Claim Assurance Case #2 Database Stuff

Deeds101 / CYBR8420-project

3 stars 5 forks source link

Claim Assurance Case #2 Database Stuff #23

Closed DoomDragoon closed 9 months ago

DoomDragoon commented 9 months ago

First draft, just wanted to get it out there so people can see some progress. Assurance Claim Diagram

Atmcalpine commented 9 months ago

So far so good. I'm glad you called out input validation because I was having a blank moment earlier when I tried to reference that control for my diagram as well. The only item I would add is attend a context number (CT#) to the item on your diagram.

Cojajomaco commented 9 months ago

@DoomDragoon I would suggest revising your Top Level Claim. "The database is secure", to me, assumes full, impenetrable security which is not possible in a risk/cost analysis. I would revise the wording to be similar to "The database has sufficient protections", "is sufficiently secure", or something of that sort.

DoomDragoon commented 9 months ago

Little bit of progress but still working things out Draft1Assurance Claim Diagram

kdherrm88 commented 9 months ago

I like where you're going with this. Will you put a rebuttal under sub-claim2 or evidence? Seems like you could really go either way if you have a rebuttal to add there.

DoomDragoon commented 9 months ago

Working on encryption next Draft1Assurance Claim Diagram

DoomDragoon commented 9 months ago

I think this is pretty close to my final. Draft1Assurance Claim Diagram

DoomDragoon commented 9 months ago

Fixed notation errors Draft1Assurance Claim Diagram

DoomDragoon commented 9 months ago

I think this is my final Draft1Assurance Claim Diagram