Add impact qualification

backend/core/migrations/0022_riskscenario_qualifications.py

@@ -0,0 +1,17 @@
+# Generated by Django 5.0.7 on 2024-08-26 10:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+ dependencies = [
+ ("core", "0021_alter_framework_urn_alter_loadedlibrary_urn_and_more"),
+ ]
+
+ operations = [
+ migrations.AddField(
+ model_name="riskscenario",
+ name="qualifications",
+ field=models.JSONField(default=list, verbose_name="Qualifications"),
+ ),
+ ]

backend/core/models.py

@@ -1680,6 +1680,17 @@ class RiskScenario(NameDescriptionMixin):
  ("transfer", _("Transfer")),
  ]
 
+ QUALIFICATIONS = [
+ ("Financial", _("Financial")),
+ ("Legal", _("Legal")),
+ ("Reputation", _("Reputation")),
+ ("Operational", _("Operational")),
+ ("Confidentiality", _("Confidentiality")),
+ ("Integrity", _("Integrity")),
+ ("Availability", _("Availability")),
+ ("Authenticity", _("Authenticity")),
+ ]
+
  DEFAULT_SOK_OPTIONS = {
  -1: {
  "name": _("--"),
@@ -1787,6 +1798,8 @@ class RiskScenario(NameDescriptionMixin):
  verbose_name=_("Treatment status"),
  )
 
+ qualifications = models.JSONField(default=list, verbose_name=_("Qualifications"))
+
  strength_of_knowledge = models.IntegerField(
  default=-1,
  verbose_name=_("Strength of Knowledge"),

backend/core/views.py

@@ -585,6 +585,7 @@ def duplicate(self, request, pk):
  description=scenario.description,
  existing_controls=scenario.existing_controls,
  treatment=scenario.treatment,
+ qualifications=scenario.qualifications,
  current_proba=scenario.current_proba,
  current_impact=scenario.current_impact,
  residual_proba=scenario.residual_proba,
@@ -745,6 +746,10 @@ class RiskScenarioViewSet(BaseModelViewSet):
  def treatment(self, request):
  return Response(dict(RiskScenario.TREATMENT_OPTIONS))
 
+ @action(detail=False, name="Get qualification choices")
+ def qualifications(self, request):
+ return Response(dict(RiskScenario.QUALIFICATIONS))
+
  @action(detail=True, name="Get probability choices")
  def probability(self, request, pk):
  undefined = dict([(-1, "--")])
@@ -775,16 +780,13 @@ def strength_of_knowledge(self, request, pk):
  _sok_choices = self.get_object().get_matrix().get("strength_of_knowledge")
  if _sok_choices is not None:
  sok_choices = dict(
- zip(
- list(range(0, 64)),
- [
- {
- "name": x["name"],
- "description": x.get("description"),
- "symbol": x.get("symbol"),
- }
- for x in _sok_choices
- ],
+ enumerate(
+ {
+ "name": x["name"],
+ "description": x.get("description"),
+ "symbol": x.get("symbol"),
+ }
+ for x in _sok_choices
  )
  )
  else:

documentation/architecture/data-model.md

@@ -288,6 +288,7 @@ erDiagram
  json target_risk_vector
  string strength_of_knowledge
  string justification
+ json qualifications
 
  principal[] owner
  }
@@ -863,6 +864,8 @@ A risk scenario contains a treatment option with the values --/open/mitigate/acc
 
 A risk scenario also contains a "strength of knowledge", within the values --/0 (Low)/1 (Medium)/2 (High). This can be used to represent a third dimension of risk, as recommended by the Society for Risk Analysis. The field "justification" can be used to expose the knowledge.
 
+A risk scenario also contains a "qualification" field, containing an array with the following possible values: Confidentiality, Integrity, Availability, Authenticity, Reputation, Operational, Legal, Financial. The qualification can cover none, one or several of the values.
+
 The risk evaluation is automatically done based on the selected risk matrix.
 
 ## Risk matrices

frontend/messages/ar.json

@@ -98,6 +98,7 @@
  "urn": "URN",
  "id": "معرف",
  "treatmentStatus": "حالة المعالجة",
+ "qualification": "المؤهلات",
  "currentLevel": "المستوى الحالي",
  "residualLevel": "المستوى المتبقي",
  "riskMatrix": "مصفوفة المخاطر",
@@ -617,5 +618,13 @@
  "sso": "SSO",
  "isSso": "هل هو SSO",
  "size": "الحجم",
- "requirementMappingSets": "ربط الأطر"
+ "requirementMappingSets": "ربط الأطر",
+ "financial": "المالي",
+ "legal": "القانوني",
+ "reputation": "السمعة",
+ "operational": "التشغيلي",
+ "confidentiality": "السرية",
+ "integrity": "النزاهة",
+ "availability": "التوفر",
+ "authenticity": "الأصالة"
 }

frontend/messages/de.json

@@ -103,6 +103,7 @@
  "urn": "URN",
  "id": "ID",
  "treatmentStatus": "Behandlungsstatus",
+ "qualification": "Qualifizierung",
  "currentLevel": "Aktuelles Niveau",
  "residualLevel": "Restrisiko-Niveau",
  "riskMatrix": "Risikomatrix",
@@ -616,5 +617,13 @@
  "back": "Zurückkehren",
  "duplicate": "Duplikat",
  "duplicateRiskAssessment": "Duplizieren Sie die Risikobewertung",
- "size": "Größe"
+ "size": "Größe",
+ "financial": "Finanzen",
+ "legal": "Rechtliches",
+ "reputation": "Reputation",
+ "operational": "Betrieblich",
+ "confidentiality": "Vertraulichkeit",
+ "integrity": "Integrität",
+ "availability": "Verfügbarkeit",
+ "authenticity": "Authentizität"
 }

frontend/messages/en.json

@@ -103,6 +103,7 @@
  "urn": "URN",
  "id": "ID",
  "treatmentStatus": "Treatment status",
+ "qualification": "Qualification",
  "currentLevel": "Current level",
  "residualLevel": "Residual level",
  "riskMatrix": "Risk matrix",
@@ -660,5 +661,13 @@
  "back": "Back",
  "duplicate": "Duplicate",
  "duplicateRiskAssessment": "Duplicate the risk assessment",
- "size": "Size"
+ "size": "Size",
+ "financial": "Financial",
+ "legal": "Legal",
+ "reputation": "Reputation",
+ "operational": "Operational",
+ "confidentiality": "Confidentiality",
+ "integrity": "Integrity",
+ "availability": "Availability",
+ "authenticity": "Authenticity"
 }

frontend/messages/es.json

@@ -103,6 +103,7 @@
  "urn": "URN",
  "id": "ID",
  "treatmentStatus": "Estado del tratamiento",
+ "qualification": "Cualificación",
  "currentLevel": "Nivel actual",
  "residualLevel": "Nivel residual",
  "riskMatrix": "Matriz de riesgos",
@@ -616,5 +617,13 @@
  "back": "Devolver",
  "duplicate": "Duplicar",
  "duplicateRiskAssessment": "Duplicar la evaluación de riesgo",
- "size": "Tamaño"
+ "size": "Tamaño",
+ "financial": "Finanzas",
+ "legal": "Jurídico",
+ "reputation": "Reputación",
+ "operational": "Operativa",
+ "confidentiality": "Confidencialidad",
+ "integrity": "Integridad",
+ "availability": "Disponibilidad",
+ "authenticity": "Autenticidad"
 }

frontend/messages/fr.json

@@ -103,6 +103,7 @@
  "urn": "URN",
  "id": "ID",
  "treatmentStatus": "Statut de traitement",
+ "qualification": "Qualifcation",
  "currentLevel": "Niveau courant",
  "residualLevel": "Niveau résiduel",
  "riskMatrix": "Matrice de risque",
@@ -616,5 +617,13 @@
  "back": "Retour",
  "duplicate": "Dupliquer",
  "duplicateRiskAssessment": "Dupliquer l’évaluation de risque",
- "size": "Taille"
+ "size": "Taille",
+ "financial": "Financier",
+ "legal": "Juridique",
+ "reputation": "Réputation",
+ "operational": "Opérationnel",
+ "confidentiality": "Confidentialité",
+ "integrity": "Intégrité",
+ "availability": "Disponibilité",
+ "authenticity": "Authenticité"
 }

frontend/messages/it.json

@@ -103,6 +103,7 @@
  "urn": "URN",
  "id": "ID",
  "treatmentStatus": "Stato del trattamento",
+ "qualification": "Qualificazione",
  "currentLevel": "Livello attuale",
  "residualLevel": "Livello residuo",
  "riskMatrix": "Matrice di rischio",
@@ -616,5 +617,13 @@
  "back": "Ritorno",
  "duplicate": "Duplicare",
  "duplicateRiskAssessment": "Duplicare la valutazione del rischio",
- "size": "Dimensione"
+ "size": "Dimensione",
+ "financial": "Finanziario",
+ "legal": "Legale",
+ "reputation": "Reputazione",
+ "operational": "Operativo",
+ "confidentiality": "Riservatezza",
+ "integrity": "Integrità",
+ "availability": "Disponibilità",
+ "authenticity": "Autenticità"
 }

frontend/messages/nl.json

@@ -103,6 +103,7 @@
  "urn": "URN",
  "id": "ID",
  "treatmentStatus": "Behandelstatus",
+ "qualification": "Kwalificatie",
  "currentLevel": "Huidig niveau",
  "residualLevel": "Restniveau",
  "riskMatrix": "Risicomatrix",
@@ -616,5 +617,13 @@
  "back": "Opbrengst",
  "duplicate": "Duplicaat",
  "duplicateRiskAssessment": "Dupliceer de risicobeoordeling",
- "size": "Grootte"
+ "size": "Grootte",
+ "financial": "Financieel",
+ "legal": "Juridisch",
+ "reputation": "Reputatie",
+ "operational": "Operationeel",
+ "confidentiality": "Vertrouwelijkheid",
+ "integrity": "Integriteit",
+ "availability": "Beschikbaarheid",
+ "authenticity": "Authenticiteit"
 }

frontend/messages/pl.json

@@ -103,6 +103,7 @@
  "urn": "URN",
  "id": "ID",
  "treatmentStatus": "Status leczenia",
+ "qualification": "Kwalifikacja",
  "currentLevel": "Obecny poziom",
  "residualLevel": "Poziom resztkowy",
  "riskMatrix": "Macierz ryzyka",
@@ -653,5 +654,13 @@
  "back": "Powrót",
  "duplicate": "Duplikować",
  "duplicateRiskAssessment": "Powielić ocenę ryzyka",
- "size": "Rozmiar"
+ "size": "Rozmiar",
+ "financial": "Finansowy",
+ "legal": "Prawne",
+ "reputation": "Reputacja",
+ "operational": "Operacyjne",
+ "confidentiality": "Poufność",
+ "integrity": "Integralność",
+ "availability": "Dostępność",
+ "authenticity": "Autentyczność"
 }

frontend/messages/pt.json

@@ -103,6 +103,7 @@
  "urn": "URN",
  "id": "ID",
  "treatmentStatus": "Status de tratamento",
+ "qualification": "Qualificação",
  "currentLevel": "Nível atual",
  "residualLevel": "Nível residual",
  "riskMatrix": "Matriz de risco",
@@ -616,5 +617,13 @@
  "back": "Retornar",
  "duplicate": "Duplicado",
  "duplicateRiskAssessment": "Duplicar a avaliação de risco",
- "size": "Tamanho"
+ "size": "Tamanho",
+ "financial": "Financeiro",
+ "legal": "Jurídica",
+ "reputation": "Reputação",
+ "operational": "Operacional",
+ "confidentiality": "Confidencialidade",
+ "integrity": "Integridade",
+ "availability": "Acessibilidade",
+ "authenticity": "Autenticidade"
 }

frontend/messages/ro.json

@@ -660,5 +660,13 @@
  "back": "Înapoi",
  "duplicate": "Dublică",
  "duplicateRiskAssessment": "Dublarea evaluării riscului",
- "size": "Mărime"
+ "size": "Mărime",
+ "financial": "Finanțe",
+ "legal": "Juridic",
+ "reputation": "Reputație",
+ "operational": "Operațional",
+ "confidentiality": "Confidențialitate",
+ "integrity": "Integritate",
+ "availability": "Accesibilitate",
+ "authenticity": "Autenticitate"
 }

frontend/src/lib/components/Forms/Select.svelte

@@ -12,6 +12,7 @@
  export let field: string;
  export let helpText: string | undefined = undefined;
  export let cachedValue: string | undefined = undefined;
+ export let blank: boolean = false;
  export let cacheLock: CacheLock = {
  promise: new Promise((res) => res(null)),
  resolve: (x) => x
@@ -73,7 +74,8 @@
  {...$$restProps}
  >
  {#if !$constraints?.required && !options.find( (o) => new Set( ['--', 'undefined'] ).has(o.label.toLowerCase()) )}
- <option value={null} selected>--</option>
+ {@const defaultValue = blank ? '' : null}
+ <option value={defaultValue} selected>--</option>
  {/if}
  {#each options as option}
  <option value={option.value} style="background-color: {color_map[option.value]}">

frontend/src/lib/components/RiskMatrix/RiskMatrix.svelte

@@ -20,11 +20,7 @@
  // reverse data array to display it in the right order
  let displayedData: typeof data;
  if (data) {
- displayedData = data.some((e) => {
- return e.length;
- })
- ? data.slice().reverse()
- : undefined;
+ displayedData = data.some((e) => e.length > 0) ? data.slice().reverse() : undefined;
  }
  let popupHover: PopupSettings[][] = [];
  popupHover[0] = [];

frontend/src/lib/components/RiskMatrix/RiskScenarioItem.svelte

@@ -3,7 +3,8 @@
 </script>
 
 <p class="whitespace-nowrap">
- {#if data.strength_of_knowledge && data.strength_of_knowledge.symbol !== undefined}<sup
- class="font-mono text-lg">{data.strength_of_knowledge.symbol}</sup
- >{/if}{data.rid}
+ {#if data.strength_of_knowledge && data.strength_of_knowledge.symbol !== undefined}
+ <sup class="font-mono text-lg">{data.strength_of_knowledge.symbol}</sup>
+ {/if}
+ <span>{data.rid}</span>
 </p>

frontend/src/lib/utils/locales.ts

@@ -391,7 +391,15 @@ export function localItems(): LocalItems {
  appliedControlNoEffort: m.appliedControlNoEffort(),
  appliedControlNoLink: m.appliedControlNoLink(),
  riskAcceptanceNoExpiryDate: m.riskAcceptanceNoExpiryDate(),
- riskAcceptanceExpired: m.riskAcceptanceExpired()
+ riskAcceptanceExpired: m.riskAcceptanceExpired(),
+ financial: m.financial(),
+ legal: m.legal(),
+ reputation: m.reputation(),
+ operational: m.operational(),
+ confidentiality: m.confidentiality(),
+ integrity: m.integrity(),
+ availability: m.availability(),
+ authenticity: m.authenticity()
  };
  return LOCAL_ITEMS;
 }

frontend/src/lib/utils/schemas.ts

@@ -102,6 +102,7 @@ export const RiskScenarioSchema = baseNamedObject({
  residual_proba: z.number().optional(),
  residual_impact: z.number().optional(),
  treatment: z.string().optional(),
+ qualifications: z.string().optional().array().optional(),
  strength_of_knowledge: z.number().default(-1).optional(),
  justification: z.string().optional().nullable(),
  risk_assessment: z.string(),