelihood'] * dsfa['severity']
dsfa['risk_level'] = dsfa['risk_score'].apply(lambda x: 'Low' if x <= 6 else ('Medium' if x <= 12 else 'High'))
dsfa = dsfa.sort_values(by='risk_score', ascending=False)
display(dsfa)