This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Business Impact template"
From OWASP
Leocavallari (talk | contribs) (New page: __NOTOC__ ==Description== This is the structure of a Business Impact Article. ==Related Technical Impacts== ==References== <nowiki>Category:XYZ</nowiki> <nowiki>[[Category:XPT...) |
|||
| Line 1: | Line 1: | ||
| − | + | Every '''[[Business Impact]]''' should follow this template. | |
==Description== | ==Description== | ||
| − | This | + | A business impact is the damage that results from a successful security breach. This should be the highest level impact to the business, not a glorified technical impact. |
| + | # Start with a one-sentence description of the business impact | ||
| + | # Describe the damage done to the business - money, loss of life, reputation, loss of customers, compliance, legal exposure | ||
| + | # Is the damage immediate or spread over a time period? | ||
| + | |||
| + | |||
| + | ==Risk Factors== | ||
| + | |||
| + | * Talk about the [[OWASP Risk Rating Methodology|factors]] that govern this business impact | ||
| + | * Try to be clear about the factors that make this impact serious | ||
| − | ==Related Technical Impacts== | + | ==Examples== |
| + | |||
| + | ; Short example name | ||
| + | : One paragraph example description with [http://www.site.com links] | ||
| + | |||
| + | ; Short example name | ||
| + | : One paragraph example description with [http://www.site.com links] | ||
| + | |||
| + | |||
| + | ==Related [[Technical Impacts]]== | ||
| + | |||
| + | * [[Technical Impact 1]] | ||
| + | * [[Technical Impact 2]] | ||
==References== | ==References== | ||
| + | * http://www.link1.com | ||
| + | * [http://www.link2.com Title for the link] | ||
| − | |||
| − | <nowiki>[[Category: | + | When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category |
| + | <nowiki>[[Category:OWASP Honeycomb Project]]</nowiki> | ||
| + | <nowiki>[[Category:OWASP ASDR Project]]</nowiki> | ||
| + | |||
| + | __NOTOC__ | ||
Revision as of 04:51, 13 February 2008
Every Business Impact should follow this template.
Description
A business impact is the damage that results from a successful security breach. This should be the highest level impact to the business, not a glorified technical impact.
- Start with a one-sentence description of the business impact
- Describe the damage done to the business - money, loss of life, reputation, loss of customers, compliance, legal exposure
- Is the damage immediate or spread over a time period?
Risk Factors
- Talk about the factors that govern this business impact
- Try to be clear about the factors that make this impact serious
Examples
- Short example name
- One paragraph example description with links
- Short example name
- One paragraph example description with links
Related Technical Impacts
References
When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category
[[Category:OWASP Honeycomb Project]]
[[Category:OWASP ASDR Project]]
