|
|
| (26 intermediate revisions by 6 users not shown) |
| Line 1: |
Line 1: |
| {| border="1" class="fullwidth-table sortable"
| |
| | align="center" style="background:#f0f0f0;"|'''Likelihood'''
| |
| | align="center" style="background:#f0f0f0;"|'''Probability'''
| |
| | align="center" style="background:#f0f0f0;"|'''Technical'''
| |
| |-
| |
| |1||Shouldn't happen||Advanced Attack with requirement of multiple vulnerabilities to exploit
| |
| |-
| |
| |2||Once every few years||Advanced Attack
| |
| |-
| |
| |3||Once a year||Moderate difficulty attack vector
| |
| |-
| |
| |4||Multiple times a year||Common attack vector, requires manual exploit creation
| |
| |-
| |
| |5||Ongoing issue||Common attack vector, easy to mount with available tools
| |
| |}
| |
|
| |
|
|
| |
| ==Impact==
| |
| The impact of a finding is the potential outcome if the threat is realized. This is used to determine how individual threats
| |
|
| |
| {| border="1" class="fullwidth-table sortable"
| |
| | align="center" style="background:#f0f0f0;"|'''Impact'''
| |
| | align="center" style="background:#f0f0f0;"|'''Operational'''
| |
| | align="center" style="background:#f0f0f0;"|'''User'''
| |
| | align="center" style="background:#f0f0f0;"|'''Privacy'''
| |
| | align="center" style="background:#f0f0f0;"|'''Financial'''
| |
| | align="center" style="background:#f0f0f0;"|'''Legal'''
| |
| | align="center" style="background:#f0f0f0;"|'''Engineering'''
| |
| | align="center" style="background:#f0f0f0;"|'''Reputation'''
| |
| |-
| |
| |1||Ops Team Notified||Browser crashes||Unresolved privacy issues inline with Privacy Policy||Low cost to remediate||||Minor Code Changes Required||Negative comments from stakeholders
| |
| |-
| |
| |2||Minor Outage, in line with SLAs||User behaviour can be trended||Minor concerns over Privacy issues||Director approval to pay cost to remediate||||||Negative comments from community members
| |
| |-
| |
| |3||Moderate Outage, complaints from users||Specific information about specific users can be obtained||Moderate concerns over Privacy issues||Requires budget changes to remediate||||||Negative comments from user base
| |
| |-
| |
| |4||Significant Outage (intl store)||The ability to execute scripts and code that is sandboxed on the users device||Violation of Privacy Policy||Requires Board review to pay for remediation||||||Negative press in industry media
| |
| |-
| |
| |5||Service will be mothballed.||Complete control over the users device||Violation of Privacy Policy with Production Data||Extreme cost for remediation (e.g. MoCo/Mofo can't afford to)||||Complete redesign and rewrite||Negative press in mainstream media
| |
| |}
| |