Risk analysis on our infrastructure
Analyse the risks the project is facing and prioritise mitigations.
Loosely based on OCTAVE/Allegro, this would involve:
- identifying assets and their criteria (confidentiality/availability/integrity)
- establishing threat trees
- calculate risks as the product of probability and impact of threat scenario's
- identify possible mitigations and their cost
- prioritise mitigations as a function of risk-reduction and cost
Note that this is a public issue!
Discussing this issue can easily entail sensitive information, please ensure you use the appropriate communication channels.
- Status changed from New to Confirmed
- Blocks Feature #13284: Core work: Sysadmin (Adapt our infrastructure) added
- Subject changed from Risk analysis to Risk analysis on our infrastructure
- Description updated (diff)
- Blocked by Feature #15096: Create high level documentation for our infrastructure added
- Target version changed from Tails_3.11 to Tails_3.12
- Target version changed from Tails_3.12 to Tails_3.13
- Blocks Feature #9802: Design a process to deal with signing key compromise added
- Target version changed from Tails_3.13 to Tails_3.14
- Target version changed from Tails_3.14 to Tails_3.15
Also available in: Atom