-
Notifications
You must be signed in to change notification settings - Fork 1
Potential Risks
cwarren279 edited this page Sep 29, 2023
·
6 revisions
Risk captures information about the impact on the purpose a product serves posed by a threat arising from a defect in the product, from an external source, or from a project constraint. A defect or a constraint is not a risk.
- Broken Access Control
- Only the correct users can act within their role's permissions.
- Cryptographic Failures
- Any data we have is properly secured and stored.
- Injection
- Any user inputs are validated, filtered, and sanitized to prevent potential attacks.
- Insecure Design
- Ensuring all features are properly implemented and tested to prevent misuse.
- Incorrect Car Emission Data
- Emission data is properly calculated, to prevent incorrect statistics.
The Risk analysis that follows is based upon the analysis on the following page. Risk Analysis Worksheet
eMission Business Goals
| ID | Business Goals |
|---|---|
| Bus-Usrs | Increase & Expand User Engagement |
| Bus-Educ | Promote education and awareness |
| Bus-Perf | Maintain App Performance |
eMission Business Risks
| ID | Business Risk | Description |
|---|---|---|
| Bus-R-1 | Not enough people are interested in the app. | If very few people want to use the app, then the user base will not be diverse and large. |
| Bus-R-2 | Inaccurate information | Misinformation can lead to confusion for the user and misrepresent our project mission |
| Bus-R-3 | Low User Retention | Users become uninterested in the app therefore cannot reliable provide feedback |
Ratings for eMission Business Risks
| ID | Business Risk | Likelihood | Impact | Severity |
|---|---|---|---|---|
| Bus R-1 | Not enough people are interested in the app. | M | H | H |
| Bus R-2 | Inaccurate information | M | H | H |
| Bus R-3 | Low User Retention | M | H | H |
Technical Risk Severity
| ID | Technical Risk | Bus-Usrs | Bus-Rev | Bus-Part | Bus-Educ | Likelihood |
|---|---|---|---|---|---|---|
| Tech: R-1 | Limited experience using mobile app technologies. (Android Studio, Flutter, Ionic Framework) | H | H | H | M | VH |
| Tech: R-2 | Team is not experienced using location technologies. | H | H | H | M | VH |
| Tech: R-3 | Emission calculations are inaccurate. | H | H | H | H | H |
| Tech: R-4 | Any data we have is not properly secured or stored. | H | H | H | L | M |
| Tech: R-5 | Inadequate testing does not cover requirements. | H | H | M | H | M |
| Tech: R-6 | Developers have limited time to work due to time constraints | L | M | M | H | M |
| Tech: R-7 | The application is at risk of an injection attack | H | H | H | H | M |
| Tech: R-8 | Insufficient verification/authentication of users | H | M | L | M | M |
Risk Mitigation Plan
| ID | Technical Risk | Mitigation |
|---|---|---|
| Tech: R-1 | Limited experience using mobile app technologies | Schedule time to work through online tutorials of technologies. (Android Studio, Flutter, Ionic Framework) |
| Tech: R-2 | Team is not experienced using Location tracking technologies. | Schedule time to work through online tutorials of online technologies. |
| Tech: R-3 | Emission calculations are inaccurate. | Deliberate calculation and testing phases. |
| Tech: R-4 | Any data we have is not properly secured and stored. | Make use of Web Server and scripting tools that efficiently store product data. |
| Tech: R-5 | Inadequate testing does not cover requirements. | Detailed Walkthroughs and planning |
| Tech: R-6 | Developers have limited time to work due to other classes. | Schedule time during the week for team to work on project free from distractions. |
| Tech: R-7 | The application is at risk of an injection attack. | Follow the OWASP guidlines for preventing injection attacks and the testing protocol. |
| Tech: R-8 | Insufficient verification/authentication of users | Using secure authentication practices. |
Relationship Between Technical Risk and Business Goals
| Business Goal | Business Risk | ID | Technical Risk |
|---|---|---|---|
| Increase & Expand User Engagement | * | * | * |
| Low reputation | Tech R-2 | Team is not experienced using location technologies. | |
| Puts users at risks | Tech R-4 | Any data we have is not properly secured and stored. | |
| Threatens user engagement | Tech R-5 | Inadequate testing does not cover requirements. | |
| Breaks user experience | Tech R-8 | Insufficient verification/authentication of users | |
| Promote Education and Awareness | * | * | * |
| Damage Reputation w/ Misinformation | Tech R-3 | Emission calculations are inaccurate. | |
| Maintain App Performance | * | * | * |
| Threatens app performance & workflow | Tech R-6 | Developers have limited time to work due to other classes. | |
| Halts app performance | Tech R-7 | The application is at risk of an injection attack. |