Skip to content

Instantly share code, notes, and snippets.

@data-enhanced

data-enhanced/risk_taxonomy.json

Created July 4, 2017 20:31
Show Gist options
  • Save data-enhanced/de60b2383f32a2732287b2c5cf16c6bc to your computer and use it in GitHub Desktop.
Save data-enhanced/de60b2383f32a2732287b2c5cf16c6bc to your computer and use it in GitHub Desktop.
Download ZIP
Cyber Security Risk Taxonomy
Raw
risk_taxonomy.json
{
"name": "Threat Taxonomy",
"children": [
{
"name": "Actions of People",
"children": [
{
"name": "Inadvertent",
"children": [
{"name": "Mistakes", "size": 1},
{"name": "Errors", "size": 1},
{"name": "Omissions", "size": 1}
]
},
{
"name": "Deliberate",
"children": [
{"name": "Fraud", "size": 1},
{"name": "Sabotage", "size": 1},
{"name": "Theft", "size": 1},
{"name": "Vandalism", "size": 1}
]
},
{
"name": "Inaction",
"children": [
{"name": "Skills", "size": 1},
{"name": "Knowledge", "size": 1},
{"name": "Guidance", "size": 1},
{"name": "Availability", "size": 1}
]
}
]
},
{
"name": "Systems and Technology Failures",
"children": [
{
"name": "Hardware",
"children": [
{"name": "Capacity", "size": 1},
{"name": "Performance", "size": 1},
{"name": "Maintenance", "size": 1},
{"name": "Obsolescence", "size": 1}
]
},
{
"name": "Software",
"children": [
{"name": "Compatibility", "size": 1},
{"name": "Configuration Management", "size": 1},
{"name": "Change Control", "size": 1},
{"name": "Security Settings", "size": 1},
{"name": "Coding Practices", "size": 1},
{"name": "Testing", "size": 1}
]
},
{
"name": "Systems",
"children": [
{"name": "Design", "size": 1},
{"name": "Specifications", "size": 1},
{"name": "Integration", "size": 1},
{"name": "Complexity", "size": 1}
]
}
]
},
{
"name": "Failed Internal Processes",
"children": [
{
"name": "Process design or execution",
"children": [
{"name": "Process flow", "size": 1},
{"name": "Process documentation", "size": 1},
{"name": "Roles and responsibilities", "size": 1},
{"name": "Notifications and alerts", "size": 1},
{"name": "Information flow", "size": 1},
{"name": "Escalation of issues", "size": 1},
{"name": "Service level agreements", "size": 1},
{"name": "Tasl hand-off", "size": 1}
]
},
{
"name": "Process controls",
"children": [
{"name": "Status monitoring", "size": 1},
{"name": "Metrics", "size": 1},
{"name": "Periodic Review", "size": 1},
{"name": "Process Ownership", "size": 1}
]
},
{
"name": "Supporting processes",
"children": [
{"name": "Staffing", "size": 1},
{"name": "Funding", "size": 1},
{"name": "Training and development", "size": 1},
{"name": "Procurement", "size": 1}
]
}
]
},
{
"name": "External Events",
"children": [
{
"name": "Disasters",
"children": [
{"name": "Weather event", "size": 1},
{"name": "Fire", "size": 1},
{"name": "Flood", "size": 1},
{"name": "Earthquake", "size": 1},
{"name": "Unrest", "size": 1},
{"name": "Pandemic", "size": 1}
]
},
{
"name": "Legal issues",
"children": [
{"name": "Regulatory compliance", "size": 1},
{"name": "Legislation", "size": 1},
{"name": "Litigation", "size": 1}
]
},
{
"name": "Business issues",
"children": [
{"name": "Supplier failure", "size": 1},
{"name": "Market conditions", "size": 1},
{"name": "Economic conditions", "size": 1}
]
},
{
"name": "Service Dependencies",
"children": [
{"name": "Utilities", "size": 1},
{"name": "Emergency services", "size": 1},
{"name": "Fuel", "size": 1},
{"name": "Transportation", "size": 1}
]
}
]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment