Risk analysis on our infrastructure

Audit the risks the project is facing and prioritize mitigations.
Loosely based on OCTAVE/Allegro, this would involve:

#18057 (closed) establishing risk measurement criteria
#18056 (closed) identifying assets and their criteria (confidentiality/availability/integrity)
establishing threat trees
calculate risks as the product of probability and impact of threat scenario’s
identify possible mitigations
create gitlab issues for mitigations
document risk severity for each mitigation
write a report/summary

Note: For S11, this fits in:

B.2 - Keep our infrastructure up-to-date and secure: Conducting a Risk analysis is essential for developing and implementing security policies to keep the infra secure.

Edited Aug 14, 2024 by groente

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information