Mozilla Rapid Risk Assessment (RRA) method aims at realizing a reproducible and consistent risk assessment for a service in 30 minutes.
It focuses on data, and one important step is to fill a data dictionary, with the classification of each important data.
The next step is to consider threats on confidentiality, integrity and availability for each data, and determine corresponding impact among Low, Medium, High and Maximum.
Likelihood is not directly evaluated, as RRA considers the risk of maximum impact.
RRA is a good way to determine if further analysis is required (if High or Maximum impact is present).
RRA is adapted to simple services. Complex services managed by multiple teams shall be decomposed before applying RRA on each component.