risquè
Meta
Threat Sources
Likelihoods
Impacts
Recommendations
* Title
Using a
NIST SP 800-53 control family or name
can help contextualize the risk you're documenting.
* Finding
The prose description of the finding revealed by your assessment should be clear and concise. Just the facts, pal!
Finding severity
Remember to balance the selection of severity against the overall categorization of the implicated boundary.
Category
Choose the most pertinent threat source.
--
Adversarial
Accidental
Structural
Environmental
Adversarial capability
Adversarial intent
Adversarial targeting
Non-adversarial range of effects
Adversarial event initiation
Non-adversarial event occurence
Likelihood for adverse impact
Notes
It helps to add a prose description of your rationale, but keep it clear and brief!
Category
--
Harm to Operations
Harm to Assets
Harm to Individuals
Harm to Other Organizations
Harm to the Nation
Adverse impact
Notes
It helps to add a prose description of your rationale, but keep it clear and brief!
Recommendations
Try to be clear about
who
needs to do
what
. The whens, wheres, hows, and whys can be useful too.
Markdown
JSON