Wikimedia Security Team/WMF Engineering risk assessment

Security objectives

 * Almost all teams placed placed the site's availability as a critical need that they depended on. This is unsurprising, given the mission and strategy of the foundation.
 * The second most common objective, identified by nearly all teams, was privacy. Privacy of our Editors, Readers and Donors is highly valued across engineering teams. The Wikimedia movement strongly respects the privacy of individuals, evidenced by our checkuser policies, privacy-policy process, and technical decisions by the foundation. Violation of our reader's privacy could have a chilling effect on what our users consumer, and editors may risk personal harm if their privacy is violated. Privacy has been a recurring theme during the recent strategy discussions.
 * The third most common objective was protecting the reputation of the site and our brand. A loss of trust in our commitment to privacy or security is seen as something that could bring significant, negative impact to many of the engineering teams.

Critical threats
There are few threats that could have devastating impact on the WMF. These should continue to be mitigated with multiple overlapping controls, and warrant significant investment in prevention.
 * MediaWiki data: the inability to access the data we have collected as a movement would prevent us from fulfilling our mission. The disclosure of private data (checkuser data, passwords, contents of private wikis) to unauthorized users would violate the privacy of editors and governing bodies.
 * Web request logs and derived data: disclosure to unauthorized users would violate the privacy of both editors and readers.
 * Donor and Payment data: disclosure to unauthorized users would violate the privacy of our donors and would likely reflect negatively on the reputation of the site. This could prevent the organization from raising sufficient funding in the future.

Adjustments to priorities
In mid-term planning, these projects need to be prioritized:
 * Architectural adjustments to MediaWiki to partition private data and private wikis needs to be completed (T101915, Service split along public vs private line)
 * Improve segmentation and audit of request log data
 * Improvements to fundraising data security (ongoing for PCI)