Confirmed users
180
edits
Security/RiskRatings: Difference between revisions
Jump to navigation
Jump to search
→Calculating Risk Ratings
No edit summary |
|||
| Line 4: | Line 4: | ||
When assessing a threat using the tables below, consider the threat in the context of each of the headings, and score each threat for each column. Select the highest score and record that as the impact or likelihood. | When assessing a threat using the tables below, consider the threat in the context of each of the headings, and score each threat for each column. Select the highest score and record that as the impact or likelihood. | ||
Consider the threat "URL Shorteners get a copy of URLs shared by F1 Users" from the Mozilla F1 security review. | |||
Looking at the Likelihood table we see: | |||
* Probability is 5 since it is already happening (Ongoing Issue) | |||
* Technical is also 5 since URL shorteners are relatively easy to enumerate | |||
Going to the Impact tables we see that: | |||
* Operational impact is zero since it has not effect on the stability of the service | |||
* User impact is 2 since user behaviour can be trended. | |||
* Privacy impact is 4 since sharing information with 3rd parties is a violation of our privacy policies. | |||
* Financial impact is 1 since it is extremely low cost to resolve the issue | |||
* Legal impact is ... | |||
* Engineering impact is 3 since replacing the functionality requires authoring new software. | |||
* Reputation impact is 3 since there may be negative comments from our users who do not wish to use the shortening service | |||
The highest Likelihood score is 5, and the highest impact score is 4 (Privacy). | |||
To calculate the risk score simply multiply the likelihood by the impact, in the case of the issue discussed above, the Risk Rating would be 20. | |||
==Likelihood== | ==Likelihood== | ||