Versions Compared

Old Version 16

changes.mady.by.user Vincent Mutambuki

Saved on

compared with

New Version Current

changes.mady.by.user Calvin Senteza (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The first step in the process was to create 16 Custom Fields in Jira corresponding to the 16 Risk Factors used in OWASP methodology. Risk Factors are divided into subgroups, including:

  • Factors for Estimating Likelihood:

    • 4 Threat Agent Factors

    • 4 Vulnerability Factors

  • Factors for Estimating Impact:

    • 4 Technical Impact Factors

    • 4 Business Impact Factors

For our client's "Risk" Issue Type in Jira, we configured 4 tabs on the Create Issue Screen to correspond to each of the four subgroups (Threat Agent, Vulnerability, Threat Impact, and Business Impact). On each of these tabs, the related factors were listed with dropdown menus ranging from 0 to 9 for assigning the relative risk rating of each factor.Image Removed

...

A fifth tab was created to display the average Risk Ratings (0 to 9) and the corresponding Impact Levels (Low, Medium, High) for these subgroups. Image Removed

...

Image Removed

Working in Abacus

In order to calculate average Risk Ratings for the subgroups and assign the corresponding Impact Levels, we used Abacus, an app specifically designed for creating calculations in Jira. 

Using Abacus, we applied the "Average" function to create formulas for the following subgroups:

  • Overall Likelihood formula averages the 4 Threat Agent Factors and the 4 Vulnerability Factors

  • Overall Technical Impact formula averages the 4 Technical Impact Factors

  • Overall Business Impact formula averages the 4 Business Impact Factors

...

Next, an Execution Plan named "Severity" was created to determine when and how the formulas would run. The Issue Events "Issue Created" and "Issue Updated" were selected to trigger the formulas. Now, whenever an issue is created or updated, the formulas will run automatically. Image Removed

...

Finally, Execution Groups were used to Edit Issue Fields with the Impact Levels for each of the average Risk Ratings. Three Group tabs were created for the following factor subgroups: Overall Likelihood (displayed below), Overall Technical Impact, and Overall Business Impact. Using IF and ELSE IF statements using JQL, we were able to edit the fields with the corresponding Impact Level. Image Removed

...

Conclusion

Using Abacus and Jira together helped our client monitor the Likelihood, Technical Impact, and Business Impact of issues facing their company.

...