OWASP Risk Rating Methodology - Revision history

Jameswartell: a user named after the consulting firm in question has linked to a book by the founder of that firm and the firm's website. This seems like a conflict of interest and an attempt to insert revenue generating advertising into the page.

2019-06-27T18:58:35Z

a user named after the consulting firm in question has linked to a book by the founder of that firm and the firm's website. This seems like a conflict of interest and an attempt to insert revenue generating advertising into the page.

Versprite: /* References */

2019-02-21T07:29:41Z

‎References

Versprite: /* References */

2019-02-21T07:25:47Z

‎References

Jameswartell: Fix Threat Agent Factors - do not revert. See discussion page.

2018-08-07T15:16:12Z

Fix Threat Agent Factors - do not revert. See discussion page.

Show changes

Kxp43: Restored "Threat Agent Factor" -> "Skill Level" to show least amount of skill = 9 while most amount of skill is 1 like "Motive" and "Opportunity"

2018-05-28T22:54:54Z

Restored "Threat Agent Factor" -> "Skill Level" to show least amount of skill = 9 while most amount of skill is 1 like "Motive" and "Opportunity"

Owaspsven: Undo revision 217486 by Owaspsven (talk)

2016-05-30T14:22:58Z

Undo revision 217486 by Owaspsven (talk)

Owaspsven: Undo revision 200046 by Ladybug (talk) - it isn't the other way around

2016-05-30T14:21:18Z

Undo revision 200046 by Ladybug (talk) - it isn't the other way around

Ladybug: Changed the ratings around for skill level, they were back to front.

2015-09-03T23:26:27Z

Changed the ratings around for skill level, they were back to front.

HynekPetrak at 20:23, 12 June 2015

2015-06-12T20:23:52Z

KateHartmann: /* Threat Agent Factors */

2015-02-17T19:55:31Z

‎Threat Agent Factors

@@ Line 283: / Line 283: @@
 ==References==
-* Risk Centric Threat Modeling using Process for Attack Simulation & Threat Analysis (PASTA) [https://www.wiley.com/en-us/Risk+Centric+Threat+Modeling%3A+Process+for+Attack+Simulation+and+Threat+Analysis-p-9781118988350][https://versprite.com/tag/pasta-threat-modeling/]
+* Managing Information Security Risk: Organization, Mission, and Information System View [http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf]
 * Industry standard vulnerability severity and risk rankings (CVSS) [http://www.first.org/cvss/]
 * Security-enhancing process models (CLASP) [http://www.owasp.org/index.php/Category:OWASP_CLASP_Project]

@@ Line 283: / Line 283: @@
 ==References==
-* Risk Centric Threat Modeling using Process for Attack Simulation & Threat Analysis (PASTA) [[Risk centric threat modeling PASTA|Risk centric threat modeling pasta]]
+* Risk Centric Threat Modeling using Process for Attack Simulation & Threat Analysis (PASTA) [https://www.wiley.com/en-us/Risk+Centric+Threat+Modeling%3A+Process+for+Attack+Simulation+and+Threat+Analysis-p-9781118988350][https://versprite.com/tag/pasta-threat-modeling/]
 * Managing Information Security Risk: Organization, Mission, and Information System View [http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf]
 * Industry standard vulnerability severity and risk rankings (CVSS) [http://www.first.org/cvss/]

@@ Line 283: / Line 283: @@
 ==References==
 * Managing Information Security Risk: Organization, Mission, and Information System View [http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf]
 * Industry standard vulnerability severity and risk rankings (CVSS) [http://www.first.org/cvss/]

@@ Line 45: / Line 45: @@
 ; Skill level
-: How technically skilled is this group of threat agents? Security penetration skills (9), network and programming skills (6), advanced computer user (5), some technical skills (3), no technical skills (1)
+: How technically skilled is this group of threat agents? Security penetration skills (1), network and programming skills (3), advanced computer user (5), some technical skills (6), no technical skills (9)
 ; Motive

@@ Line 45: / Line 45: @@
 ; Skill level
-: How technically skilled is this group of threat agents? Security penetration skills (1), network and programming skills (3), advanced computer user (4), some technical skills (6), no technical skills (9)
+: How technically skilled is this group of threat agents? Security penetration skills (9), network and programming skills (6), advanced computer user (5), some technical skills (3), no technical skills (1)
 ; Motive

← Older revision		Revision as of 20:23, 12 June 2015
Line 293:		Line 293:
	* Model-driven Development and Analysis of Secure Information Systems [http://heim.ifi.uio.no/~ketils/securis/]		* Model-driven Development and Analysis of Secure Information Systems [http://heim.ifi.uio.no/~ketils/securis/]
	* Value Driven Security Threat Modeling Based on Attack Path Analysis [http://origin-www.computer.org/csdl/proceedings/hicss/2007/2755/00/27550280a.pdf]		* Value Driven Security Threat Modeling Based on Attack Path Analysis [http://origin-www.computer.org/csdl/proceedings/hicss/2007/2755/00/27550280a.pdf]
		+	* [[:File:OWASP_Risk_Rating_Template_Example.xlsx\|Risk Rating Template Example in MS Excel]]