File tree Expand file tree Collapse file tree
src/assets/YAML/default/InformationGathering Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -104,6 +104,39 @@ Information Gathering:
104104 - patching
105105 - metrics
106106 - vmm-measurements
107+ SLA per criticality : # is this the definition of SLAs or the measurement?
108+ uuid : 123e4567-e89b-12d3-a456-426614174000
109+ risk : |-
110+ Not communicating how many applications are adhering to SLAs based on the criticality of vulnerabilities can lead to delayed remediation of
111+ critical security issues, increasing the risk of exploitation and potential damage to the organization.
112+ measure : |-
113+ Measurement and communication of how many of the vulnerabilities handling per severity for components like applications are aligned to SLAs.
114+ This is performed for the hole organization and doesn't need to be broken down (yet) on team/product/application.
115+ At least quarterly.
116+ difficultyOfImplementation :
117+ knowledge : 2
118+ time : 2
119+ resources : 2
120+ usefulness : 3
121+ level : 3
122+ dependsOn : []
123+ implementation :
124+ - $ref : src/assets/YAML/default/implementations.yaml#/implementations/owasp-defectdojo
125+ - $ref : src/assets/YAML/default/implementations.yaml#/implementations/purify
126+ - $ref : src/assets/YAML/default/implementations.yaml#/implementations/business-friendly-vulnerability-metrics
127+ - $ref : src/assets/YAML/default/implementations.yaml#/implementations/defectdojo-client
128+ references :
129+ samm2 :
130+ - I-DM-3-B
131+ iso27001-2022 :
132+ - 5.25
133+ - 5.12
134+ - 5.13
135+ - 5.10
136+ tags :
137+ - vulnerability-mgmt
138+ - metrics
139+ - vmm-measurements
107140 Patching mean time to resolution via production :
108141 uuid : 77ffc53e-9f3d-41f4-92d3-02f04f9b6b0f
109142 risk : |-
You can’t perform that action at this time.
0 commit comments