Confirmed users
502
edits
Security/Risk management/Rapid Risk Assessment: Difference between revisions
Security/Risk management/Rapid Risk Assessment (view source)
Revision as of 17:53, 8 August 2016
, 8 August 2016Automated sync from https://github.com/mozilla/wikimo_opsec
(Automated sync from https://github.com/mozilla/wikimo_opsec) |
Gdestuynder (talk | contribs) (Automated sync from https://github.com/mozilla/wikimo_opsec) |
||
| Line 133: | Line 133: | ||
* Ensure no previous RRA exist, else re-use the previous RRA. | * Ensure no previous RRA exist, else re-use the previous RRA. | ||
* Create a copy of the [https:// | * Create a copy of the [https://docs.google.com/spreadsheets/d/1jxUEQUSAC-q1rVdZ29fH5ijKfIRNBKfCCgWMsfHNqvQ template] and move it to the correct directory (or your personal Google drive if you're testing the RRA process). | ||
* Invite 1 or 2 members (product owners, lead engineers, etc.) related to the service with enough technical knowledge, ensure they will bring a diagram of data | * Invite 1 or 2 members (product owners, lead engineers, etc.) related to the service with enough technical knowledge, ensure they will bring a diagram of data | ||
flows and have an understanding of the data being stored or processed by the service. You do not want more than 4 or 5 people total as this will slow down the RRA. Most RRAs are run 1 on 1 (2 people total). | flows and have an understanding of the data being stored or processed by the service. You do not want more than 4 or 5 people total as this will slow down the RRA. Most RRAs are run 1 on 1 (2 people total). | ||
| Line 330: | Line 330: | ||
=== Recommendations (5 minutes) === | === Recommendations (5 minutes) === | ||
While the RRA is not meant as a | While the RRA is not meant as a complete review, recommendations do come up and this is a great time to | ||
have a quick 5 minute chat about these. | have a quick 5 minute chat about these. | ||