Closed
Bug 1236614
Opened 8 years ago
Closed 8 years ago
Request to add components to Enterprise Information Security Project
Categories
(bugzilla.mozilla.org :: Administration, task)
Tracking
()
RESOLVED
FIXED
People
(Reporter: claudijd, Assigned: dkl)
Details
I would like to request the adding of the following components to the Enterprise Information Security project... - Rapid Risk Analysis (RRA) - Vulnerability Assessment (VA) - Threat Modeling (TM) - Penetration Test (PT) Please let me know if you have any questions.
Assignee | ||
Comment 1•8 years ago
|
||
(In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #0) > I would like to request the adding of the following components to the > Enterprise Information Security project... > > - Rapid Risk Analysis (RRA) > - Vulnerability Assessment (VA) > - Threat Modeling (TM) > - Penetration Test (PT) > > Please let me know if you have any questions. We will need at a minimum a short description for each component: https://wiki.mozilla.org/BMO/Requesting_Changes#Components dkl
Flags: needinfo?(jclaudius)
Reporter | ||
Comment 2•8 years ago
|
||
Rapid Risk Analysis (RRA) - The Rapid Risk (Impact) Assessment (also called Rapid Risk Analysis) is a 30 minutes or less discussion about the potential risks of a project. The RRA is high level and lightweight. Vulnerability Assessment (VA) - A semi-automated point-in-time vulnerability assessment conducted by a vulnerability scanner and other “point and shoot” tools for an explicit set of target(s). May include a validation component, depending on scope. Threat Modeling (TM) - A review of the set of attack scenarios to consider against an application. They are more specific, thorough and often more time consuming than Rapid Risk Assessments (RRA). When a threat model or analysis is requested on a large service (ie, larger than a quick reply in a bug), an RRA is required to ensure that the security recommendations cover the areas of concerns of the service. Penetration Test (PT) - An adversarial exercise with the goal of demonstrating risks that could be exploited by a threat actor. Testing scope is heavily influenced by RRA and TM results, which should be completed prior to Penetration Testing.
Flags: needinfo?(jclaudius)
Assignee | ||
Comment 3•8 years ago
|
||
Done. I removed the acronyms from the component name as they seemed redundant and cluttered up the UI some. If this is a problem I can add them back. dkl
Assignee: nobody → dkl
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•