diff options
Diffstat (limited to '')
-rw-r--r-- | ctrack/core/utils.py | 225 |
1 files changed, 120 insertions, 105 deletions
diff --git a/ctrack/core/utils.py b/ctrack/core/utils.py index 00f8cbd..84b4d8d 100644 --- a/ctrack/core/utils.py +++ b/ctrack/core/utils.py @@ -1,25 +1,36 @@ import random -from random import randint, choice +from random import choice, randint from faker import Faker -from ctrack.assessments.models import CAFAssessment, CAFObjective, CAFPrinciple, CAFContributingOutcome, \ - CAFAssessmentOutcomeScore, AchievementLevel, IGP +from ctrack.assessments.models import ( + IGP, + AchievementLevel, + CAFAssessment, + CAFAssessmentOutcomeScore, + CAFContributingOutcome, + CAFObjective, + CAFPrinciple, +) from ctrack.caf.models import CAF from ctrack.caf.tests.factories import ( + ApplicableSystemFactory, + CAFFactory, + FileStoreFactory, GradingFactory, - FileStoreFactory, CAFFactory, ApplicableSystemFactory, ) -from ctrack.organisations.models import AddressType, Person -from ctrack.organisations.models import Mode -from ctrack.organisations.models import Submode -from ctrack.organisations.tests.factories import AddressFactory -from ctrack.organisations.tests.factories import OrganisationFactory -from ctrack.organisations.tests.factories import PersonFactory -from ctrack.organisations.tests.factories import RoleFactory -from ctrack.organisations.tests.factories import UserFactory -from ctrack.register.tests.factories import EngagementEventFactory -from ctrack.register.tests.factories import EngagementTypeFactory +from ctrack.organisations.models import AddressType, Mode, Person, Submode +from ctrack.organisations.tests.factories import ( + AddressFactory, + OrganisationFactory, + PersonFactory, + RoleFactory, + UserFactory, +) +from ctrack.register.tests.factories import ( + EngagementEventFactory, + EngagementTypeFactory, +) fnames = [ "Clock Pylon Systems", @@ -72,10 +83,7 @@ def populate_db(**kwargs): submodes = [sb1, sb2, sb3, sb4, sb5, sb6, sb7] - # we need a User object to completed the updated_by fields in Organisation and Person - user = ( - UserFactory.create() - ) # we need to have at least one user for the updated_by field + user = UserFactory.create() # Create 40 Organisation objects if _org_number: @@ -100,7 +108,6 @@ def populate_db(**kwargs): for org in orgs: PersonFactory.create( role=choice(roles), - updated_by=user, predecessor=None, organisation__submode=choice(submodes), organisation=org, @@ -113,21 +120,18 @@ def populate_db(**kwargs): # noinspection PyUnboundLocalVariable p1 = PersonFactory.create( role=choice(roles), - updated_by=user, predecessor=None, organisation__submode=choice(submodes), organisation=org, ) p2 = PersonFactory.create( role=choice(roles), - updated_by=user, predecessor=None, organisation__submode=choice(submodes), organisation=org, ) p3 = PersonFactory.create( role=choice(roles), - updated_by=user, predecessor=None, organisation__submode=choice(submodes), organisation=org, @@ -144,7 +148,6 @@ def populate_db(**kwargs): inspectors = [ PersonFactory.create( role=inspector_role, - updated_by=user, job_title="Compliance Inspector", predecessor=None, organisation__submode=None, @@ -188,14 +191,26 @@ def populate_db(**kwargs): ) # We want to simulate 4 CAF Objectives - c_obj_a = CAFObjective.objects.create(name="Objective A: Managing security risk", - description="An important objective to fix the world.", order_id=1) - c_obj_b = CAFObjective.objects.create(name="Objective B: Protecting Against Cyber Attack", - description="An important objective to fix the world.", order_id=2) - c_obj_c = CAFObjective.objects.create(name="Objective C: Detecting Cyber Security Events", - description="An important objective to fix the world.", order_id=3) - c_obj_d = CAFObjective.objects.create(name="Objective D: Minimising the Impact of Cyber Security Incidents", - description="An important objective to fix the world.", order_id=4) + c_obj_a = CAFObjective.objects.create( + name="Objective A: Managing security risk", + description="An important objective to fix the world.", + order_id=1, + ) + c_obj_b = CAFObjective.objects.create( + name="Objective B: Protecting Against Cyber Attack", + description="An important objective to fix the world.", + order_id=2, + ) + c_obj_c = CAFObjective.objects.create( + name="Objective C: Detecting Cyber Security Events", + description="An important objective to fix the world.", + order_id=3, + ) + c_obj_d = CAFObjective.objects.create( + name="Objective D: Minimising the Impact of Cyber Security Incidents", + description="An important objective to fix the world.", + order_id=4, + ) # For each Objective, let's create four Principles p_a1 = CAFPrinciple.objects.create( @@ -203,28 +218,28 @@ def populate_db(**kwargs): designation="A1", title="Governance", description="When you don't have Governance, you have nothing.", - order_id=1 + order_id=1, ) p_a2 = CAFPrinciple.objects.create( caf_objective_id=c_obj_a.id, designation="A2", title="Risk Management", description="Don't take a risk, and don't get nowhere.", - order_id=2 + order_id=2, ) p_a3 = CAFPrinciple.objects.create( caf_objective_id=c_obj_a.id, designation="A3", title="Asset Management", description="Without assets, you have no raw materials to work with.", - order_id=3 + order_id=3, ) p_a4 = CAFPrinciple.objects.create( caf_objective_id=c_obj_a.id, designation="A4", title="Supply Chain", description="You need to get your stuff from somewhere.", - order_id=4 + order_id=4, ) p_b1 = CAFPrinciple.objects.create( @@ -232,28 +247,28 @@ def populate_db(**kwargs): designation="B1", title="Service Protection & Policies", description="Put in place the right protections for a future of security.", - order_id=1 + order_id=1, ) p_b2 = CAFPrinciple.objects.create( caf_objective_id=c_obj_b.id, designation="B2", title="Identity and Access Control", description="Stop the wrong people getting at your critical assets, okay.", - order_id=2 + order_id=2, ) p_b3 = CAFPrinciple.objects.create( caf_objective_id=c_obj_b.id, designation="B3", title="Data Security", description="Data is the new oil...", - order_id=3 + order_id=3, ) p_b4 = CAFPrinciple.objects.create( caf_objective_id=c_obj_b.id, designation="B4", title="System Security", description="If you have complicated systems, they need some sort of security.", - order_id=4 + order_id=4, ) p_b5 = CAFPrinciple.objects.create( @@ -261,7 +276,7 @@ def populate_db(**kwargs): designation="B5", title="Resilience Networks and Systems", description="When all else fails, there is always food to be cooked.", - order_id=5 + order_id=5, ) p_b6 = CAFPrinciple.objects.create( @@ -269,7 +284,7 @@ def populate_db(**kwargs): designation="B6", title="Staff Awareness and Training", description="You must ensure your people are trained and equipped for making a difference.", - order_id=6 + order_id=6, ) # Only two of these @@ -278,14 +293,14 @@ def populate_db(**kwargs): designation="C1", title="Security Monitoring", description="Monitoring the bits and pieces is the most important aspect of your life.", - order_id=1 + order_id=1, ) p_c2 = CAFPrinciple.objects.create( caf_objective_id=c_obj_c.id, designation="C2", title="Proactive Security and Event Discovery", description="If we're not proactive, we will get found out eventually.", - order_id=2 + order_id=2, ) # Only two of these too @@ -294,14 +309,14 @@ def populate_db(**kwargs): designation="D1", title="Response and Recovery Planning", description="Responding to the security problems since 1999...", - order_id=1 + order_id=1, ) p_d2 = CAFPrinciple.objects.create( caf_objective_id=c_obj_d.id, designation="D2", title="Improvements", description="Improving all the things.", - order_id=2 + order_id=2, ) # Based on these principles, it's time to gen some CAFContributingOutcomes @@ -311,294 +326,290 @@ def populate_db(**kwargs): name="Board Direction", description="You have forced your Board to listen to your whinging about cyber.", principle_id=p_a1.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="A1.b", name="Roles and Responsibilities", description="Your elders and betters are impressed and they continue to make money after your project " - "implementation.", + "implementation.", principle_id=p_a1.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="A1.c", name="Decision-making", description="If you are forced to participate in the Crystal Maze, you'll choose the coorect path across " - "the Gordian runway.", + "the Gordian runway.", principle_id=p_a1.id, - order_id=3 + order_id=3, ), CAFContributingOutcome.objects.create( designation="A2.a", name="Risk Management Process", description="You take mighty risks, but they are mitigated by more sensible people around you - good.", principle_id=p_a2.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="A2.b", name="Assurance", description="We all make mistakes, but in doing this well you at least have told people what you're doing.", principle_id=p_a2.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="A3.a", name="Asset Management", description="Taking care of these aspects of corporate life is commensurate with the money-making way.", principle_id=p_a3.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="A4.a", name="Supply Chain", description="Task your customers to take on all the risk, the debt, the hassle - you're good to go.", principle_id=p_a4.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="B1.a", name="Policy and Process Development", description="You are getting your process and policy development spot on.", principle_id=p_b1.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="B1.b", name="Policy and Process Information", description="Differs from the above in a few ways that will be discussed at a later date.", principle_id=p_b1.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="B2.a", name="ID Verification, Authentication and Authorisation", description="It is very important for people to be able to confirm they they truly are. Underneath.", principle_id=p_b2.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="B2.b", name="Device Management", description="Your devices, and their safe and sustainable use, is crucuial to the longevity of your " - "company.", + "company.", principle_id=p_b2.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="B2.c", name="Privileged User Mangement", description="You ensure that even the most privileged members of your senior management are under the " - "impression that they exude inequality, in all instances.", + "impression that they exude inequality, in all instances.", principle_id=p_b2.id, - order_id=3 + order_id=3, ), CAFContributingOutcome.objects.create( designation="B3.a", name="Understanding Data", description="You, more than anyone else in the organisation, know what your data means to you.", principle_id=p_b3.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="B3.b", name="Data in Transit", description="You are protecting your data as it moves along the Information Superhighway.", principle_id=p_b3.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="B3.c", name="Stored Data", description="You have stored your data in accordance with local environment laws.", principle_id=p_b3.id, - order_id=3 + order_id=3, ), CAFContributingOutcome.objects.create( designation="B3.d", name="Mobile Data", description="Mobile data is when data moves because it is stored in a moving thing.", principle_id=p_b3.id, - order_id=4 + order_id=4, ), CAFContributingOutcome.objects.create( designation="B3.e", name="Media/Equipment Sanitisation", description="You routinely wash and clean the legs and bottom brackets of your server racks.", principle_id=p_b3.id, - order_id=5 + order_id=5, ), CAFContributingOutcome.objects.create( designation="B4.a", name="Secure by Design", description="You have designed your systems to be secure and you're sure no one is going to hack " - "into them.", + "into them.", principle_id=p_b4.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="B4.b", name="Secure Configuration", description="When you are able to configure your systems and software well, you can say you have Secure " - "Configuration. Only then, mind.", + "Configuration. Only then, mind.", principle_id=p_b4.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="B4.c", name="Secure Management", description="Somehow this one is different from all the others but I'm not sure how.", principle_id=p_b4.id, - order_id=3 + order_id=3, ), CAFContributingOutcome.objects.create( designation="B4.d", name="Vulnerability Management", description="Doing this well means that you are at the top of your vulnerability scale.", principle_id=p_b4.id, - order_id=4 + order_id=4, ), CAFContributingOutcome.objects.create( designation="B5.a", name="Resilience Preparation", description="Totally ready for the coming of the cyber apocalyse. You practice this stuff regular.", principle_id=p_b5.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="B5.b", name="Design for Resilience", description="This stuff is built into your very working model.", principle_id=p_b5.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="B5.c", name="Backups", description="There is nowhere for you to go as a professional if you don't make backups of your data.", principle_id=p_b5.id, - order_id=3 + order_id=3, ), CAFContributingOutcome.objects.create( designation="B6.a", name="Cyber Security Culture", description="You're making them understand that this isn't going to go away in a hurry.", principle_id=p_b6.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="B6.b", name="Cyber Security Training", description="By the way, when youre staff are able to write C code, your company understands buffer " - "overflows.", + "overflows.", principle_id=p_b6.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="C1.a", name="Monitoring Coverage", description="At all times, you are vigilent to the threats out there, and ready to tackle them.", principle_id=p_c1.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="C1.b", name="Securing Logs", description="You might think the are a waste of time, but the Board thinks logging is important.", principle_id=p_c1.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="C1.c", name="Generating Alerts", description="Boo! There, you coped with it because you're good at this.", principle_id=p_c1.id, - order_id=3 + order_id=3, ), CAFContributingOutcome.objects.create( designation="C1.d", name="Identifying Security Incidents", description="You are wary of all the possible things that could go wrong and you have a plan to deal. Well " - "done.", + "done.", principle_id=p_c1.id, - order_id=4 + order_id=4, ), CAFContributingOutcome.objects.create( designation="C1.e", name="Monitoring Tools and Skills", description="All these things matter in today's switched on cyber-aware environment.", principle_id=p_c1.id, - order_id=5 + order_id=5, ), CAFContributingOutcome.objects.create( designation="C2.a", name="System Abnormalities for Attack Detection", description="Make sure you know how to look for things that mighty wrong on your network.", principle_id=p_c2.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="C2.b", name="Proactive Attack Discovery", description="When you go out looking for the bad stuff, you usefully find it - " - "and you know this in spades.", + "and you know this in spades.", principle_id=p_c2.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="D1.a", name="Response Plan", description="Yeah, we know it's boring but you've got to have one.", principle_id=p_d1.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="D1.b", name="Response and Recovery Capability", description="If you can't get back on your feet after you've been beat, where are you, really?", principle_id=p_d1.id, - order_id=2 + order_id=2, ), CAFContributingOutcome.objects.create( designation="D1.c", name="Testing and Exercising", description="One of the most important things you should not be forgetting is this.", principle_id=p_d1.id, - order_id=3 + order_id=3, ), CAFContributingOutcome.objects.create( designation="D2.a", name="Incident Root Cause and Analysis", description="I guess there are always lessons learned, no matter how we good we are.", principle_id=p_d2.id, - order_id=1 + order_id=1, ), CAFContributingOutcome.objects.create( designation="D2.b", name="Using Incidents to Drive Improvements", description="This is the kind of thing that bores us to tears but it simply has to be done.", principle_id=p_d2.id, - order_id=2 - ) + order_id=2, + ), ] achievement_levels = [ AchievementLevel.objects.create( - descriptor="Not Achieved", - colour_description="Red", - colour_hex="#000001" + descriptor="Not Achieved", colour_description="Red", colour_hex="#000001" ), AchievementLevel.objects.create( descriptor="Partially Achieved", colour_description="Amber", - colour_hex="#000002" + colour_hex="#000002", ), AchievementLevel.objects.create( - descriptor="Achieved", - colour_description="Green", - colour_hex="#000003" - ) + descriptor="Achieved", colour_description="Green", colour_hex="#000003" + ), ] for al in achievement_levels: @@ -610,7 +621,7 @@ def populate_db(**kwargs): IGP.objects.create( achievement_level=al, contributing_outcome=co, - descriptive_text=fake_txt + descriptive_text=fake_txt, ) else: for co in cos: @@ -620,7 +631,7 @@ def populate_db(**kwargs): IGP.objects.create( achievement_level=al, contributing_outcome=co, - descriptive_text=fake_txt + descriptive_text=fake_txt, ) # We want to create a CAF with a bunch of scoring now... @@ -637,6 +648,10 @@ def populate_db(**kwargs): CAFAssessmentOutcomeScore.objects.create( caf_assessment_id=caf_assessment.id, caf_contributing_outcome_id=c.id, - assessment_score=random.choice(["Achieved", "Partially Achieved", "Not Achieved"]), - baseline_assessment_score=random.choice(["Achieved", "Partially Achieved", "Not Achieved"]) + assessment_score=random.choice( + ["Achieved", "Partially Achieved", "Not Achieved"] + ), + baseline_assessment_score=random.choice( + ["Achieved", "Partially Achieved", "Not Achieved"] + ), ) |