Risk analysis on our infrastructure
Analyse the risks the project is facing and prioritise mitigations.
Loosely based on OCTAVE/Allegro, this would involve:
- identifying assets and their criteria (confidentiality/availability/integrity)
- establishing threat trees
- calculate risks as the product of probability and impact of threat scenario’s
- identify possible mitigations and their cost
- prioritise mitigations as a function of risk-reduction and cost
Related issues
Original created by @groente on 15097 (Redmine)