Difference between revisions of "Business Impact template"

From OWASP
Jump to: navigation, search
Line 17: Line 17:
 
==Examples==
 
==Examples==
  
; Short example name
+
===Short example name===
: One paragraph example description with [http://www.site.com links]
+
: A short example description, small picture, or sample code with [http://www.site.com links]
  
; Short example name
+
===Short example name===
: One paragraph example description with [http://www.site.com links]
+
: A short example description, small picture, or sample code with [http://www.site.com links]
  
  
Line 36: Line 36:
  
  
When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category
+
When the article is reviewed, the "Honeycomb" category SHOULD be removed and replaced with the "ASDR" category
 
<nowiki>[[Category:OWASP Honeycomb Project]]</nowiki>
 
<nowiki>[[Category:OWASP Honeycomb Project]]</nowiki>
 
<nowiki>[[Category:OWASP ASDR Project]]</nowiki>
 
<nowiki>[[Category:OWASP ASDR Project]]</nowiki>
  
 
__NOTOC__
 
__NOTOC__

Revision as of 19:18, 18 February 2008

Every Business Impact should follow this template.

Description

A business impact is the damage that results from a successful security breach. This should be the highest level impact to the business, not a glorified technical impact.

  1. Start with a one-sentence description of the business impact
  2. Describe the damage done to the business - money, loss of life, reputation, loss of customers, compliance, legal exposure
  3. Is the damage immediate or spread over a time period?


Risk Factors

  • Talk about the factors that govern this business impact
  • Try to be clear about the factors that make this impact serious


Examples

Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links


Related Technical Impacts


References


When the article is reviewed, the "Honeycomb" category SHOULD be removed and replaced with the "ASDR" category [[Category:OWASP Honeycomb Project]] [[Category:OWASP ASDR Project]]