Skip to content

diagonalsystems/hql

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

README.md

README.md

 
 

scenarios.md

scenarios.md

 
 

Repository files navigation

HQL

The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy.

Flows

  • Scoping
  • Asset Enumeration
  • Threat Modeling
  • Risk Discovery
  • Prioritization
  • Mitigation Analysis
  • Retrospective

Inventory & Asset Management

Places

  • Buildings
    • Offices
      • Rooms
        • Areas

Items

  • Doorways & Doors
  • Locks & Keys
  • Windows
  • Safes
  • Outlets

People

  • Organizations
  • Individuals
  • Groups
  • Positions
  • Roles
  • Stakeholders
    • Owners
    • Employees
    • Suppliers
    • Distributors
    • Customers
    • Investors
    • Government

Third-party Services

  • Web Apps
  • APIs

Networks

  • LANs
  • VPCs
  • VPNs

Systems

  • Components
    • Physical
      • Device
        • State
          • In Use
          • Missing
          • In Transit
          • In Stock
        • Type
          • Desktops
          • Laptops
          • Tablets
          • Phones
          • Modems
          • Firewalls
          • Routers
          • Switches
          • Electronic Locks
        • Product
        • Vendor
        • Warranty
        • Acquisition Date
        • Serial Number
        • Cost
    • Virtual
      • Clusters
      • Databases
      • VMs

Workloads

  • Websites
  • Services
  • Functions
  • Containers
  • Daemons
  • Jobs
  • Pipelines

Data

  • Object Stores
  • Repositories
  • Archives
  • Payloads
  • Libraries
  • Documents
  • Records
  • License
  • Contract

Data Flows

  • Processes
  • Flows
    • Source
    • Destination
    • Content
  • Stores
  • Terminator

Component Properties

  • Sensitivity (Sensitive, Confidential, Private, Proprietary, Public)
  • Criticality
  • Business value
  • Ownership
  • Assignment
    • Location
    • Department
    • Used by
    • Managed by group
    • Managed by

Relationships

  • Depends on (Used by)
  • Uses (Used by)
  • Sends data to (Receives data from )
  • Runs (runs on )
  • Connected to (Connected to)
  • Impacts (Impacted by)
  • Submits (Submitted by)
  • Supports (Supported by)
  • Hosted on (Hosts)
  • Enables (Enabled by)
  • Located in (Contains)
  • Exchanges data with (Exchanges data with)
  • Managed by (Manages)
  • Owns (Owned by)
  • Virtualized by (Virtualizes)
  • Backed up by (Backs up)
  • Consists of (Is part of)
  • Attached to (Attached to)

Threat Modeling

  • Scenarios
    • Threat
    • Action
    • Impact

Risk Forecasting

  • Forecast
    • Scenario
    • Timeframe
    • Forecasters
      • Probability
      • Certainty

Mitigation

Factors

  • Response
  • Evidence
  • Containment
  • Prevention
  • Elimination

Governance

  • Policies
    • Status (Considered, Planned, Implemented, Monitored)
    • Statements
      • Principals
      • Actions
      • Resources
      • Conditions
        • Attributes
        • Provenance
  • Procedures
  • Standards
  • Baselines
  • Guidelines

Work

  1. 💰 Business Projects
  • internal security consulting
  1. 🔁 Security Operations (Changes)
  • all ongoing, consistent, repeatable efforts
  1. 🛠 Security Engineering (Internal IT projects)
  • investments in the security organization itself
  1. 🚒 Incidents & Unplanned
  • surprises, last minute tasks, incidents, or failure of imagination and planning

Reference

About

Asset Inventory & Access Management Modelling Language

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published