Template 8: Threat Risk Assessment

images

Document History

images

Table of Contents

Executive Summary

Assessment Details

Risk Statements

Methodology

Assumptions

Threat Tree Workflows

Threat <#X: Threat Name>

Threat Assessment Matrix

Confidentiality Threats

Integrity Threats

Availability Threats

Continuity Threats

Authentication Threats

Authorization Threats

Non-repudiation Threats

Executive Summary

[Provides a high-level summary of the threat assessment, including why it was performed, key findings, and any conclusions or recommendations to be made. Delete this comment once completed.]

Assessment Details

Risk Statements

[Statements justifying the final and overall risk score of the threat modeling exercise. Delete this comment once completed.]

Image

Methodology

[Explanation of the stages, phases, steps, and processes used throughout the threat modeling exercise. Delete this comment once completed.]

Assumptions

[Identifies circumstances and/or outcomes that have been taken for granted. Delete this comment once completed.]

Threat Tree Workflows

Threat <#X: Threat Name>

Image

Figure T8.1 Threat tree workflow.

Threat Assessment Matrix

[Documents the details of each threat as they relate to the security principle it affects. Delete this comment once completed.]

Confidentiality Threats

Unauthorized viewing or disclosure of information that compromises privacy and/or secrecy.

Image

Integrity Threats

Unauthorized additions, changes or deletions that affect the completeness, accuracy, authenticity, timeliness or currency of data or information.

Image

Availability Threats

Interruptions in service that lead to loss of service for a longer period of time than is acceptable, loss of a portion of expected functionality, degradation of response time to an unacceptable level, missed delivery deadlines for required reports or loss of use of resources (even though related software is functioning).

Image

Continuity Threats

Major interruption of facilities, such that a loss of processing capability is experienced that will last for an unacceptable period of time.

Image

Authentication Threats

Proper identification of users and process requesting access into objects and assets.

Image

Authorization Threats

Explicitly granting permissions to users or processes in order to read, write, or execute target information or processes.

Image

Non-Repudiation Threats

Assurance that a user or process cannot deny the read, write, or execute access into target information or systems.

Image

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.188.96.232