Infer CIA ratings of tech assets

Threagile / threagile

Agile Threat Modeling Toolkit

https://threagile.io

MIT License

577 stars 126 forks source link

Infer CIA ratings of tech assets #19

Closed aceg1k closed 5 months ago

aceg1k commented 2 years ago

Hi,

just another pull request from my side.

Rationale

Confidentiality, Integrity and Availability (CIA) of a tech asset may be inferred from the data that tech asset processes.

Proposal

Infer CIA based on the data assets processed. If CIA can not be inferred, i.e. if no data asset is processed (probably this rarely happens in practice), fall back to the lowest possible level. If a value for CIA is set, it takes precedence.

ezavgorodniy commented 5 months ago

@joreiche this PR https://github.com/joreiche/threagile/pull/5 is for merging this PR into your fork which later may be used in https://github.com/Threagile/threagile/pull/57

joreiche commented 5 months ago

this pr has been resolved with #57