From 55927ef5f6a817c32074b49299eb76565155dadb Mon Sep 17 00:00:00 2001 From: Jerome Lombardi Date: Fri, 23 Feb 2018 08:41:23 +0100 Subject: [PATCH] Simplification --- dashboard_frontend_specs.md | 98 +++++-------------------------------- 1 file changed, 11 insertions(+), 87 deletions(-) diff --git a/dashboard_frontend_specs.md b/dashboard_frontend_specs.md index 6138e30..7036236 100644 --- a/dashboard_frontend_specs.md +++ b/dashboard_frontend_specs.md @@ -29,99 +29,46 @@ The first component of the overview tab is composed of 3 layered charts. *Browsi |---|---| |**1**| Show how the number of risk is distributed among their type : **either information risk or operational** |**2**| Choice between a **bar or a pie chart** -|**3**| Display **relative** values (%) or **absolute** +|**3**| Display **absolute** values |**4**| Display as **total (aggregated)** or split on their **risk level (weak/medium/strong)** +Two graphs will be generated, one for information risks and one for operational risks. + [[images/12a_1.PNG]] | # |Second layer : Risk distribution by asset | |---|---| |**1**| Show how many risk affect **each asset** |**2**| Presented as a **column chart** -|**3**| Display **relative** (%) or **absolute** values +|**3**| Display **absolute** values |**4**| Display as **total (aggregated)** or split on their **risk level (weak/medium/strong)** -> Regardless of information or operational risk type chosen +Two graphs will be generated, one for information risks and one for operational risks. [[images/12a_2.PNG]] + Information risks: -| # |Third layer : Risk list associated to the previously selected asset | -|---|---| -|**1**| List all **information risks** associated to **one specific asset** -|**2**| Clicking twice on a specific risk leads to its location **directly in MONARC application** -|**3**| Sort by **ascending** or **descending** order on fields : Threat value, vulnerability value and impact upon confidentiality, integrity and availability criteria. - -+ Operational risks: - -| # |Third layer | -|---|---| -|**1**| List all **operational risks** associated to **one specific asset** -|**2**| Clicking twice on a specific risk leads to its location **directly in MONARC application** -|**3**| Sort by **ascending** or **descending** order on the **risk probability** and each **ROLFP criteria** value. - -Expected representation of the list : - -[[images/12a.PNG]] +The third layer: The risk list associated to the previously selected asset will be displayed. ### 12b. Threats -The second component of the synthetic view is meant to bring out the **broadest threats**. Being able to *go back and forth between the different level* of this component is necessary. +The second component of the synthetic view is meant to bring out the **broadest threats**. -| # |First layer : Threat themes distribution | +| # | Threat themes distribution | |---|---| |**1**| Show the distribution of the **threat theme** |**2**| Choice between a **bar or a pie chart** |**3**| Display **relative** values (%) or **absolute** -[[images/12b_1.PNG]] - -| # |Second layer : Theme by asset | -|---|---| -|**1**| Show the distribution of the **selected threat theme by asset** -|**2**| Choice between a **bar or a pie chart** -|**3**| Display **relative** values (%) or **absolute** - -[[images/12b_2.PNG]] - -| # |Third layer : Threat list | -|---|---| -|**1**| Show a list of threats affecting the **previously selected asset** -|**2**| Each line must be **colored** according to the risk level linked to the threat -|**3**| Sort by **ascending** or **descending** order on fields : max risk value associated and the risk set size - -Representation of an element in the previously described list : - -[[images/12b.PNG]] - ### 12c. Vulnerabilities -The third component is all about the **vulnerabilities** that can be found in the risk analysis. This component is made out of 3 layers and as mentioned before, being able to *easily move back and forth between the different layers*. +The third component is all about the **vulnerabilities** that can be found in the risk analysis. -| # |First layer : Vulnerabilities distribution | +| # | Vulnerabilities distribution | |---|---| |**1**| Show the distribution of the main **vulnerability type** |**2**| Choice between a **bar or a pie chart** |**3**| Display **relative** values (%) or **absolute** -[[images/12c_1.PNG]] - -| # |Second layer : Vulnerabilities sub type distribution | -|---|---| -|**1**| Show the distribution of the **secondary vulnerability type** -|**2**| Choice between a **bar or a pie chart** -|**3**| Display **relative** values (%) or **absolute** - -[[images/12c_2.PNG]] - -| # |Third layer : Specific vulnerability list | -|---|---| -|**1**| Show the list of the vulnerabilities affecting the organism and being part of the **previously chosen vulnerability sub type** -|**2**| Sort by **ascending** or **descending** order on fields : occurrences and max risk value associated - -Representation of an element in the previously described list : - -[[images/12c.PNG]] - ### 12d. Cartography This last component is designed to show to the user a **graphic distribution of the risks**, through a *bubble chart*. The risks exposed are **either information or operational risks** and the user should *choose which category we wants to be displayed, anytime*. @@ -165,7 +112,7 @@ Moreover, these options should be available along with the plot: | Option | Description | |---|---| -| **Asset selection** | Enable the user to choose among all the risk analysis assets plus a field selecting them all +| **Asset selection** | Enable the user to choose among all the risk analysis assets plus a field selecting them all. More generally a selection just between primary and secondary assets can be done | **After/before treatment** | Allow the user to see the different distributions based on the actual and residual risk value > The after/before option must be illustrated by using two different colors to distinguish the risks seen from before and after being mitigated @@ -189,8 +136,6 @@ The decision support view is composed of 2 areas splitting the available space a ### 22a. Custom action plan The first component of the decision support tab is a priority queue concerning the recommendations done by the risk assessor. -In the first place a distinction has to be done between recommendations concerning information risks and those as regards to operational risks. Then a different dropdown list will be available for each case. - + **Concerning information risks** One should have the ability to choose a **strategy** in a dropdown list and then be provided with different results. The available strategies are the following: @@ -204,29 +149,8 @@ One should have the ability to choose a **strategy** in a dropdown list and then | **Importance** | Put in order according to the criteria of **importance** of the risk assessor | = Measure's importance criteria | :arrow_down_small: | **Likelihood** | Prioritize the measures that are related to the **most likely risks** | = Σ ( Threat probability x Vulnerability qualification ) | :arrow_down_small: - - ---- - -+ **Concerning operational risks** - -The available strategies should be : - -| Strategy | Description | Score | Order -|---|---|---|---| -| **Cost** | Prioritize the **cheapest** measures | = ( initial cost + maintenance ) / 2 | :arrow_up_small: -| **Time** | Put the recommendation that are the **shortest** to set up at the top of the queue | = time qualification | :arrow_up_small: -| **Criticality** | Highlight the **most spread** measures among the organization's risks | = Number of risks mitigated | :arrow_down_small: -| **Importance** | Put in order according to the criteria of **importance** of the risk assessor | = Measure's importance criteria | :arrow_down_small: -| **Likelihood** | Prioritize the measures that are related to the **most likely risks** | = Σ Operational risk probability | :arrow_down_small: - ---- - -Each element of the list represents a measure which will be presented as following (regardless of the operational or information recommendation's origin): - [[images/22a.PNG]] - ### 22b. Risk factors The second part of the decision support tab is about **highlight specific aspects** of the risk analysis that might have *gone unnoticed by the user otherwise*.