Rahul Nair 0c98f959f3 Fixing some trivial spelling mistakes

I just ran aspell and saw there were few misspelling, this patch
fixes them.

Change-Id: I665ef0f376b38f3c88ef82eadfde8eef7a1eeccb

2016-11-30 20:35:37 +00:00

Threat Analysis Todo

Needed

page saying what TAs have been done, and haven't.
Etherpad template for review tracking
process
Improve documentation around context for OpenStack deployments, namely that they reflect best practice, and the documentation should explain what to do when things can be changed.
Add information on filling in interfaces table from diagram.
Remove U-C, O-C, I-C guidance
Add guidance that explains the importance of paying special attention to interfaces that cross trust boundaries
Reviewer to build sequence diagrams in real time during the review
Document how we assess a third party review to be in line with our key security assertions. I think perhaps we need a mapping table or something.
Should we prioritise assets.
Data assets should be listed in the architecture page before the review.
Figure out how to protect etherpad contents while retaining ability to share and collaboratively edit it.
Add 'review CIA for data assets to process'
change 'review CIA for each interface' to ' 'review CIA for each interface that crosses a security domain or each interface that doesn't use TLS'
Best practice for each type of asset connection
Document what a trust boundary is
Document what an asset is. Config file? elements within a config file?
Document what level of detail we want for external dependencies and give examples.