Created
July 4, 2017 20:31
-
-
Save data-enhanced/de60b2383f32a2732287b2c5cf16c6bc to your computer and use it in GitHub Desktop.
Cyber Security Risk Taxonomy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"name": "Threat Taxonomy", | |
"children": [ | |
{ | |
"name": "Actions of People", | |
"children": [ | |
{ | |
"name": "Inadvertent", | |
"children": [ | |
{"name": "Mistakes", "size": 1}, | |
{"name": "Errors", "size": 1}, | |
{"name": "Omissions", "size": 1} | |
] | |
}, | |
{ | |
"name": "Deliberate", | |
"children": [ | |
{"name": "Fraud", "size": 1}, | |
{"name": "Sabotage", "size": 1}, | |
{"name": "Theft", "size": 1}, | |
{"name": "Vandalism", "size": 1} | |
] | |
}, | |
{ | |
"name": "Inaction", | |
"children": [ | |
{"name": "Skills", "size": 1}, | |
{"name": "Knowledge", "size": 1}, | |
{"name": "Guidance", "size": 1}, | |
{"name": "Availability", "size": 1} | |
] | |
} | |
] | |
}, | |
{ | |
"name": "Systems and Technology Failures", | |
"children": [ | |
{ | |
"name": "Hardware", | |
"children": [ | |
{"name": "Capacity", "size": 1}, | |
{"name": "Performance", "size": 1}, | |
{"name": "Maintenance", "size": 1}, | |
{"name": "Obsolescence", "size": 1} | |
] | |
}, | |
{ | |
"name": "Software", | |
"children": [ | |
{"name": "Compatibility", "size": 1}, | |
{"name": "Configuration Management", "size": 1}, | |
{"name": "Change Control", "size": 1}, | |
{"name": "Security Settings", "size": 1}, | |
{"name": "Coding Practices", "size": 1}, | |
{"name": "Testing", "size": 1} | |
] | |
}, | |
{ | |
"name": "Systems", | |
"children": [ | |
{"name": "Design", "size": 1}, | |
{"name": "Specifications", "size": 1}, | |
{"name": "Integration", "size": 1}, | |
{"name": "Complexity", "size": 1} | |
] | |
} | |
] | |
}, | |
{ | |
"name": "Failed Internal Processes", | |
"children": [ | |
{ | |
"name": "Process design or execution", | |
"children": [ | |
{"name": "Process flow", "size": 1}, | |
{"name": "Process documentation", "size": 1}, | |
{"name": "Roles and responsibilities", "size": 1}, | |
{"name": "Notifications and alerts", "size": 1}, | |
{"name": "Information flow", "size": 1}, | |
{"name": "Escalation of issues", "size": 1}, | |
{"name": "Service level agreements", "size": 1}, | |
{"name": "Tasl hand-off", "size": 1} | |
] | |
}, | |
{ | |
"name": "Process controls", | |
"children": [ | |
{"name": "Status monitoring", "size": 1}, | |
{"name": "Metrics", "size": 1}, | |
{"name": "Periodic Review", "size": 1}, | |
{"name": "Process Ownership", "size": 1} | |
] | |
}, | |
{ | |
"name": "Supporting processes", | |
"children": [ | |
{"name": "Staffing", "size": 1}, | |
{"name": "Funding", "size": 1}, | |
{"name": "Training and development", "size": 1}, | |
{"name": "Procurement", "size": 1} | |
] | |
} | |
] | |
}, | |
{ | |
"name": "External Events", | |
"children": [ | |
{ | |
"name": "Disasters", | |
"children": [ | |
{"name": "Weather event", "size": 1}, | |
{"name": "Fire", "size": 1}, | |
{"name": "Flood", "size": 1}, | |
{"name": "Earthquake", "size": 1}, | |
{"name": "Unrest", "size": 1}, | |
{"name": "Pandemic", "size": 1} | |
] | |
}, | |
{ | |
"name": "Legal issues", | |
"children": [ | |
{"name": "Regulatory compliance", "size": 1}, | |
{"name": "Legislation", "size": 1}, | |
{"name": "Litigation", "size": 1} | |
] | |
}, | |
{ | |
"name": "Business issues", | |
"children": [ | |
{"name": "Supplier failure", "size": 1}, | |
{"name": "Market conditions", "size": 1}, | |
{"name": "Economic conditions", "size": 1} | |
] | |
}, | |
{ | |
"name": "Service Dependencies", | |
"children": [ | |
{"name": "Utilities", "size": 1}, | |
{"name": "Emergency services", "size": 1}, | |
{"name": "Fuel", "size": 1}, | |
{"name": "Transportation", "size": 1} | |
] | |
} | |
] | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment