Story User Management - COS301-SE-2025/CRISP GitHub Wiki

CRISP User Management System User Stories

Epic: Role-Based User Management for Threat Intelligence Platform

As cybersecurity professionals with different roles and responsibilities
I want a user management system that provides appropriate access and functionality based on my organizational role
So that I can effectively contribute to threat intelligence operations while maintaining security and operational boundaries.


BlueVisionAdmin User Stories

User Story 1: Cross-Organizational Platform Administration

As a BlueVisionAdmin
I want to manage the entire CRISP platform across all organizations
So that I can ensure platform stability, security, and proper operation for all participating institutions.

  • I can view and manage users from all organizations in the platform
  • I can create, modify, and deactivate organizations
  • I can assign and modify user roles across any organization
  • I can access comprehensive platform-wide audit logs and security events
  • I can unlock accounts and reset passwords for any user
  • I can configure global security policies and settings
  • I can monitor platform performance and usage statistics
  • I can force logout sessions for any user across the platform
  • All my administrative actions are logged with detailed audit trails

User Story 2: System Security and Compliance Management

As a BlueVisionAdmin
I want to monitor and manage security events across the entire platform
So that I can maintain the highest security standards and ensure compliance with regulations.

  • I can view real-time security alerts from all organizations
  • I can investigate suspicious activities and user behaviors
  • I can implement emergency security measures (mass logouts, account locks)
  • I can generate compliance reports for regulatory requirements
  • I can configure platform-wide security thresholds and policies
  • I can access detailed forensic data for security incidents
  • I can manage trusted device policies across organizations
  • I can coordinate security responses with organization administrators

User Story 3: Platform Configuration and Maintenance

As a BlueVisionAdmin
I want to configure and maintain the CRISP platform infrastructure
So that all organizations have optimal performance and functionality.

  • I can configure system-wide settings and parameters
  • I can manage platform integrations and external services
  • I can perform database maintenance and optimization tasks
  • I can deploy updates and patches across the platform
  • I can backup and restore platform data
  • I can manage API keys and service configurations
  • I can monitor system health and performance metrics
  • I can troubleshoot technical issues across organizations

Publisher User Stories

User Story 4: Organization User Management

As a Publisher
I want to manage users within my organization
So that I can ensure appropriate access to threat intelligence and maintain organizational security.

  • I can create new user accounts for my organization
  • I can assign Viewer or Publisher roles to users in my organization
  • I can view all users within my organization with their current status
  • I can deactivate user accounts when personnel leave
  • I can reset passwords for users in my organization
  • I can unlock accounts that have been locked due to failed attempts
  • I can view user activity and login history for my organization
  • I cannot create BlueVisionAdmin accounts or access other organizations
  • All my user management actions are logged for audit

User Story 5: Threat Intelligence Feed Management

As a Publisher
I want to manage threat intelligence feeds and sharing permissions
So that I can control what intelligence my organization shares and receives.

  • I can create and publish threat intelligence feeds for my organization
  • I can configure sharing permissions with trusted partner organizations
  • I can manage user access to specific threat feeds within my organization
  • I can set expiration dates and access controls for shared intelligence
  • I can view analytics on feed usage and user engagement
  • I can receive notifications when other organizations share feeds with us
  • I can approve or deny feed sharing requests from external organizations
  • I can track the provenance and chain of custody for threat intelligence

User Story 6: Organization Security Oversight

As a Publisher
I want to monitor and manage security for my organization
So that I can maintain appropriate security posture and respond to threats.

  • I can view security events and alerts for my organization
  • I can configure security policies specific to my organization
  • I can review and approve high-risk user activities
  • I can investigate suspicious behaviors within my organization
  • I can coordinate with BlueVisionAdmins on security incidents
  • I can generate security reports for organizational leadership
  • I can manage trusted devices and authentication policies
  • I can implement temporary security measures during incidents

Viewer User Stories

User Story 7: Secure Authentication and Profile Management

As a Viewer
I want to securely access my account and manage my profile
So that I can safely access threat intelligence while maintaining my account security.

  • I can log in using my username/email and password
  • I can enable two-factor authentication for enhanced security
  • I can register trusted devices to reduce authentication friction
  • I can change my password following security requirements
  • I can update my profile information and contact details
  • I can view my login history and active sessions
  • I can terminate active sessions from other devices
  • I receive notifications about security events on my account
  • My account locks automatically after failed login attempts

User Story 8: Threat Intelligence Access and Consumption

As a Viewer
I want to access and consume threat intelligence relevant to my role
So that I can stay informed about threats and support my organization's security efforts.

  • I can browse available threat intelligence feeds for my organization
  • I can search and filter threat intelligence by type, severity, and date
  • I can view detailed threat information including indicators and context
  • I can bookmark important threats for future reference
  • I can receive notifications about new high-priority threats
  • I can export threat data in standard formats for analysis
  • I can access threat intelligence through mobile devices
  • I cannot modify or delete threat intelligence data
  • My access to feeds is controlled by Publisher permissions

User Story 9: Personal Dashboard and Activity Tracking

As a Viewer
I want a personal dashboard showing my activity and relevant information
So that I can efficiently track my usage and stay updated on important developments.

  • I can see a personalized dashboard with my recent activity
  • I can view my threat intelligence consumption statistics
  • I can see notifications about new feeds and important updates
  • I can track my login history and account security status
  • I can access help documentation and user guides
  • I can provide feedback about platform functionality
  • I can see announcements from my organization's Publishers
  • I can view my current permissions and access levels
  • Dashboard loads quickly and works on mobile devices