RISCOSS Platform - RISCOSS/riscoss-corporate GitHub Wiki
RISCOSS Platform supports the decisions related to risk management. Risk managers can analyse the associated risks than raise when a specific OSS Project is going to be adopted by an organization.
RISCOSS needs different user profiles working together.
- SysAdmin: This user is responsible of managing the administrative aspects of the platform such as managing user accounts, managing user rights (who can do what), configuring extensions of the platform such as installing/configuring which Risk Data Collectors are available and visible through the platform.
- Producer: This user is responsible of creating/maintaining the entities in the knowledge base of platform. These entities represent "things" that are relevant in a given context and that can be the target of an analysis. OSS Components are the most evident example. However, considering other contexts, we can possibly have other kind of entities like "products", "projects", etc. A user who is a producer will create an entity and fill all the information about it (including configuring the Risk Data Collectors that might be associated to it). A special task a producer might have is to configure the entity hierarchy that will be used in the platform. This task consist of defining the type of the entities that can be defined in the platform, and what are their relationship. This task is part of a "configuration phase" that is needed to be done once and for all when the platform is installed.
- Modeler: This user is responsible of creating Risk Configurations by putting together the needed models for performing a certain type of risk analysis. He understands what models do and, in case, he is also the person who is able to write these models (or is in contact with somebody who can do it).
- Consumer: This user is the one who is interested in actually performing risk analysis on entities available in the platform, using one of the available risk configurations. He is responsible of feeding the risk analysis with the needed inputs and controlling that the ones that are available through risk data collectors are fine. The outcome of the actions of the consumer are the risk analysis reports that will be stored in the platform and that can be browsed by the other users A special kind of consumer is a user that is only interested in the risk reports created by previously done risk analysis. These users are not interested in performing the risk analysis but they just want to have a look at what has been analysed in order to take decisions. It's like if these users were just passive viewers who just look at the work of the others.
Once the platform is deployed and the SysAdmin creates the user accounts (Step 0: How to manage domains), and before it can provide risk analysis, Modellers and Producers need to configure the platform adding some information about the organization and the risks that the Consumers want to analyse.
images/riscoss_configuration.png
- Step 1: Configuring the Assets that are going to be analysed. Assets are the entities the risk manager wants to analyse. (Producer)
- Step 2: Configuring the Risk Configuration used in the Asset Analysis. (Modeler)
- Step 3: Creating Risk Sessions that allows the user managing the different analysis performed for different Assets using different Risk Configurations. (Consumer)