search

iriusrisk / OpenThreatModel

The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.
169 stars 13 forks source link

[Suggestion] rename/redefine AssetRisk object #8

Closed fixbits closed 2 years ago

fixbits commented 2 years ago

Dear Team,

Based on the description of the object the semantics behind AssetRisk is not clear:

"This object describes the different ways in which a compromise of this asset can be harmful. ...

risk:
  confidentiality: 100
  integrity: 100
  availability: 100
  riskComments: We have decided that the values are a 100 for all values since this highly sensitive information"

Specifically:

Could you maybe add an example what could be a practical implication of an AssetRisk.confidentiality being 0 or 50 instead of 100?

Jayarr03 commented 2 years ago

AssetRisk influences impact with regard to a threat.

Those values are passed through OTM into the IR rules engine which performs the calculation for inherent risk.

More information - (https://support.iriusrisk.com/hc/en-us/articles/4412644787345-How-is-inherent-risk-calculated-)

fixbits commented 2 years ago

Thanks!

would you mind adding this one liner description to the OTM? It would clarify a lot.

Jayarr03 commented 2 years ago

Let me reach out to that team and see if they can get that added.

From: fixbits @.> Sent: Friday, September 16, 2022 8:48:25 AM To: iriusrisk/OpenThreatModel @.> Cc: Jayarr03 @.>; Comment @.> Subject: Re: [iriusrisk/OpenThreatModel] [Suggestion] rename/redefine AssetRisk object (Issue #8)

Closed #8https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Firiusrisk%2FOpenThreatModel%2Fissues%2F8&data=05%7C01%7C%7C367fb66549da4969590d08da97f282cf%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637989365073711114%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PvB03VYKGICvGtKzkd4mXu1Wg%2F1x7xYAKMS%2BWe0RVCg%3D&reserved=0 as completed.

— Reply to this email directly, view it on GitHubhttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Firiusrisk%2FOpenThreatModel%2Fissues%2F8%23event-7403864117&data=05%7C01%7C%7C367fb66549da4969590d08da97f282cf%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637989365073711114%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TKcyX7%2FO4O2sjh81zLsOiNlEK%2Fcqys7D54KRNeqh4fU%3D&reserved=0, or unsubscribehttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAZLPAHAYZ5UN62FJT4V5SN3V6SCDTANCNFSM6AAAAAAQKREQLA&data=05%7C01%7C%7C367fb66549da4969590d08da97f282cf%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637989365073711114%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hv3zdJ9J3%2BwuzmvhTPWK9Q6biTaujyjsf7ITh2kNITk%3D&reserved=0. You are receiving this because you commented.Message ID: @.***>