NZTA\SDLT\Helper\SecurityRiskAssessmentCalculator
This helper class will generate all data required to present the Security Risk Assessment Matrix.
Each table has:
- Risks
- hasMany Aspects
- hasMany SelectedComponents
- hasMany ImplementedControls
- hasMany RecommendedControls
- Weights
- each Control has a Weight associated with this risk. It is keyed in
the following way: [RiskID] => [Impact, Likelihood, ImpactPenalty, LikelihoodPenalty]
- Scores
- BaseScore
- Sum of Impact
- Sum of Likelihood
- Sum of ImpactPenalty
- Sum of LikelihoodPenalty
- (more TBC)
Synopsis
class SecurityRiskAssessmentCalculator
{
- // members
- private [QuestionnaireSubmission] $questionnaireSubmission;
- private boolean $sraHasAspects = false;
- // methods
- public void __construct()
- public QuestionnaireSubmission getQuestionnaireSubmission()
- public SecurityRiskAssessmentCalculator setQuestionnaireSubmission()
- public array getProductAspectList()
- public null|HasManyList getSiblingTasks()
- public TaskSubmission|null getRiskQuestionnaireSubmission()
- public array|null getRiskQuestionnaireResultData()
- public TaskSubmission getCVATaskSubmission()
- public TaskSubmission getSRATaskSubmission()
- public void getCVATaskResult()
- public array getSelectedControlIDsFromCVATask()
- public array getSelectedComponentIDsFromCVATask()
- public int calculateCurrentLikelihoodScore()
- public int calculateCurrentImpactScore()
- public DataObject lookupImpactThresholdFromScore()
- public DataObject lookupLikelihoodThresholdFromScore()
- public DataObject|null lookupCurrentRiskRatingThreshold()
- public int/float normaliseControlLikelihoodWeight()
- public int normaliseControlImpactWeight()
- public int getControlsSum()
- public int getComponetsSum()
- public array sumForRiskComponents()
- public array getSRATaskdetails()
- public array getRisksAndComponentsAndControlsforSra()
- public array updateComponentDetails()
- public array updateControlsDetailAndAddWeightSet()
- public array getRiskComponentDetails()
- public array normaliseControlsWeight()
Hierarchy
Uses
- SilverStripe\Core\Injector\Injectable
Members
private
- $questionnaireSubmission
—
NZTA\SDLT\Helper\[QuestionnaireSubmission]
QuestionnaireSubmission for example:- `SecurityRiskAssessmentCalculator::create($qs)` - $sraHasAspects
—
boolean
When the table data is built, this variable indicates at a high level whether aspects are used for the components
Methods
public
- __construct()
- calculateCurrentImpactScore() — Calculate the current impact score for this aspect (or risk, if no aspects) We start with the base impact score, then deduct the implemented weights. THEN we add the penalties. The result will be the greater of 1 and that number.
- calculateCurrentLikelihoodScore() — Calculate the current likelihood score for this aspect (or risk, if no aspects) We start with 100, then deduct the implemented weights. THEN we add the penalties. The result will be the greater of 1 and that number.
- getCVATaskResult() — Get the selected components and controls from this SRA questionnaire This is what was actually submitted by the user
- getCVATaskSubmission() — Get the control validation audit tasks for this SRA questionnaire
- getComponetsSum() — Sum of the components for the individual weight type (likelihood/impact/likelihoodPenalty/impactPenalty) on the risk
- getControlsSum() — Sum of implemented or recommened controls for the individual weight type (likelihood/impact/likelihoodPenalty/impactPenalty) on the component level
- getProductAspectList() — Get product list from the questionnaire submission
- getQuestionnaireSubmission() — Getter method for QuestionnaireSubmission
- getRiskComponentDetails() — normalise controls weight of the components for the risk and calculate currentLikelihood, currentImpact and currentRiskRating details for the risk
- getRiskQuestionnaireResultData() — Get the submitted risk questionnaire task and get the calculated risk Data
- getRiskQuestionnaireSubmission() — Get the associated risk questionnaire task from this submission
- getRisksAndComponentsAndControlsforSra() — calculate the SRATaskdetails from the RiskQuestionnaireResultData and CVATaskResult
- getSRATaskSubmission() — Get the control validation audit tasks for this SRA questionnaire
- getSRATaskdetails() — calculate the SRATaskdetails from the RiskQuestionnaireResultData and CVATaskResult
- getSelectedComponentIDsFromCVATask() — Get the IDs of the selected component from the CVA tasks This is used to construct a lookup table of weights with an associated risk
- getSelectedControlIDsFromCVATask() — Get the IDs of the selected controls from the CVA tasks This is used to construct a lookup table of weights with an associated risk
- getSiblingTasks() — Get all sibling tasks associated with the questionnaire submission
- lookupCurrentRiskRatingThreshold() — get details for Current Risk Rating example: $currentRiskRating = $this->lookupCurrentRiskRatingThreshold('Rare', 'Insignificant');
- lookupImpactThresholdFromScore()
- lookupLikelihoodThresholdFromScore()
- normaliseControlImpactWeight() — Normalise the CMS Impact Weight for this control against all of the component's implemented and recommended controls. The sum of these normalised weights should add up to the base impact score.
- normaliseControlLikelihoodWeight() — Normalise the CMS Likelihood Weight for this control against all of the components implemented and recommended controls. The sum of these normalised weights should add up to 100.
- normaliseControlsWeight() — traverse and update all the components and controls of the risk and normalise the CMS likelihood and impact value of the control and sum up all the normalise likelihood and impact value of the implementedControls of the component for the risk
- setQuestionnaireSubmission() — Setter method for QuestionnaireSubmission
- sumForRiskComponents() — sum of the components weights for the risk 1. sumOfLikelihood = sumOfImplementedAndRecommendedControlsLikelihood for all the components of the risk 2. sumOfImpact = sumOfImplementedAndRecommendedControlsImpact for all the components of the risk 3. sumOfImplementedAndRecommendedControlsLikelihood = sumOfRecommendedControlsLikelihoodPenalty for all the components of the risk 4. sumOfImplementedAndRecommendedControlsLikelihood = sumOfRecommendedControlsImpactPenalty for all the components of the risk
- updateComponentDetails() — update clone component details for the risk
- updateControlsDetailAndAddWeightSet() — update control details and add weight set with control (control from cva task) itself to simplify the calculation