Risk analysis on our infrastructure
Audit the risks the project is facing and prioritize mitigations.
Loosely based on OCTAVE/Allegro, this would involve:
-
#18057 (closed) establishing risk measurement criteria -
#18056 (closed) identifying assets and their criteria (confidentiality/availability/integrity) -
establishing threat trees -
calculate risks as the product of probability and impact of threat scenario’s -
identify possible mitigations -
create gitlab issues for mitigations -
document risk severity for each mitigation -
write a report/summary
Related issues
- Blocks tails#9802
- Blocks #16956 (closed)
Note: For S11, this fits in:
-
B.2 - Keep our infrastructure up-to-date and secure
: Conducting a Risk analysis is essential for developing and implementing security policies to keep the infra secure.
Edited by groente