aboutsummaryrefslogtreecommitdiffstats
path: root/ctrack/core/utils.py
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--ctrack/core/utils.py225
1 files changed, 120 insertions, 105 deletions
diff --git a/ctrack/core/utils.py b/ctrack/core/utils.py
index 00f8cbd..84b4d8d 100644
--- a/ctrack/core/utils.py
+++ b/ctrack/core/utils.py
@@ -1,25 +1,36 @@
import random
-from random import randint, choice
+from random import choice, randint
from faker import Faker
-from ctrack.assessments.models import CAFAssessment, CAFObjective, CAFPrinciple, CAFContributingOutcome, \
- CAFAssessmentOutcomeScore, AchievementLevel, IGP
+from ctrack.assessments.models import (
+ IGP,
+ AchievementLevel,
+ CAFAssessment,
+ CAFAssessmentOutcomeScore,
+ CAFContributingOutcome,
+ CAFObjective,
+ CAFPrinciple,
+)
from ctrack.caf.models import CAF
from ctrack.caf.tests.factories import (
+ ApplicableSystemFactory,
+ CAFFactory,
+ FileStoreFactory,
GradingFactory,
- FileStoreFactory, CAFFactory, ApplicableSystemFactory,
)
-from ctrack.organisations.models import AddressType, Person
-from ctrack.organisations.models import Mode
-from ctrack.organisations.models import Submode
-from ctrack.organisations.tests.factories import AddressFactory
-from ctrack.organisations.tests.factories import OrganisationFactory
-from ctrack.organisations.tests.factories import PersonFactory
-from ctrack.organisations.tests.factories import RoleFactory
-from ctrack.organisations.tests.factories import UserFactory
-from ctrack.register.tests.factories import EngagementEventFactory
-from ctrack.register.tests.factories import EngagementTypeFactory
+from ctrack.organisations.models import AddressType, Mode, Person, Submode
+from ctrack.organisations.tests.factories import (
+ AddressFactory,
+ OrganisationFactory,
+ PersonFactory,
+ RoleFactory,
+ UserFactory,
+)
+from ctrack.register.tests.factories import (
+ EngagementEventFactory,
+ EngagementTypeFactory,
+)
fnames = [
"Clock Pylon Systems",
@@ -72,10 +83,7 @@ def populate_db(**kwargs):
submodes = [sb1, sb2, sb3, sb4, sb5, sb6, sb7]
- # we need a User object to completed the updated_by fields in Organisation and Person
- user = (
- UserFactory.create()
- ) # we need to have at least one user for the updated_by field
+ user = UserFactory.create()
# Create 40 Organisation objects
if _org_number:
@@ -100,7 +108,6 @@ def populate_db(**kwargs):
for org in orgs:
PersonFactory.create(
role=choice(roles),
- updated_by=user,
predecessor=None,
organisation__submode=choice(submodes),
organisation=org,
@@ -113,21 +120,18 @@ def populate_db(**kwargs):
# noinspection PyUnboundLocalVariable
p1 = PersonFactory.create(
role=choice(roles),
- updated_by=user,
predecessor=None,
organisation__submode=choice(submodes),
organisation=org,
)
p2 = PersonFactory.create(
role=choice(roles),
- updated_by=user,
predecessor=None,
organisation__submode=choice(submodes),
organisation=org,
)
p3 = PersonFactory.create(
role=choice(roles),
- updated_by=user,
predecessor=None,
organisation__submode=choice(submodes),
organisation=org,
@@ -144,7 +148,6 @@ def populate_db(**kwargs):
inspectors = [
PersonFactory.create(
role=inspector_role,
- updated_by=user,
job_title="Compliance Inspector",
predecessor=None,
organisation__submode=None,
@@ -188,14 +191,26 @@ def populate_db(**kwargs):
)
# We want to simulate 4 CAF Objectives
- c_obj_a = CAFObjective.objects.create(name="Objective A: Managing security risk",
- description="An important objective to fix the world.", order_id=1)
- c_obj_b = CAFObjective.objects.create(name="Objective B: Protecting Against Cyber Attack",
- description="An important objective to fix the world.", order_id=2)
- c_obj_c = CAFObjective.objects.create(name="Objective C: Detecting Cyber Security Events",
- description="An important objective to fix the world.", order_id=3)
- c_obj_d = CAFObjective.objects.create(name="Objective D: Minimising the Impact of Cyber Security Incidents",
- description="An important objective to fix the world.", order_id=4)
+ c_obj_a = CAFObjective.objects.create(
+ name="Objective A: Managing security risk",
+ description="An important objective to fix the world.",
+ order_id=1,
+ )
+ c_obj_b = CAFObjective.objects.create(
+ name="Objective B: Protecting Against Cyber Attack",
+ description="An important objective to fix the world.",
+ order_id=2,
+ )
+ c_obj_c = CAFObjective.objects.create(
+ name="Objective C: Detecting Cyber Security Events",
+ description="An important objective to fix the world.",
+ order_id=3,
+ )
+ c_obj_d = CAFObjective.objects.create(
+ name="Objective D: Minimising the Impact of Cyber Security Incidents",
+ description="An important objective to fix the world.",
+ order_id=4,
+ )
# For each Objective, let's create four Principles
p_a1 = CAFPrinciple.objects.create(
@@ -203,28 +218,28 @@ def populate_db(**kwargs):
designation="A1",
title="Governance",
description="When you don't have Governance, you have nothing.",
- order_id=1
+ order_id=1,
)
p_a2 = CAFPrinciple.objects.create(
caf_objective_id=c_obj_a.id,
designation="A2",
title="Risk Management",
description="Don't take a risk, and don't get nowhere.",
- order_id=2
+ order_id=2,
)
p_a3 = CAFPrinciple.objects.create(
caf_objective_id=c_obj_a.id,
designation="A3",
title="Asset Management",
description="Without assets, you have no raw materials to work with.",
- order_id=3
+ order_id=3,
)
p_a4 = CAFPrinciple.objects.create(
caf_objective_id=c_obj_a.id,
designation="A4",
title="Supply Chain",
description="You need to get your stuff from somewhere.",
- order_id=4
+ order_id=4,
)
p_b1 = CAFPrinciple.objects.create(
@@ -232,28 +247,28 @@ def populate_db(**kwargs):
designation="B1",
title="Service Protection & Policies",
description="Put in place the right protections for a future of security.",
- order_id=1
+ order_id=1,
)
p_b2 = CAFPrinciple.objects.create(
caf_objective_id=c_obj_b.id,
designation="B2",
title="Identity and Access Control",
description="Stop the wrong people getting at your critical assets, okay.",
- order_id=2
+ order_id=2,
)
p_b3 = CAFPrinciple.objects.create(
caf_objective_id=c_obj_b.id,
designation="B3",
title="Data Security",
description="Data is the new oil...",
- order_id=3
+ order_id=3,
)
p_b4 = CAFPrinciple.objects.create(
caf_objective_id=c_obj_b.id,
designation="B4",
title="System Security",
description="If you have complicated systems, they need some sort of security.",
- order_id=4
+ order_id=4,
)
p_b5 = CAFPrinciple.objects.create(
@@ -261,7 +276,7 @@ def populate_db(**kwargs):
designation="B5",
title="Resilience Networks and Systems",
description="When all else fails, there is always food to be cooked.",
- order_id=5
+ order_id=5,
)
p_b6 = CAFPrinciple.objects.create(
@@ -269,7 +284,7 @@ def populate_db(**kwargs):
designation="B6",
title="Staff Awareness and Training",
description="You must ensure your people are trained and equipped for making a difference.",
- order_id=6
+ order_id=6,
)
# Only two of these
@@ -278,14 +293,14 @@ def populate_db(**kwargs):
designation="C1",
title="Security Monitoring",
description="Monitoring the bits and pieces is the most important aspect of your life.",
- order_id=1
+ order_id=1,
)
p_c2 = CAFPrinciple.objects.create(
caf_objective_id=c_obj_c.id,
designation="C2",
title="Proactive Security and Event Discovery",
description="If we're not proactive, we will get found out eventually.",
- order_id=2
+ order_id=2,
)
# Only two of these too
@@ -294,14 +309,14 @@ def populate_db(**kwargs):
designation="D1",
title="Response and Recovery Planning",
description="Responding to the security problems since 1999...",
- order_id=1
+ order_id=1,
)
p_d2 = CAFPrinciple.objects.create(
caf_objective_id=c_obj_d.id,
designation="D2",
title="Improvements",
description="Improving all the things.",
- order_id=2
+ order_id=2,
)
# Based on these principles, it's time to gen some CAFContributingOutcomes
@@ -311,294 +326,290 @@ def populate_db(**kwargs):
name="Board Direction",
description="You have forced your Board to listen to your whinging about cyber.",
principle_id=p_a1.id,
- order_id=1
+ order_id=1,
),
CAFContributingOutcome.objects.create(
designation="A1.b",
name="Roles and Responsibilities",
description="Your elders and betters are impressed and they continue to make money after your project "
- "implementation.",
+ "implementation.",
principle_id=p_a1.id,
- order_id=2
+ order_id=2,
),
CAFContributingOutcome.objects.create(
designation="A1.c",
name="Decision-making",
description="If you are forced to participate in the Crystal Maze, you'll choose the coorect path across "
- "the Gordian runway.",
+ "the Gordian runway.",
principle_id=p_a1.id,
- order_id=3
+ order_id=3,
),
CAFContributingOutcome.objects.create(
designation="A2.a",
name="Risk Management Process",
description="You take mighty risks, but they are mitigated by more sensible people around you - good.",
principle_id=p_a2.id,
- order_id=1
+ order_id=1,
),
CAFContributingOutcome.objects.create(
designation="A2.b",
name="Assurance",
description="We all make mistakes, but in doing this well you at least have told people what you're doing.",
principle_id=p_a2.id,
- order_id=2
+ order_id=2,
),
CAFContributingOutcome.objects.create(
designation="A3.a",
name="Asset Management",
description="Taking care of these aspects of corporate life is commensurate with the money-making way.",
principle_id=p_a3.id,
- order_id=1
+ order_id=1,
),
CAFContributingOutcome.objects.create(
designation="A4.a",
name="Supply Chain",
description="Task your customers to take on all the risk, the debt, the hassle - you're good to go.",
principle_id=p_a4.id,
- order_id=1
+ order_id=1,
),
CAFContributingOutcome.objects.create(
designation="B1.a",
name="Policy and Process Development",
description="You are getting your process and policy development spot on.",
principle_id=p_b1.id,
- order_id=1
+ order_id=1,
),
CAFContributingOutcome.objects.create(
designation="B1.b",
name="Policy and Process Information",
description="Differs from the above in a few ways that will be discussed at a later date.",
principle_id=p_b1.id,
- order_id=2
+ order_id=2,
),
CAFContributingOutcome.objects.create(
designation="B2.a",
name="ID Verification, Authentication and Authorisation",
description="It is very important for people to be able to confirm they they truly are. Underneath.",
principle_id=p_b2.id,
- order_id=1
+ order_id=1,
),
CAFContributingOutcome.objects.create(
designation="B2.b",
name="Device Management",
description="Your devices, and their safe and sustainable use, is crucuial to the longevity of your "
- "company.",
+ "company.",
principle_id=p_b2.id,
- order_id=2
+ order_id=2,
),
CAFContributingOutcome.objects.create(
designation="B2.c",
name="Privileged User Mangement",
description="You ensure that even the most privileged members of your senior management are under the "
- "impression that they exude inequality, in all instances.",
+ "impression that they exude inequality, in all instances.",
principle_id=p_b2.id,
- order_id=3
+ order_id=3,
),
CAFContributingOutcome.objects.create(
designation="B3.a",
name="Understanding Data",
description="You, more than anyone else in the organisation, know what your data means to you.",
principle_id=p_b3.id,
- order_id=1
+ order_id=1,
),
CAFContributingOutcome.objects.create(
designation="B3.b",
name="Data in Transit",
description="You are protecting your data as it moves along the Information Superhighway.",
principle_id=p_b3.id,
- order_id=2
+ order_id=2,
),
CAFContributingOutcome.objects.create(
designation="B3.c",
name="Stored Data",
description="You have stored your data in accordance with local environment laws.",
principle_id=p_b3.id,
- order_id=3
+ order_id=3,
),
CAFContributingOutcome.objects.create(
designation="B3.d",
name="Mobile Data",
description="Mobile data is when data moves because it is stored in a moving thing.",
principle_id=p_b3.id,
- order_id=4
+ order_id=4,
),
CAFContributingOutcome.objects.create(
designation="B3.e",
name="Media/Equipment Sanitisation",
description="You routinely wash and clean the legs and bottom brackets of your server racks.",
principle_id=p_b3.id,
- order_id=5
+ order_id=5,
),
CAFContributingOutcome.objects.create(
designation="B4.a",
name="Secure by Design",
description="You have designed your systems to be secure and you're sure no one is going to hack "
- "into them.",
+ "into them.",
principle_id=p_b4.id,
- order_id=1
+ order_id=1,
),
CAFContributingOutcome.objects.create(
designation="B4.b",
name="Secure Configuration",
description="When you are able to configure your systems and software well, you can say you have Secure "
- "Configuration. Only then, mind.",
+ "Configuration. Only then, mind.",
principle_id=p_b4.id,
- order_id=2
+ order_id=2,
),
CAFContributingOutcome.objects.create(
designation="B4.c",
name="Secure Management",
description="Somehow this one is different from all the others but I'm not sure how.",
principle_id=p_b4.id,
- order_id=3
+ order_id=3,
),
CAFContributingOutcome.objects.create(
designation="B4.d",
name="Vulnerability Management",
description="Doing this well means that you are at the top of your vulnerability scale.",
principle_id=p_b4.id,
- order_id=4
+ order_id=4,
),
CAFContributingOutcome.objects.create(
designation="B5.a",
name="Resilience Preparation",
description="Totally ready for the coming of the cyber apocalyse. You practice this stuff regular.",
principle_id=p_b5.id,
- order_id=1
+ order_id=1,
),
CAFContributingOutcome.objects.create(
designation="B5.b",
name="Design for Resilience",
description="This stuff is built into your very working model.",
principle_id=p_b5.id,
- order_id=2
+ order_id=2,
),
CAFContributingOutcome.objects.create(
designation="B5.c",
name="Backups",
description="There is nowhere for you to go as a professional if you don't make backups of your data.",
principle_id=p_b5.id,
- order_id=3
+ order_id=3,
),
CAFContributingOutcome.objects.create(
designation="B6.a",
name="Cyber Security Culture",
description="You're making them understand that this isn't going to go away in a hurry.",
principle_id=p_b6.id,
- order_id=1
+ order_id=1,
),
CAFContributingOutcome.objects.create(
designation="B6.b",
name="Cyber Security Training",
description="By the way, when youre staff are able to write C code, your company understands buffer "
- "overflows.",
+ "overflows.",
principle_id=p_b6.id,
- order_id=2
+ order_id=2,
),
CAFContributingOutcome.objects.create(
designation="C1.a",
name="Monitoring Coverage",
description="At all times, you are vigilent to the threats out there, and ready to tackle them.",
principle_id=p_c1.id,
- order_id=1
+ order_id=1,
),
CAFContributingOutcome.objects.create(
designation="C1.b",
name="Securing Logs",
description="You might think the are a waste of time, but the Board thinks logging is important.",
principle_id=p_c1.id,
- order_id=2
+ order_id=2,
),
CAFContributingOutcome.objects.create(
designation="C1.c",
name="Generating Alerts",
description="Boo! There, you coped with it because you're good at this.",
principle_id=p_c1.id,
- order_id=3
+ order_id=3,
),
CAFContributingOutcome.objects.create(
designation="C1.d",
name="Identifying Security Incidents",
description="You are wary of all the possible things that could go wrong and you have a plan to deal. Well "
- "done.",
+ "done.",
principle_id=p_c1.id,
- order_id=4
+ order_id=4,
),
CAFContributingOutcome.objects.create(
designation="C1.e",
name="Monitoring Tools and Skills",
description="All these things matter in today's switched on cyber-aware environment.",
principle_id=p_c1.id,
- order_id=5
+ order_id=5,
),
CAFContributingOutcome.objects.create(
designation="C2.a",
name="System Abnormalities for Attack Detection",
description="Make sure you know how to look for things that mighty wrong on your network.",
principle_id=p_c2.id,
- order_id=1
+ order_id=1,
),
CAFContributingOutcome.objects.create(
designation="C2.b",
name="Proactive Attack Discovery",
description="When you go out looking for the bad stuff, you usefully find it - "
- "and you know this in spades.",
+ "and you know this in spades.",
principle_id=p_c2.id,
- order_id=2
+ order_id=2,
),
CAFContributingOutcome.objects.create(
designation="D1.a",
name="Response Plan",
description="Yeah, we know it's boring but you've got to have one.",
principle_id=p_d1.id,
- order_id=1
+ order_id=1,
),
CAFContributingOutcome.objects.create(
designation="D1.b",
name="Response and Recovery Capability",
description="If you can't get back on your feet after you've been beat, where are you, really?",
principle_id=p_d1.id,
- order_id=2
+ order_id=2,
),
CAFContributingOutcome.objects.create(
designation="D1.c",
name="Testing and Exercising",
description="One of the most important things you should not be forgetting is this.",
principle_id=p_d1.id,
- order_id=3
+ order_id=3,
),
CAFContributingOutcome.objects.create(
designation="D2.a",
name="Incident Root Cause and Analysis",
description="I guess there are always lessons learned, no matter how we good we are.",
principle_id=p_d2.id,
- order_id=1
+ order_id=1,
),
CAFContributingOutcome.objects.create(
designation="D2.b",
name="Using Incidents to Drive Improvements",
description="This is the kind of thing that bores us to tears but it simply has to be done.",
principle_id=p_d2.id,
- order_id=2
- )
+ order_id=2,
+ ),
]
achievement_levels = [
AchievementLevel.objects.create(
- descriptor="Not Achieved",
- colour_description="Red",
- colour_hex="#000001"
+ descriptor="Not Achieved", colour_description="Red", colour_hex="#000001"
),
AchievementLevel.objects.create(
descriptor="Partially Achieved",
colour_description="Amber",
- colour_hex="#000002"
+ colour_hex="#000002",
),
AchievementLevel.objects.create(
- descriptor="Achieved",
- colour_description="Green",
- colour_hex="#000003"
- )
+ descriptor="Achieved", colour_description="Green", colour_hex="#000003"
+ ),
]
for al in achievement_levels:
@@ -610,7 +621,7 @@ def populate_db(**kwargs):
IGP.objects.create(
achievement_level=al,
contributing_outcome=co,
- descriptive_text=fake_txt
+ descriptive_text=fake_txt,
)
else:
for co in cos:
@@ -620,7 +631,7 @@ def populate_db(**kwargs):
IGP.objects.create(
achievement_level=al,
contributing_outcome=co,
- descriptive_text=fake_txt
+ descriptive_text=fake_txt,
)
# We want to create a CAF with a bunch of scoring now...
@@ -637,6 +648,10 @@ def populate_db(**kwargs):
CAFAssessmentOutcomeScore.objects.create(
caf_assessment_id=caf_assessment.id,
caf_contributing_outcome_id=c.id,
- assessment_score=random.choice(["Achieved", "Partially Achieved", "Not Achieved"]),
- baseline_assessment_score=random.choice(["Achieved", "Partially Achieved", "Not Achieved"])
+ assessment_score=random.choice(
+ ["Achieved", "Partially Achieved", "Not Achieved"]
+ ),
+ baseline_assessment_score=random.choice(
+ ["Achieved", "Partially Achieved", "Not Achieved"]
+ ),
)