This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Technical Impact template"
From OWASP
Leocavallari (talk | contribs) (New page: ==Description== This is the structure of a Technical Impact Article. ==Related Vulnerabilities== ==Related Countermeasures== ==Related Business Impacts== ==References== <nowiki>...) |
Leocavallari (talk | contribs) |
||
| (6 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| + | Every '''[[Technical Impact]]''' should follow this template. | ||
| + | |||
| + | {{Template:Technical Impact}} | ||
| + | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | ||
| + | |||
==Description== | ==Description== | ||
| − | This is the | + | A technical impact is the system damage that results from a successful security breach. This is just the effect on the technology, not the business. |
| + | # Start with a one-sentence description of the technical impact | ||
| + | # Describe the technical damage done to the system | ||
| + | # Note the security interest that is damaged - confidentiality, integrity, availability, accountability | ||
| + | # Is the damage immediate or spread over a time period? | ||
| + | |||
| + | ==Risk Factors== | ||
| − | + | * Talk about the [[OWASP Risk Rating Methodology|factors]] that govern this technical impact | |
| + | * Try to be clear about the factors that make this impact serious | ||
| − | == | + | ==Examples== |
| + | ===Short example name=== | ||
| + | : A short example description, small picture, or sample code with [http://www.site.com links] | ||
| − | ==Related Business Impacts== | + | ===Short example name=== |
| + | : A short example description, small picture, or sample code with [http://www.site.com links] | ||
| + | |||
| + | |||
| + | ==Related [[Vulnerabilities]]== | ||
| + | |||
| + | * [[Vulnerability 1]] | ||
| + | * [[Vulnerabiltiy 2]] | ||
| + | |||
| + | |||
| + | ==Related [[Controls]]== | ||
| + | |||
| + | * [[Control 1]] | ||
| + | * [[Control 2]] | ||
| + | |||
| + | |||
| + | ==Related [[Business Impacts]]== | ||
| + | |||
| + | * [[Business Impact 1]] | ||
| + | * [[Business Impact 2]] | ||
==References== | ==References== | ||
| + | * http://www.link1.com | ||
| + | * [http://www.link2.com Title for the link2] | ||
| − | + | __NOTOC__ | |
| − | |||
| − | |||
Latest revision as of 15:03, 2 May 2008
Every Technical Impact should follow this template.
This is a Technical Impact. To view all business impact, please see the Technical Impact page.
Last revision (mm/dd/yy): 05/2/2008
Description
A technical impact is the system damage that results from a successful security breach. This is just the effect on the technology, not the business.
- Start with a one-sentence description of the technical impact
- Describe the technical damage done to the system
- Note the security interest that is damaged - confidentiality, integrity, availability, accountability
- Is the damage immediate or spread over a time period?
Risk Factors
- Talk about the factors that govern this technical impact
- Try to be clear about the factors that make this impact serious
Examples
Short example name
- A short example description, small picture, or sample code with links
Short example name
- A short example description, small picture, or sample code with links
Related Vulnerabilities
Related Controls
Related Business Impacts
References
