Request to add components to Enterprise Information Security Project

RESOLVED FIXED

Status

()

RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: claudijd, Assigned: dkl)

Tracking

Production

Firefox Tracking Flags

(Not tracked)

Details

I would like to request the adding of the following components to the Enterprise Information Security project...

- Rapid Risk Analysis (RRA)
- Vulnerability Assessment (VA)
- Threat Modeling (TM)
- Penetration Test (PT)

Please let me know if you have any questions.
(Assignee)

Comment 1

3 years ago
(In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #0)
> I would like to request the adding of the following components to the
> Enterprise Information Security project...
> 
> - Rapid Risk Analysis (RRA)
> - Vulnerability Assessment (VA)
> - Threat Modeling (TM)
> - Penetration Test (PT)
> 
> Please let me know if you have any questions.

We will need at a minimum a short description for each component:

https://wiki.mozilla.org/BMO/Requesting_Changes#Components

dkl
Flags: needinfo?(jclaudius)
Rapid Risk Analysis (RRA) - The Rapid Risk (Impact) Assessment (also called Rapid Risk Analysis) is a 30 minutes or less discussion about the potential risks of a project. The RRA is high level and lightweight. 

Vulnerability Assessment (VA) - A semi-automated point-in-time vulnerability assessment conducted by a vulnerability scanner and other “point and shoot” tools for an explicit set of target(s). May include a validation component, depending on scope.

Threat Modeling (TM) - A review of the set of attack scenarios to consider against an application. They are more specific, thorough and often more time consuming than Rapid Risk Assessments (RRA). When a threat model or analysis is requested on a large service (ie, larger than a quick reply in a bug), an RRA is required to ensure that the security recommendations cover the areas of concerns of the service.

Penetration Test (PT) - An adversarial exercise with the goal of demonstrating risks that could be exploited by a threat actor. Testing scope is heavily influenced by RRA and TM results, which should be completed prior to Penetration Testing.
Flags: needinfo?(jclaudius)
(Assignee)

Comment 3

3 years ago
Done. I removed the acronyms from the component name as they seemed redundant and cluttered up the UI some. If this is a problem I can add them back.

dkl
Assignee: nobody → dkl
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.