Skip to content

Instantly share code, notes, and snippets.

@algonacci

algonacci/risk.md

Last active January 19, 2023 12:54
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save algonacci/f80b9a1a5c30781244ba71206f470027 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save algonacci/f80b9a1a5c30781244ba71206f470027 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
risk.md
Asset Name Asset Type IP Address Operating System Software Version Threat Type Vulnerability Impact Likelihood Mitigation Strategy Last Patch Date Number of Users Number of Admins Number of Connections Location Backup Frequency Backup Type Backup Location Encryption Type Compliance Logging Auditing Incident Response Business Continuity Risk Label
Server 1 Physical 192.168.0.1 Windows Server 2019 10.0.17763.1 Malware Lack of antivirus software High Medium Install and regularly update antivirus software 01/01/2021 50 5 100 USA Daily Cloud S3 bucket AES-256 HIPAA On On Plan A Plan B High
Network 2 Virtual 10.0.0.1 Cisco IOS 15.8 Phishing Weak password policy Medium High Implement strong password policy and multi-factor authentication 01/02/2021 100 2 200 USA Weekly Tape Offsite AES-128 SOC2 On On Plan A Plan B High
Database 3 Cloud 3.3.3.3 MySQL 8.0.22 SQL injection Unpatched software High Low Regularly apply software patches and updates 01/03/2021 500 10 500 USA Monthly Cloud S3 bucket AES-256 PCI-DSS On On Plan A Plan B Medium
Web App 4 Container 172.16.0.2 Apache Tomcat 9.0.34 Cross-site scripting Input validation vulnerability Medium Medium Implement input validation and sanitization 01/04/2021 1000 15 1000 USA Daily Disk Onsite AES-128 ISO 27001 On On Plan A Plan B Medium
Server 5 Physical 192.168.1.1 Windows Server 2016 10.0.14393 Denial of Service Unsecured Network High High Implement firewalls and intrusion detection systems 01/05/2021 50 5 100 USA Daily Cloud S3 bucket AES-256 HIPAA On On Plan A Plan B High
Network 6 Virtual 10.0.1.1 Juniper SRX 15.1X49-D160 Man-in-the-middle Unsecured wireless network High Medium Implement wireless encryption and VPN 01/06/2021 100 2 200 USA Weekly Tape Offsite AES-128 SOC2 On On Plan A Plan B High
Server 10 Physical 192.168.2.1 Ubuntu Server 20.04 5.4.0-42-generic Ransomware Lack of backup High Low Regularly backup data and keep a backup copy offsite 01/10/2021 50 5 100 USA Daily Cloud S3 bucket AES-256 HIPAA On On Plan A Plan B High
@algonacci
Copy link
Author

algonacci commented Jan 19, 2023
edited
Loading

  • Asset Name: This is the name of the critical asset that is being protected.
  • Asset Type: This is the type of the asset (Physical, Virtual, Cloud, Container)
  • IP Address: This is the IP address of the asset.
  • Operating System: This is the operating system that the asset is running on.
  • Software Version: This is the version of the software that the asset is running.
  • Threat Type: This is the type of the potential threat that could compromise the asset, such as malware, phishing, SQL injection, or cross-site scripting.
  • Vulnerability: This is the weakness or vulnerability in the asset that the threat could exploit, such as lack of antivirus software, weak password policy, unpatched software, or input validation vulnerability.
  • Impact: This feature describe the impact of the vulnerability on the asset, it can be High, Medium or Low
  • Likelihood: This feature describe the likelihood of the threat to occur, it can be High, Medium or Low
  • Mitigation Strategy: This is the strategy that is implemented to mitigate or eliminate the risk, such as installing and regularly updating antivirus software, implementing a strong password policy, regularly applying software patches and updates, or implementing input validation and sanitization.
  • Last Patch Date: This feature describe the date of the last patch that was applied to the asset.
  • Number of Users: This feature describe the number of users that have access to the asset.
  • Number of Admins: This feature describe the number of administrators that have access to the asset.
  • Number of Connections: This feature describe the number of connections that the asset has.
  • Location: This feature describe the location of the asset.
  • Backup Frequency: This feature describe how frequently the asset is backed up.
  • Backup Type: This feature describe the type of backup that is used for the asset.
  • Backup Location: This feature describe where the backup is stored.
  • Encryption Type: This feature describe the type of encryption that is used for the asset.
  • Compliance: This feature describe the compliance regulations that the asset has to comply with.
  • Logging: This feature describe if the asset is logging its activity or not.
  • Auditing: This feature describe if the asset is being audited or not.
  • Incident Response: This feature describe the incident response plan that is used in case of an incident.
  • Business Continuity: This feature describe the business continuity plan that is used in case of an incident.
  • Risk Label: This is the label assigned to the risk, indicating its level of severity, such as High, Medium, or Low.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment