Security/Risk management/Rapid Risk Assessment: Difference between revisions

Jump to navigation Jump to search

Security/Risk management/Rapid Risk Assessment (view source)

Revision as of 22:36, 13 December 2016

344 bytes removed ,  13 December 2016
Adding service data classification instruction
(Automated sync from https://github.com/mozilla/wikimo_content)
(Adding service data classification instruction)
Line 340: Line 340:
=== Wrapping up ===
=== Wrapping up ===


* Estimate a security level provided by the service and set it in the RRA header at the top.
* Fill out the "Service Data classification" field with the data classification of the most sensitive data type in the service. Exclude credentials for service access.
** A service that does not seem safe provides LOW security.
** A service that seem to follow best-practices provides MEDIUM security.
** A service that puts an emphasis on security and uses stronger controls provides HIGH security.
** A service that has been well reviewed via threat modeling and penetration testing, uses strong security controls, and has good privilege and data separation provides MAXIMUM security.
* Which recommendations are the team thinking of implementing ''(If no recommendations are implemented, you have very little impact)''
* Which recommendations are the team thinking of implementing ''(If no recommendations are implemented, you have very little impact)''
* Summarize the risk assessment table, the biggest impacts, and ask the team if the summary is what they expected.
* Summarize the risk assessment table, the biggest impacts, and ask the team if the summary is what they expected.
Gene wood
Confirmed users
107

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1156980"

Navigation menu