Take operational aspects in consideration

dashboard_frontend_specs.md

@@ -41,14 +41,26 @@ The first component of the overview tab is composed of 3 layered charts. *Browsi
 |**3**| Display **relative** (%) or **absolute** values
 |**4**| Display as **total (aggregated)** or split on their **risk level (weak/medium/strong)**
 
+> Regardless of information or operational risk type chosen
+
 [[images/12a_2.PNG]]
 
++ Information risks:
+
 | # |Third layer : Risk list associated to the previously selected asset |
 |---|---|
-|**1**| List all risks associated to **one specific asset**
+|**1**| List all **information risks** associated to **one specific asset**
 |**2**| Clicking twice on a specific risk leads to its location **directly in MONARC application**
 |**3**| Sort by **ascending** or **descending** order on fields : Threat value, vulnerability value and impact upon confidentiality, integrity and availability criteria.
 
++ Operational risks:
+
+| # |Third layer |
+|---|---|
+|**1**| List all **operational risks** associated to **one specific asset**
+|**2**| Clicking twice on a specific risk leads to its location **directly in MONARC application**
+|**3**| Sort by **ascending** or **descending** order on the **risk probability** and each **ROLFP criteria** value.
+
 Expected representation of the list :
 
 <a href="images/12a.PNG">[[images/12a.PNG]]</a>
@@ -114,6 +126,8 @@ Representation of an element in the previously described list :
 ### 12d. Cartography
 This last component is designed to show to the user a **graphic distribution of the risks**, through a *bubble chart*. The risks exposed are **either information or operational risks** and the user should *choose which category we wants to be displayed, anytime*.
 
+---  
+
 + Information risks distribution
 
 | Axis | Label | Description |
@@ -122,6 +136,8 @@ This last component is designed to show to the user a **graphic distribution of
 | **Y** | Impact | Discrete values given by the **Impact scale**
 | **Radius** | Number of risks | According to the number of risk associated to the **(Impact, Threat, Vulnerability) triplet**
 
+---  
+
 + Operational risks distribution
 
 | Axis | Label | Description |
@@ -130,6 +146,8 @@ This last component is designed to show to the user a **graphic distribution of
 | **Y** | Impact | Discrete values given by the **Impact scale** on the chosen *impact criteria option*
 | **Radius** | Number of risks | According to the number of risk associated to the **(Impact, Probability) couple**
 
+---  
+
 When choosing to bring out operational risks, the user should be able to set for which criteria it would be done. The following table describe the different options that should be available :
 
 | Option | Description |
@@ -141,7 +159,7 @@ When choosing to bring out operational risks, the user should be able to set for
 | **F** | Highlights operational risks that have a **financial** impact
 | **P** | Displays operational risk distribution with the **personal** impact on the Y axis
 
-
+---
 
 Moreover, these options should be available along with the plot:
 
@@ -186,6 +204,10 @@ One should have the ability to choose a **strategy** in a dropdown list and then
 | **Importance** | Put in order according to the criteria of **importance** of the risk assessor | = Measure's importance criteria | :arrow_down_small:
 | **Likelihood** | Prioritize the measures that are related to the **most likely risks** | = &Sigma; ( Threat probability x Vulnerability qualification ) | :arrow_down_small:
 
+
+
+---   
+
 + **Concerning operational risks**
 
 The available strategies should be :
@@ -198,35 +220,42 @@ The available strategies should be :
 | **Importance** | Put in order according to the criteria of **importance** of the risk assessor | = Measure's importance criteria | :arrow_down_small:
 | **Likelihood** | Prioritize the measures that are related to the **most likely risks** | = &Sigma; Operational risk probability | :arrow_down_small:
 
-Each element of the list represents a measure which will be presented as following (regardless of the operational or information risk type chosen):
+---  
+
+Each element of the list represents a measure which will be presented as following (regardless of the operational or information recommendation's origin):
 
 <a href="images/22a.PNG">[[images/22a.PNG]]</a>
 
 
 ### 22b. Risk factors
-The second part of the decision support tab is about highlight specific aspect of the risk analysis that might have gone unnoticed by the user otherwise.
+The second part of the decision support tab is about **highlight specific aspects** of the risk analysis that might have *gone unnoticed by the user otherwise*.
 
-> Duplicate risks stemming from global assets are showed once, when not specifying an asset in the risk analysis.
+> Duplicate risks stemming from global assets are showed only once when not specifying an asset in the risk analysis.
 
 One must have to choose from a dropdown list one of the following options :
 * Global risks
 * Vulnerabilities
 * Threats
+* Operational assets
 
-Similarly to above, the application will give a score according to the chosen option and then list the results, which will most likely be different depending on the selected option.
+Similarly to above, the application will give a score according to the chosen option and then list the results.
 
-Global risk elements:
+Global risk header:
 
 [[images/22b_risks.PNG]]
 
-Threat elements:
+Threat header:
 
 [[images/22b_threats.PNG]]
 
-Vulnerability elements:
+Vulnerability header:
 
 [[images/22b_vulnerabilities.PNG]]
 
+Operational assets header:
+
+[[images/22b_operational_assets.PNG]]
+
 Here is how the score is calculated for each option:
 
 | Option | Description | Score | Order |
@@ -234,30 +263,37 @@ Here is how the score is calculated for each option:
 | Global risks | Show risks that might be more present than the UI let see | = number of asset which contain that risk | :arrow_down_small: |
 | Threats | Highlight the most spread threats | = number of asset concerned by the threat | :arrow_down_small: |
 | Vulnerabilities | Bring out the real weaknesses of the organization | = number of asset affected by the same vulnerability | :arrow_down_small: |
+| Operational assets | Show each asset's operational risk contribution | = relative distribution of ROLFP impacts | :arrow_down_small: |
 
 ---
 # 3) Perspective
 ## 31) Layout
 <a href="images/Frontend_Perspective_Layout_Components.PNG">[[images/Frontend_Perspective_Layout_Components.PNG]]</a>
 
-This last view of the dashboard is meant to compare two snapshot of the risk analysis: the one currently in use and another one that one must be able to load through an upload field.
+This last view of the dashboard is meant to **compare two snapshots** of the risk analysis: *the one currently in use and another one that one must be able to load through an upload field*.
 
-This perspective view will then be composed of one plot, in which different bar charts will be nested.
+This perspective view will then be composed of **one plot**, in which *different bar charts will be nested*.
 In fact, the user must be given a checkbox from which he could choose what chart is relevant to him and display it.
 
 <a href="images/Perspective.gif">[[images/Perspective.gif]]</a>
 
 ## 32) Components
 ### 32a. Evolutions & tendencies
-The main plot area should not label any axis since information presented are in different scales. Indeed, the values should be displayed directly on mouse hovering in a tooltip.
-The values inside the checkbox should be filled with the following options :
+The main plot area should *not label any axis since information presented are in different scales*. Indeed, the values should be displayed directly on mouse hover in a tooltip.  
+
+In the first place, it should be possible to **distinguish operational aspects from information ones** and enable the display for each type:
 
 | Value | Description |
 |---|---|
-| Aggregated Risks | Show the total risk number no matter their value |
-| Split Risks | Show strong, medium and weak risks total number |
-| Assets | Compare the number of assets present in the risk analysis |
-| Applied recommendations | Bring out number of applied recommendations |
-| Risk mean | Put in perspective the overall risk value for both risk analysis |
+| Aggregated Risks | Show the **total risk number** no matter their risk value |
+| Split Risks | Show **trong, medium and weak risks** total number |
+| Risk mean | Put in perspective the **overall risk average value** for both risk analysis |
 
 > Aggregated and split options shall be exclusive
+
+Besides choosing to screen either operational or information risks, it should be always possible to display the following:
+
+| Value | Description |
+|---|---|
+| Assets | Compare the **number of assets** present in the risk analysis |
+| Applied recommendations | Bring out number of **applied recommendations** |