Closed Bug 1236614 Opened 10 years ago Closed 10 years ago

Request to add components to Enterprise Information Security Project

Categories

(bugzilla.mozilla.org :: Administration, task)

Product:
bugzilla.mozilla.org
Component:
Administration
Version:
Production
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: claudijd, Assigned: dkl)

Details

I would like to request the adding of the following components to the Enterprise Information Security project... - Rapid Risk Analysis (RRA) - Vulnerability Assessment (VA) - Threat Modeling (TM) - Penetration Test (PT) Please let me know if you have any questions.
(In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #0) > I would like to request the adding of the following components to the > Enterprise Information Security project... > > - Rapid Risk Analysis (RRA) > - Vulnerability Assessment (VA) > - Threat Modeling (TM) > - Penetration Test (PT) > > Please let me know if you have any questions. We will need at a minimum a short description for each component: https://wiki.mozilla.org/BMO/Requesting_Changes#Components dkl
Flags: needinfo?(jclaudius)
Rapid Risk Analysis (RRA) - The Rapid Risk (Impact) Assessment (also called Rapid Risk Analysis) is a 30 minutes or less discussion about the potential risks of a project. The RRA is high level and lightweight. Vulnerability Assessment (VA) - A semi-automated point-in-time vulnerability assessment conducted by a vulnerability scanner and other “point and shoot” tools for an explicit set of target(s). May include a validation component, depending on scope. Threat Modeling (TM) - A review of the set of attack scenarios to consider against an application. They are more specific, thorough and often more time consuming than Rapid Risk Assessments (RRA). When a threat model or analysis is requested on a large service (ie, larger than a quick reply in a bug), an RRA is required to ensure that the security recommendations cover the areas of concerns of the service. Penetration Test (PT) - An adversarial exercise with the goal of demonstrating risks that could be exploited by a threat actor. Testing scope is heavily influenced by RRA and TM results, which should be completed prior to Penetration Testing.
Flags: needinfo?(jclaudius)
Done. I removed the acronyms from the component name as they seemed redundant and cluttered up the UI some. If this is a problem I can add them back. dkl
Assignee: nobody → dkl
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.