Monarc
/
MonarcAppFO
mirror of https://github.com/monarc-project/MonarcAppFO
1
0
Fork 0
Code Issues Releases Wiki Activity

Simplification

master
Jerome Lombardi 2018-02-23 08:41:23 +01:00
parent 617afbb723
commit 55927ef5f6
1 changed files with 11 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
dashboard_frontend_specs.md

@ -29,99 +29,46 @@ The first component of the overview tab is composed of 3 layered charts. *Browsi
|---|---|
|**1**| Show how the number of risk is distributed among their type : **either information risk or operational**
|**2**| Choice between a **bar or a pie chart**
|**3**| Display **relative** values (%) or **absolute**
|**3**| Display **absolute** values
|**4**| Display as **total (aggregated)** or split on their **risk level (weak/medium/strong)**
Two graphs will be generated, one for information risks and one for operational risks.
[[images/12a_1.PNG]]
| # |Second layer : Risk distribution by asset |
|---|---|
|**1**| Show how many risk affect **each asset**
|**2**| Presented as a **column chart**
|**3**| Display **relative** (%) or **absolute** values
|**3**| Display **absolute** values
|**4**| Display as **total (aggregated)** or split on their **risk level (weak/medium/strong)**
> Regardless of information or operational risk type chosen
Two graphs will be generated, one for information risks and one for operational risks.
[[images/12a_2.PNG]]
+ Information risks:
| # |Third layer : Risk list associated to the previously selected asset |
|---|---|
|**1**| List all **information risks** associated to **one specific asset**
|**2**| Clicking twice on a specific risk leads to its location **directly in MONARC application**
|**3**| Sort by **ascending** or **descending** order on fields : Threat value, vulnerability value and impact upon confidentiality, integrity and availability criteria.
+ Operational risks:
| # |Third layer |
|---|---|
|**1**| List all **operational risks** associated to **one specific asset**
|**2**| Clicking twice on a specific risk leads to its location **directly in MONARC application**
|**3**| Sort by **ascending** or **descending** order on the **risk probability** and each **ROLFP criteria** value.
Expected representation of the list :
<a href="images/12a.PNG">[[images/12a.PNG]]</a>
The third layer: The risk list associated to the previously selected asset will be displayed.
### 12b. Threats
The second component of the synthetic view is meant to bring out the **broadest threats**. Being able to *go back and forth between the different level* of this component is necessary.
The second component of the synthetic view is meant to bring out the **broadest threats**.
| # |First layer : Threat themes distribution |
| # | Threat themes distribution |
|---|---|
|**1**| Show the distribution of the **threat theme**
|**2**| Choice between a **bar or a pie chart**
|**3**| Display **relative** values (%) or **absolute**
[[images/12b_1.PNG]]
| # |Second layer : Theme by asset |
|---|---|
|**1**| Show the distribution of the **selected threat theme by asset**
|**2**| Choice between a **bar or a pie chart**
|**3**| Display **relative** values (%) or **absolute**
[[images/12b_2.PNG]]
| # |Third layer : Threat list |
|---|---|
|**1**| Show a list of threats affecting the **previously selected asset**
|**2**| Each line must be **colored** according to the risk level linked to the threat
|**3**| Sort by **ascending** or **descending** order on fields : max risk value associated and the risk set size
Representation of an element in the previously described list :
<a href="images/12b.PNG">[[images/12b.PNG]]</a>
### 12c. Vulnerabilities
The third component is all about the **vulnerabilities** that can be found in the risk analysis. This component is made out of 3 layers and as mentioned before, being able to *easily move back and forth between the different layers*.
The third component is all about the **vulnerabilities** that can be found in the risk analysis.
| # |First layer : Vulnerabilities distribution |
| # | Vulnerabilities distribution |
|---|---|
|**1**| Show the distribution of the main **vulnerability type**
|**2**| Choice between a **bar or a pie chart**
|**3**| Display **relative** values (%) or **absolute**
[[images/12c_1.PNG]]
| # |Second layer : Vulnerabilities sub type distribution |
|---|---|
|**1**| Show the distribution of the **secondary vulnerability type**
|**2**| Choice between a **bar or a pie chart**
|**3**| Display **relative** values (%) or **absolute**
[[images/12c_2.PNG]]
| # |Third layer : Specific vulnerability list |
|---|---|
|**1**| Show the list of the vulnerabilities affecting the organism and being part of the **previously chosen vulnerability sub type**
|**2**| Sort by **ascending** or **descending** order on fields : occurrences and max risk value associated
Representation of an element in the previously described list :
<a href="images/12c.PNG">[[images/12c.PNG]]</a>
### 12d. Cartography
This last component is designed to show to the user a **graphic distribution of the risks**, through a *bubble chart*. The risks exposed are **either information or operational risks** and the user should *choose which category we wants to be displayed, anytime*.
@ -165,7 +112,7 @@ Moreover, these options should be available along with the plot:
| Option | Description |
|---|---|
| **Asset selection** | Enable the user to choose among all the risk analysis assets plus a field selecting them all
| **Asset selection** | Enable the user to choose among all the risk analysis assets plus a field selecting them all. More generally a selection just between primary and secondary assets can be done
| **After/before treatment** | Allow the user to see the different distributions based on the actual and residual risk value
> The after/before option must be illustrated by using two different colors to distinguish the risks seen from before and after being mitigated
@ -189,8 +136,6 @@ The decision support view is composed of 2 areas splitting the available space a
### 22a. Custom action plan
The first component of the decision support tab is a priority queue concerning the recommendations done by the risk assessor.
In the first place a distinction has to be done between recommendations concerning information risks and those as regards to operational risks. Then a different dropdown list will be available for each case.
+ **Concerning information risks**
One should have the ability to choose a **strategy** in a dropdown list and then be provided with different results. The available strategies are the following:
@ -204,29 +149,8 @@ One should have the ability to choose a **strategy** in a dropdown list and then
| **Importance** | Put in order according to the criteria of **importance** of the risk assessor | = Measure's importance criteria | :arrow_down_small:
| **Likelihood** | Prioritize the measures that are related to the **most likely risks** | = &Sigma; ( Threat probability x Vulnerability qualification ) | :arrow_down_small:
---
+ **Concerning operational risks**
The available strategies should be :
| Strategy | Description | Score | Order
|---|---|---|---|
| **Cost** | Prioritize the **cheapest** measures | = ( initial cost + maintenance ) / 2 | :arrow_up_small:
| **Time** | Put the recommendation that are the **shortest** to set up at the top of the queue | = time qualification | :arrow_up_small:
| **Criticality** | Highlight the **most spread** measures among the organization's risks | = Number of risks mitigated | :arrow_down_small:
| **Importance** | Put in order according to the criteria of **importance** of the risk assessor | = Measure's importance criteria | :arrow_down_small:
| **Likelihood** | Prioritize the measures that are related to the **most likely risks** | = &Sigma; Operational risk probability | :arrow_down_small:
---
Each element of the list represents a measure which will be presented as following (regardless of the operational or information recommendation's origin):
<a href="images/22a.PNG">[[images/22a.PNG]]</a>
### 22b. Risk factors
The second part of the decision support tab is about **highlight specific aspects** of the risk analysis that might have *gone unnoticed by the user otherwise*.