search

dbarzin / deming

Management tool for the information security management system / Outil de gestion du système de management de la sécurité de l'information
GNU General Public License v3.0
238 stars 58 forks source link

L'import de référentiels ne fonctionne plus #89

Closed charlesgoyard closed 5 months ago

charlesgoyard commented 5 months ago

Bonjour, l'import de fichier ne fonctionne plus : en important, on se retrouve avec seulement le dernier contrôle de chaque domaine.

Au moment de l'import, en partant d'une base vide, on voit bien :

Par exemple pour ISO27K1, après import j'ai ces contrôles en tout et pour tout :

Domain Clause Name Description Attributes Input Model Indicator Action Plan
27001:2022 ISMS 9.3 Management review Ensure that the ISMS is always appropriate, suitable and effective.   - Documentation of the management review Control the documentation of the management review, its content and the conclusions of the review. Green: compliant Red: non-compliant
27001:2022-5 Organizational controls 5.37 Documented operating procedures Ensure the correct and secure operation of information processing resources. #Preventive #Corrective ... - operating procedure - availability of procedures to users Control the existence and updating of operating procedures and the provision of procedures to the users concerned Green: compliant Orange: anomalies Red: non-compliant
27001:2022-6 Personal controls 6.08 Reporting of Information Security Events Enable the reporting of information security events that can be identified by personnel, in a timely, consistent and efficient manner. #Detective #Privacy #Integrity ... - Incident management procedure - Example of an incident reported by the hierarchical channels Check the existence of the procedure, its application and its update Green: compliant Orange: anomaly Red: non-compliant
27001:2022-7 Physical controls 7.14 Safe disposal or recycling of equipment Avoid leaking information from material to be disposed of or reused. #Preventive #Privacy #Protect ... - inventory of equipment containing sensitive data - evidence of data erasure Check that the inventory is up to date. Check the presence of evidence of data erasure Green: compliant Orange: anomalies Red: non-compliant
27001:2022-8 Technical controls 8.34 Protection of information systems during audit and testing Minimize the impact of audit and other assurance activities on operational systems and business processes. #Preventive #Confidentiality #Integrity ... - audit requirements and activities involving checks on operating systems - forecasting and validation of activities - disruptions caused by these checks Control the requirements, forecasting and validation of activities and the existence of disruptions caused by these checks Green: compliant Orange: anomaly Red: non-compliant

Je pense que c'est lié au décalage des colonnes suite à l'ajout de la description du domaine dans les fichiers xlsx. J'ai regardé vite fait le code, et je me suis dit qu'utiliser des noms symboliques au lieu des numéros de colonne pourrait faciliter la maintenance du format de fichier, par exemple :

- $measure = Measure::where('clause', $data[$line][2])->get()->first();
+ $measure = Measure::where('clause', $data[$line][COL_CLAUSE])->get()->first();
charlesgoyard commented 5 months ago

J'ai honte, c'était mes containers Docker qui ne s'étaient pas mis à jour... Ça fonctionne parfaitement bien.