diff --git a/backend/ebios_rm/models.py b/backend/ebios_rm/models.py index 01fbbba94..e50285cf4 100644 --- a/backend/ebios_rm/models.py +++ b/backend/ebios_rm/models.py @@ -382,6 +382,20 @@ def residual_criticality(self): self.residual_trust, ) + def get_current_criticality_display(self) -> str: + return ( + f"{self.current_criticality:.2f}".rstrip("0").rstrip(".") + if "." in f"{self.current_criticality:.2f}" + else f"{self.current_criticality:.2f}" + ) + + def get_residual_criticality_display(self) -> str: + return ( + f"{self.residual_criticality:.2f}".rstrip("0").rstrip(".") + if "." in f"{self.residual_criticality:.2f}" + else f"{self.residual_criticality:.2f}" + ) + class StrategicScenario(NameDescriptionMixin, FolderMixin): ebios_rm_study = models.ForeignKey( diff --git a/backend/ebios_rm/serializers.py b/backend/ebios_rm/serializers.py index e5f0b8f7d..e9b9efa34 100644 --- a/backend/ebios_rm/serializers.py +++ b/backend/ebios_rm/serializers.py @@ -105,8 +105,12 @@ class Meta: class StakeholderWriteSerializer(BaseModelSerializer): - current_criticality = serializers.IntegerField(read_only=True) - residual_criticality = serializers.IntegerField(read_only=True) + current_criticality = serializers.CharField( + source="get_current_criticality_display" + ) + residual_criticality = serializers.CharField( + source="get_residual_criticality_display" + ) class Meta: model = Stakeholder @@ -121,8 +125,12 @@ class StakeholderReadSerializer(BaseModelSerializer): applied_controls = FieldsRelatedField(many=True) category = serializers.CharField(source="get_category_display") - current_criticality = serializers.IntegerField() - residual_criticality = serializers.IntegerField() + current_criticality = serializers.CharField( + source="get_current_criticality_display" + ) + residual_criticality = serializers.CharField( + source="get_residual_criticality_display" + ) class Meta: model = Stakeholder diff --git a/backend/library/libraries/risk-matrix-6x6-detailed.yaml b/backend/library/libraries/risk-matrix-6x6-detailed.yaml new file mode 100644 index 000000000..96a2de189 --- /dev/null +++ b/backend/library/libraries/risk-matrix-6x6-detailed.yaml @@ -0,0 +1,204 @@ +urn: urn:intuitem:risk:library:risk-matrix-6x6-detailed +locale: fr +ref_id: risk-matrix-6x6-detailed +name: 6x6 detailed +description: 6x6 detailed example +copyright: domaine public +version: 1 +provider: intuitem +packager: intuitem +objects: + risk_matrix: + - urn: urn:intuitem:risk:matrix:6x6-detailed + ref_id: risk-matrix-6x6-detailed + name: 6x6 detailed + description: 6x6 detailed example + probability: + - id: 0 + abbreviation: EX + name: Exceptionnel + description: Une fois tous les 5 ans ou 1 tous les 10.000 (< 1%) + translations: + en: + name: Exceptional + description: Once every 5 years or every 10,000 days (< 1%) + hexcolor: '#00B050' + - id: 1 + abbreviation: RA + name: Rare + description: Une fois par an ou 1 tous les 1.000 (< 5%) + translations: + en: + name: Rare + description: Once per year or every 1,000 days (< 5%) + hexcolor: '#FFFF00' + - id: 2 + abbreviation: UL + name: "Peu fr\xE9quent" + description: Une fois par trimestre ou 1 tous les 100 (< 10%) + translations: + en: + name: Uncommon + description: Once per quarter or every 100 days (< 10%) + hexcolor: '#FFC000' + - id: 3 + abbreviation: LI + name: "Fr\xE9quent" + description: Une fois par mois ou 1 tous les 50 (< 20%) + translations: + en: + name: Common + description: Once per month or every 50 days (< 20%) + hexcolor: '#FF0000' + - id: 4 + abbreviation: VF + name: "Tr\xE8s fr\xE9quent" + description: Une fois par semaine ou 1 tous les 10 (<90%) + translations: + en: + name: Very frequent + description: Once per week or every 10 days (< 90%) + hexcolor: '#FF0000' + - id: 5 + abbreviation: RE + name: "R\xE9current" + description: Une fois par jour 1 tous les 2 (> 90%) + translations: + en: + name: Recurrent + description: Once per day or every 2 days (> 90%) + hexcolor: '#FF0000' + impact: + - id: 0 + abbreviation: LO + name: 'Faible ' + description: "<10k\u20AC " + translations: + en: + name: 'Low ' + description: "<10k\u20AC " + hexcolor: '#00B050' + - id: 1 + abbreviation: MI + name: "Mod\xE9r\xE9 " + description: " entre 10 et 50k\u20AC " + translations: + en: + name: Moderate + description: " from 10 to 50k\u20AC " + hexcolor: '#FFFF00' + - id: 2 + abbreviation: SI + name: 'Significatif ' + description: " entre 50 et 100k\u20AC " + translations: + en: + name: 'Significant ' + description: " from 50 to 100k\u20AC " + hexcolor: '#FFC000' + - id: 3 + abbreviation: SE + name: "S\xE9rieux " + description: "entre 100 et 500 k\u20AC" + translations: + en: + name: Serious + description: "from 100 to 500 k\u20AC" + hexcolor: '#FF0000' + - id: 4 + abbreviation: CR + name: 'Critique ' + description: "entre 500 et 1 000 k\u20AC" + translations: + en: + name: 'Critical ' + description: "from 500 to 1 000 k\u20AC" + hexcolor: '#FF0000' + - id: 5 + abbreviation: CA + name: 'Catastrophique ' + description: "> 1 000 k\u20AC" + translations: + en: + name: 'Catastrophic ' + description: "> 1 000 k\u20AC" + hexcolor: '#FF0000' + risk: + - id: 0 + abbreviation: LO + name: Faible + description: "Risque n\xE9gligeable" + translations: + en: + name: Low + description: Negligible risk + hexcolor: '#00B050' + - id: 1 + abbreviation: MO + name: "Mod\xE9r\xE9" + description: "Risque relevant de l'activit\xE9 courante du m\xE9tier (dispositifs\ + \ de\nma\xEEtrise inscrits dans les proc\xE9dures et outils)" + translations: + en: + name: Moderate + description: Risk related to routine business activity (control measures + defined in procedures and tools) + hexcolor: '#FFFF00' + - id: 2 + abbreviation: SI + name: Significatif + description: "Risque demandant un niveau de ma\xEEtrise satisfaisant et un suivi\ + \ par le m\xE9tier" + translations: + en: + name: Significant + description: Risk requiring satisfactory control and monitoring by the business + hexcolor: '#FFC000' + - id: 3 + abbreviation: MA + name: Majeur + description: "Risque prioritaire dont le niveau de ma\xEEtrise doit \xEAtre\ + \ suivi par la Direction m\xE9tier en relation avec le RSSI" + translations: + en: + name: Major + description: Priority risk where control levels must be monitored by business + management in coordination with the CISO. + hexcolor: '#FF0000' + grid: + - - 0 + - 0 + - 0 + - 0 + - 1 + - 3 + - - 0 + - 0 + - 1 + - 1 + - 2 + - 3 + - - 0 + - 1 + - 1 + - 2 + - 2 + - 3 + - - 0 + - 1 + - 2 + - 2 + - 2 + - 3 + - - 0 + - 1 + - 2 + - 2 + - 3 + - 3 + - - 1 + - 2 + - 2 + - 3 + - 3 + - 3 diff --git a/documentation/architecture/data-model.md b/documentation/architecture/data-model.md index cdce6f2be..dce95dae0 100644 --- a/documentation/architecture/data-model.md +++ b/documentation/architecture/data-model.md @@ -1348,7 +1348,8 @@ erDiagram EBIOS_RM_STUDY }o--o{ COMPLIANCE_ASSESSMENT: leverages EBIOS_RM_STUDY }o--|| RISK_MATRIX : leverages EBIOS_RM_STUDY |o--o{ RISK_ASSESSMENT : generates - ATTACK_PATH }o--|| RO_TO : derives + STRATEGIC_SCENARIO }o--|| RO_TO : derives_from + ATTACK_PATH }o--|| STRATEGIC_SCENARIO : derives RO_TO }o--o{ FEARED_EVENT : corresponds_to OPERATIONAL_SCENARIO |o--|| ATTACK_PATH : derives OPERATIONAL_SCENARIO }o--o{ THREAT : leverages @@ -1405,6 +1406,12 @@ erDiagram string justification } + STRATEGIC_SCENARIO { + string ref_id + string name + string description + } + ATTACK_PATH { string ref_id string name diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json index 6211b45f9..6311995ff 100644 --- a/frontend/messages/fr.json +++ b/frontend/messages/fr.json @@ -906,5 +906,16 @@ "extraControlsHelper": "Que ferez-vous pour atténuer ce risque", "existingContextHelper": "Description des mesures existantes (ce champ sera bientôt obsolète)", "resetPasswordHere": "Vous pouvez réinitialiser votre mot de passe ici.", - "resetPassword": "Réinitialiser le mot de passe" + "resetPassword": "Réinitialiser le mot de passe", + "securityObjectives": "Objectifs de sécurité", + "disasterRecoveryObjectives": "Objectifs de reprise après sinistre", + "hours": "Heures", + "minutes": "Minutes", + "seconds": "Secondes", + "rto": "RTO", + "rtoHelpText": "Objectif de temps de récupération", + "rpo": "RPO", + "rpoHelpText": "Objectif du point de récupération", + "mtd": "MTD", + "mtdHelpText": "Temps d'arrêt maximal tolérable" } diff --git a/frontend/src/lib/components/Forms/ModelForm/StakeholderForm.svelte b/frontend/src/lib/components/Forms/ModelForm/StakeholderForm.svelte index 288cf1479..6b1a576f3 100644 --- a/frontend/src/lib/components/Forms/ModelForm/StakeholderForm.svelte +++ b/frontend/src/lib/components/Forms/ModelForm/StakeholderForm.svelte @@ -55,7 +55,7 @@ trust: number ) => { if (maturity === 0 || trust === 0) return 0; - return (dependency * penetration) / (maturity * trust); + return ((dependency * penetration) / (maturity * trust)).toFixed(2).replace(/\.?0+$/, ''); }; $: currentCriticality = getCriticality( diff --git a/frontend/src/lib/utils/table.ts b/frontend/src/lib/utils/table.ts index 6bdf9529e..d089817a1 100644 --- a/frontend/src/lib/utils/table.ts +++ b/frontend/src/lib/utils/table.ts @@ -722,8 +722,8 @@ export const listViewFields: ListViewFieldsConfig = { } }, 'attack-paths': { - head: ['is_selected', 'name', 'stakeholders', 'description'], - body: ['is_selected', 'name', 'stakeholders', 'description'], + head: ['is_selected', 'ref_id', 'name', 'stakeholders', 'description'], + body: ['is_selected', 'ref_id', 'name', 'stakeholders', 'description'], filters: { is_selected: IS_SELECTED_FILTER, stakeholders: STAKEHOLDER_FILTER diff --git a/tools/matrix/risk-matrix-6x6-detailed.xlsx b/tools/matrix/risk-matrix-6x6-detailed.xlsx new file mode 100644 index 000000000..4b0551b0a Binary files /dev/null and b/tools/matrix/risk-matrix-6x6-detailed.xlsx differ