Project Link: Mitigation's Repository
Software Engineering Project at Rowan University with Professor Jack Myers, Spring 2020.
- Project Decription
- Link to our Code
- Sprint Plans and Updates
- Written Documents
- Ackowledgements
- Team Members
Once identified, a cybersecurity risk requires an appropriate response. The implementation of a countermeasure or security control to reduce the risk to an acceptable level is known as risk mitigation, one of the four responses to risk. Security controls fall into five types: directive, preventative, detective, corrective, and recovery. Additionally, controls organize into three categories: administrative, physical, or technical. Implementation of specific controls may result in the reduction of multiple risks. Mitigation may also require the repeated application or slight modification to particular machines in a system.
A software tool could offer a means to organize mitigation options and procedures while also tracking derivations. First, there needs to be a taxonomy for security controls aligned to existing frameworks for classifying threats (e.g., NSA’s Threat Framework). The software tool should allow for the input of security controls with data such as procedures, applicable system or software, and vulnerabilities addressed. The software tool should then allow for the querying of the database for known mitigation options and creating derivations (a.k.a forks). The software tool is akin to a GitHub for mitigations.
Here is a link to the code in this repository. It might be easier for people to find it through the README - Code
After each sprint, this document will be updated with the sprints corresponding documentation file, as well as its burnup chart. These documents can also be found in either the Documentation or Burnup Spreadsheets directory. Also, an export of our Trello board with PBI's for the burnup can be found here - Trello Export
Note: These plans are very much subject to change since this project is done in agile, and not completely planned from the start. These plans were also decided on in the PID before the project started.
- We meet with Mr. Resch and Mr. Munilla to discuss future sprints and prepare the Spring 1 product backlog
- Creating the basic framework for the website that will host the database
- Create the ER diagram or the database
- Create the database and have procedures for searching, adding, and potentally forking done
- Connected the database to the web-interface
- Have searching completed on the web-interface
- Finish procedures that have to deal with editing and deleting, along with anything that our sponsors wanted
- Going over the website to change anything that our sponsor want and that needs to be refined
- Show that adding and forking work on the web-interface
- Finishing most if not all web-interface and database code
- Show any new feature that sponsor have asked
- Show any touch up to pre existing features
- Show finished product, going over everything and getting feedback on the finished product
- Talk about implementation of the product
All documents are linked below, or can be found in the Written Documents directory.
- Product Initiation Document - Michael Burke
- Requirements Document - Alyssa Indriso
- Design Document - David Glennan
- Validation Document - Anthony Tesoriero
- Test Scripts and Validation Procedure - Theresa Morris
- Implementation Document - Kristen Stansfield
We would like to thank Professor Jack Myers for being a great guide and helping us with any issues throughout the semester.
We would also like to thank Andrew Resch and Jonathan Munilla for sponsoring this project. We appreciate you guys giving us your time every week, and giving us feedback on everything we were doing throughout the project. We hope you enjoy the final result!
Anthony Tesoriero - Product Owner - Personal Site/Resume
Alyssa Indriso - Scrum Master - Email
Michael Burke - Dev Team - Email
Kristen Stansfield - Dev Team - Email
Theresa Morris - Dev Team - Email
David Glennan - Dev Team - Email
Note: Here's a link to our first ever 15-minute scrum - Team River Otters
Created with ❤️ by Team River Otters