aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Lemon <lemon@matthewlemon.com>2020-03-15 20:48:18 +0000
committerMatthew Lemon <lemon@matthewlemon.com>2020-03-15 20:48:18 +0000
commitb315e9569a1609f2144821be7459e80687fe584b (patch)
tree393d9903bc7039482120edebf00bc8edf9ba4b3d
parent88d17e3ae1fa451a3d20c753e22cbab3f5025a5d (diff)
All Objectives, Principles and Outcomes now in pop script
Diffstat (limited to '')
-rw-r--r--ctrack/assessments/migrations/0004_auto_20200315_2003.py18
-rw-r--r--ctrack/assessments/models.py2
-rw-r--r--ctrack/organisations/management/commands/populate_db.py277
3 files changed, 292 insertions, 5 deletions
diff --git a/ctrack/assessments/migrations/0004_auto_20200315_2003.py b/ctrack/assessments/migrations/0004_auto_20200315_2003.py
new file mode 100644
index 0000000..9bb24f9
--- /dev/null
+++ b/ctrack/assessments/migrations/0004_auto_20200315_2003.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.2.9 on 2020-03-15 20:03
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('assessments', '0003_auto_20200315_1651'),
+ ]
+
+ operations = [
+ migrations.AlterField(
+ model_name='cafcontributingoutcome',
+ name='name',
+ field=models.CharField(help_text='e.g. Board Direction', max_length=100),
+ ),
+ ]
diff --git a/ctrack/assessments/models.py b/ctrack/assessments/models.py
index b2afd68..07f3813 100644
--- a/ctrack/assessments/models.py
+++ b/ctrack/assessments/models.py
@@ -55,7 +55,7 @@ class CAFContributingOutcome(models.Model):
One of the 39 as set out in the framework.
"""
designation = models.CharField(max_length=5, help_text="e.g. A1.a, B3.c, etc")
- name = models.CharField(max_length=50, help_text="e.g. Board Direction")
+ name = models.CharField(max_length=100, help_text="e.g. Board Direction")
description = models.TextField(max_length=1000)
principle = models.ForeignKey(CAFPrinciple, on_delete=models.CASCADE)
order_id = models.IntegerField()
diff --git a/ctrack/organisations/management/commands/populate_db.py b/ctrack/organisations/management/commands/populate_db.py
index d21797c..dde0788 100644
--- a/ctrack/organisations/management/commands/populate_db.py
+++ b/ctrack/organisations/management/commands/populate_db.py
@@ -181,13 +181,13 @@ class Command(BaseCommand):
)
# We want to simulate 4 CAF Objectives
- c_obj_a = CAFObjective.objects.create(name="Objective A: Major Issue A",
+ c_obj_a = CAFObjective.objects.create(name="Objective A: Managing security risk",
description="An important objective to fix the world.", order_id=1)
- c_obj_b = CAFObjective.objects.create(name="Objective B: Major Issue B",
+ c_obj_b = CAFObjective.objects.create(name="Objective B: Protecting Against Cyber Attack",
description="An important objective to fix the world.", order_id=2)
- c_obj_c = CAFObjective.objects.create(name="Objective C: Major Issue C",
+ c_obj_c = CAFObjective.objects.create(name="Objective C: Detecting Cyber Security Events",
description="An important objective to fix the world.", order_id=3)
- c_obj_d = CAFObjective.objects.create(name="Objective D: Major Issue D",
+ c_obj_d = CAFObjective.objects.create(name="Objective D: Minimising the Impact of Cyber Security Incidents",
description="An important objective to fix the world.", order_id=4)
# For each Objective, let's create four Principles
@@ -249,6 +249,22 @@ class Command(BaseCommand):
order_id=4
)
+ p_b5 = CAFPrinciple.objects.create(
+ caf_objective_id=c_obj_b.id,
+ designation="B5",
+ title="Resilience Networks and Systems",
+ description="When all else fails, there is always food to be cooked.",
+ order_id=5
+ )
+
+ p_b6 = CAFPrinciple.objects.create(
+ caf_objective_id=c_obj_b.id,
+ designation="B6",
+ title="Staff Awareness and Training",
+ description="You must ensure your people are trained and equipped for making a difference.",
+ order_id=6
+ )
+
# Only two of these
p_c1 = CAFPrinciple.objects.create(
caf_objective_id=c_obj_c.id,
@@ -339,6 +355,259 @@ class Command(BaseCommand):
principle_id=p_a4.id,
order_id=1
)
+
+ p_b1_co_a = CAFContributingOutcome.objects.create(
+ designation="B1.a",
+ name="Policy and Process Development",
+ description="You are getting your process and policy development spot on.",
+ principle_id=p_b1.id,
+ order_id=1
+ )
+
+ p_b1_co_b = CAFContributingOutcome.objects.create(
+ designation="B1.b",
+ name="Policy and Process Information",
+ description="Differs from the above in a few ways that will be discussed at a later date.",
+ principle_id=p_b1.id,
+ order_id=2
+ )
+
+ p_b2_co_a = CAFContributingOutcome.objects.create(
+ designation="B2.a",
+ name="ID Verification, Authentication and Authorisation",
+ description="It is very important for people to be able to confirm they they truly are. Underneath.",
+ principle_id=p_b2.id,
+ order_id=1
+ )
+
+ p_b2_co_b = CAFContributingOutcome.objects.create(
+ designation="B2.b",
+ name="Device Management",
+ description="Your devices, and their safe and sustainable use, is crucuial to the longevity of your company.",
+ principle_id=p_b2.id,
+ order_id=2
+ )
+
+ p_b2_co_c = CAFContributingOutcome.objects.create(
+ designation="B2.c",
+ name="Privileged User Mangement",
+ description="You ensure that even the most privileged members of your senior management are under the impression "
+ "that they exude inequality, in all instances.",
+ principle_id=p_b2.id,
+ order_id=3
+ )
+
+ p_b3_co_a = CAFContributingOutcome.objects.create(
+ designation="B3.a",
+ name="Understanding Data",
+ description="You, more than anyone else in the organisation, know what your data means to you.",
+ principle_id=p_b3.id,
+ order_id=1
+ )
+
+ p_b3_co_b = CAFContributingOutcome.objects.create(
+ designation="B3.b",
+ name="Data in Transit",
+ description="You are protecting your data as it moves along the Information Superhighway.",
+ principle_id=p_b3.id,
+ order_id=2
+ )
+
+ p_b3_co_c = CAFContributingOutcome.objects.create(
+ designation="B3.c",
+ name="Stored Data",
+ description="You have stored your data in accordance with local environment laws.",
+ principle_id=p_b3.id,
+ order_id=3
+ )
+
+ p_b3_co_d = CAFContributingOutcome.objects.create(
+ designation="B3.d",
+ name="Mobile Data",
+ description="Mobile data is when data moves because it is stored in a moving thing.",
+ principle_id=p_b3.id,
+ order_id=4
+ )
+
+ p_b3_co_e = CAFContributingOutcome.objects.create(
+ designation="B3.e",
+ name="Media/Equipment Sanitisation",
+ description="You routinely wash and clean the legs and bottom brackets of your server racks.",
+ principle_id=p_b3.id,
+ order_id=5
+ )
+
+ p_b4_co_a = CAFContributingOutcome.objects.create(
+ designation="B4.a",
+ name="Secure by Design",
+ description="You have designed your systems to be secure and you're sure no one is going to hack into them.",
+ principle_id=p_b4.id,
+ order_id=1
+ )
+
+ p_b4_co_b = CAFContributingOutcome.objects.create(
+ designation="B4.b",
+ name="Secure Configuration",
+ description="When you are able to configure your systems and software well, you can say you have Secure "
+ "Configuration. Only then, mind.",
+ principle_id=p_b4.id,
+ order_id=2
+ )
+
+ p_b4_co_c = CAFContributingOutcome.objects.create(
+ designation="B4.c",
+ name="Secure Management",
+ description="Somehow this one is different from all the others but I'm not sure how.",
+ principle_id=p_b4.id,
+ order_id=3
+ )
+
+ p_b4_co_d = CAFContributingOutcome.objects.create(
+ designation="B4.d",
+ name="Vulnerability Management",
+ description="Doing this well means that you are at the top of your vulnerability scale.",
+ principle_id=p_b4.id,
+ order_id=4
+ )
+
+ p_b5_co_a = CAFContributingOutcome.objects.create(
+ designation="B5.a",
+ name="Resilience Preparation",
+ description="Totally ready for the coming of the cyber apocalyse. You practice this stuff regular.",
+ principle_id=p_b5.id,
+ order_id=1
+ )
+
+ p_b5_co_b = CAFContributingOutcome.objects.create(
+ designation="B5.b",
+ name="Design for Resilience",
+ description="This stuff is built into your very working model.",
+ principle_id=p_b5.id,
+ order_id=2
+ )
+
+ p_b5_co_c = CAFContributingOutcome.objects.create(
+ designation="B5.c",
+ name="Backups",
+ description="There is nowhere for you to go as a professional if you don't make backups of your data.",
+ principle_id=p_b5.id,
+ order_id=3
+ )
+
+ p_b6_co_a = CAFContributingOutcome.objects.create(
+ designation="B6.a",
+ name="Cyber Security Culture",
+ description="You're making them understand that this isn't going to go away in a hurry.",
+ principle_id=p_b6.id,
+ order_id=1
+ )
+
+ p_b6_co_b = CAFContributingOutcome.objects.create(
+ designation="B6.b",
+ name="Cyber Security Training",
+ description="By the way, when youre staff are able to write C code, your company understands buffer "
+ "overflows.",
+ principle_id=p_b6.id,
+ order_id=2
+ )
+
+ p_c1_co_a = CAFContributingOutcome.objects.create(
+ designation="C1.a",
+ name="Monitoring Coverage",
+ description="At all times, you are vigilent to the threats out there, and ready to tackle them.",
+ principle_id=p_c1.id,
+ order_id=1
+ )
+
+ p_c1_co_b = CAFContributingOutcome.objects.create(
+ designation="C1.b",
+ name="Securing Logs",
+ description="You might think the are a waste of time, but the Board thinks logging is important.",
+ principle_id=p_c1.id,
+ order_id=2
+ )
+
+ p_c1_co_c = CAFContributingOutcome.objects.create(
+ designation="C1.c",
+ name="Generating Alerts",
+ description="Boo! There, you coped with it because you're good at this.",
+ principle_id=p_c1.id,
+ order_id=3
+ )
+
+ p_c1_co_d = CAFContributingOutcome.objects.create(
+ designation="C1.d",
+ name="Identifying Security Incidents",
+ description="You are wary of all the possible things that could go wrong and you have a plan to deal. Well "
+ "done.",
+ principle_id=p_c1.id,
+ order_id=4
+ )
+
+ p_c1_co_e = CAFContributingOutcome.objects.create(
+ designation="C1.e",
+ name="Monitoring Tools and Skills",
+ description="All these things matter in today's switched on cyber-aware environment.",
+ principle_id=p_c1.id,
+ order_id=5
+ )
+
+ p_c2_co_a = CAFContributingOutcome.objects.create(
+ designation="C2.a",
+ name="System Abnormalities for Attack Detection",
+ description="Make sure you know how to look for things that mighty wrong on your network.",
+ principle_id=p_c2.id,
+ order_id=1
+ )
+
+ p_c2_co_b = CAFContributingOutcome.objects.create(
+ designation="C2.b",
+ name="Proactive Attack Discovery",
+ description="When you go out looking for the bad stuff, you usefully find it - and you know this in spades.",
+ principle_id=p_c2.id,
+ order_id=2
+ )
+
+ p_d1_co_a = CAFContributingOutcome.objects.create(
+ designation="D1.a",
+ name="Response Plan",
+ description="Yeah, we know it's boring but you've got to have one.",
+ principle_id=p_d1.id,
+ order_id=1
+ )
+
+ p_d1_co_b = CAFContributingOutcome.objects.create(
+ designation="D1.b",
+ name="Response and Recovery Capability",
+ description="If you can't get back on your feet after you've been beat, where are you, really?",
+ principle_id=p_d1.id,
+ order_id=2
+ )
+
+ p_d1_co_c = CAFContributingOutcome.objects.create(
+ designation="D1.c",
+ name="Testing and Exercising",
+ description="One of the most important things you should not be forgetting is this.",
+ principle_id=p_d1.id,
+ order_id=3
+ )
+
+ p_d2_co_a = CAFContributingOutcome.objects.create(
+ designation="D2.a",
+ name="Incident Root Cause and Analysis",
+ description="I guess there are always lessons learned, no matter how we good we are.",
+ principle_id=p_d2.id,
+ order_id=1
+ )
+
+ p_d2_co_b = CAFContributingOutcome.objects.create(
+ designation="D2.b",
+ name="Using Incidents to Drive Improvements",
+ description="This is the kind of thing that bores us to tears but it simply has to be done.",
+ principle_id=p_d2.id,
+ order_id=2
+ )
+
# TODO - adapt this so that it records more than just Persons created
self.stdout.write(