Operational Risk Intelligence · FortiSec Systems
Reason about what your
security posture fails to prove.
ORI separates what you can declare from what you can actually prove. It surfaces the hidden operational risks your current evidence cannot rule out — and tells you exactly where to focus.
01
Evidence over attestation
Every answer narrows or widens the set of hidden risks ORI cannot rule out.
02
Coherence detection
Claims that contradict your other answers are flagged — not silently accepted.
03
Actionable output
Every finding includes the one action that closes the most hidden risk first.
Organisation profile
Your profile determines which security domains are scored and their applicability weight. Domains not relevant to your infrastructure are excluded — not penalised.
Inference report
Observed
Maturity
Maturity
—
Declared controls
Operational
Confidence
Confidence
—
Evidence-backed
Evidence
Sufficiency
Sufficiency
—
—
Claim-Evidence
Gap Pressure
Gap Pressure
—
Strong claims without proof
Hidden
Exposure
Exposure
—
Residual risk level
Stability
Distance
Distance
—
Declared vs. proven gap
Telemetry uploads
Upload operational exports from your environment.
Privacy model
ORI does not store uploaded files. Files are processed in memory. Identifiers are hashed with a session-specific key and discarded immediately after structural observations are extracted. Only counts, categories, and contradiction states are retained.
Operational records Tier 1 · high confidence
Identity exports
CSV · JSON
Okta, Entra ID, AWS credential report, Google Workspace, GitHub org members, or generic identity CSV. ORI will check MFA coverage, stale accounts, and ownership gaps.
Cloud / IAM roles
CSV · JSON
AWS IAM roles, Azure role assignments, GCP IAM policies. ORI will check stale roles and cross-account trust relationships.
OAuth applications
CSV · JSON
OAuth app inventories from Google, Microsoft, Okta, or generic exports. ORI will check dormant grants and broad permission scopes.
Semi-structured operational exports Tier 2 · medium confidence
Tier 2 files are operational records that may need field inference or text extraction before ORI can treat them as telemetry. They can validate some hidden states, but with lower confidence than structured CSV/JSON inventories.
Logs and semi-structured exports
TXT · LOG · CSV · JSON
SIEM exports, EDR coverage exports, audit logs, access logs, IAM text exports, or semi-structured operational records. ORI will extract structured signals where fields are reliable.
Supporting documents Tier 3 · documentary
Documents can strengthen evidence but ORI only treats a hidden state as observed when the file contains extractable operational records, not just policy language.
Policies and reports
PDF · TXT
MFA policies, access review reports, audit findings, incident playbooks. ORI will extract signals and show what the document can and cannot prove.
Telemetry results are added to your report automatically.