Add reference(s) object that can be linked to objects in the knowledge base. (Feature Request)

[seamustuohy]

Add a reference object that holds a URL and a description which can be linked to any data object. I have a personal preference for a priority on adding support in the user interface for the Risk objects.

The need for external references

Monarc has a minimalist data structure that does not allow a user to store guidance within the core objects. This design choice has many benefits, but I believe that it also has side effects:

• A user has to keep their organizations information about threats, vulnerabilities, risks, recommendations, etc in an external location.
• Users who are new to Monarc or to a specific risk analysis have to put additional work into understanding the original intent of an objects creator.
• Collaborators or reviewers of a risk assessment have to reach out to others on their team to identify if additional information on a risk, treatment plan, etc. exists outside the system. The lack of an change audit log built into the system means that this has to be done without any indication of which team member added the object.

Monarc should add a reference object that supports the fact that it will be used alongside external knowledge bases and systems. Many of the default objects used in Monarc are derived from external sources that contain additional information about them. An organization often has to document the specific risks they are addressing and will have sources that a risk was derived from. Different compliance standards also require different types of documentation that Monarc should not be expected to integrate. Finally, the recommendations and treatment plans that are put in place will be tracked in an organizations project trackers.

Providing a "reference" object that allows a user to reference external resources will address current usability and collaboration challenges and allow users to more easily use it alongside their existing knowledge bases and tools.

Thoughts on implementation

Provided only to make review easier and without any expectation of being followed in feature implementation.

After examining the interface and backend a bit I have some thoughts on how to accomplish this without having to do a massive overhaul. Doing it this way would allow you to implement the backend without disrupting any existing functionality and implement the fronted support iteratively.

Backend

• Allow an arbitrary number of references for any object.
• References should consist of a title, url, description, and object reference
• Store those objects in a separate table that is queried with the referenced object ID

Frontend

• For viewing references on objects that already have a modal viewer
  • insert the references as a list at the end of the viewer
• For viewing references on objects that do not have a modal viewer (i.e. each recommendation in the Implementation of the risk treatment plan interface)
  • Add a tooltip icon next to objects for references
  • When the tooltip is clicked open a modal that contains a list of references
• For adding references
  • On the object creation modal add a object addition/creation element similar to the Creation / Assignment button for one or more recommendations.

[cedricbonhomme]

Thank you very much for this detailed feature request!

If I understand well you propose a new kind of object (called Reference with the attributes title, url, description, and object reference), in order to give more information/context to other MONARC objects (like Asset types, Threats, Vulnerabilities, etc.). Like some notes.

For the backend this won't be difficult. And implementing the frontend iteratively is indeed wise.

This is a good idea.