-
Notifications
You must be signed in to change notification settings - Fork 1
Potential Risks
cwarren279 edited this page Sep 29, 2023
·
6 revisions
Risk captures information about the impact on the purpose a product serves posed by a threat arising from a defect in the product, from an external source, or from a project constraint. A defect or a constraint is not a risk.
- Broken Access Control
- Only the correct users can act within their role's permissions.
- Cryptographic Failures
- Any data we have is properly secured and stored.
- Injection
- Any user inputs are validated, filtered, and sanitized to prevent potential attacks.
- Insecure Design
- Ensuring all features are properly implemented and tested to prevent misuse.
- Incorrect Car Emission Data
- Emission data is properly calculated, to prevent incorrect statistics.
The Risk analysis that follows is based upon the analysis on the following page. Risk Analysis Worksheet
eMission Business Goals
ID | Business Goals |
---|---|
Bus-Usrs | Increase & Expand User Engagement |
Bus-Educ | Promote education and awareness |
Bus-Perf | Maintain App Performance |
eMission Business Risks
ID | Business Risk | Description |
---|---|---|
Bus-R-1 | Not enough people are interested in the app. | If very few people want to use the app, then the user base will not be diverse and large. |
Bus-R-2 | Inaccurate information | Misinformation can lead to confusion for the user and misrepresent our project mission |
Bus-R-3 | Low User Retention | Users become uninterested in the app therefore cannot reliable provide feedback |
Ratings for eMission Business Risks
ID | Business Risk | Likelihood | Impact | Severity |
---|---|---|---|---|
Bus R-1 | Not enough people are interested in the app. | M | H | H |
Bus R-2 | Inaccurate information | M | H | H |
Bus R-3 | Low User Retention | M | H | H |
Technical Risk Severity
ID | Technical Risk | Bus-Usrs | Bus-Rev | Bus-Part | Bus-Educ | Likelihood |
---|---|---|---|---|---|---|
Tech: R-1 | Limited experience using mobile app technologies. (Android Studio, Flutter, Ionic Framework) | H | H | H | M | VH |
Tech: R-2 | Team is not experienced using location technologies. | H | H | H | M | VH |
Tech: R-3 | Emission calculations are inaccurate. | H | H | H | H | H |
Tech: R-4 | Any data we have is not properly secured or stored. | H | H | H | L | M |
Tech: R-5 | Inadequate testing does not cover requirements. | H | H | M | H | M |
Tech: R-6 | Developers have limited time to work due to time constraints | L | M | M | H | M |
Tech: R-7 | The application is at risk of an injection attack | H | H | H | H | M |
Tech: R-8 | Insufficient verification/authentication of users | H | M | L | M | M |
Risk Mitigation Plan
ID | Technical Risk | Mitigation |
---|---|---|
Tech: R-1 | Limited experience using mobile app technologies | Schedule time to work through online tutorials of technologies. (Android Studio, Flutter, Ionic Framework) |
Tech: R-2 | Team is not experienced using Location tracking technologies. | Schedule time to work through online tutorials of online technologies. |
Tech: R-3 | Emission calculations are inaccurate. | Deliberate calculation and testing phases. |
Tech: R-4 | Any data we have is not properly secured and stored. | Make use of Web Server and scripting tools that efficiently store product data. |
Tech: R-5 | Inadequate testing does not cover requirements. | Detailed Walkthroughs and planning |
Tech: R-6 | Developers have limited time to work due to other classes. | Schedule time during the week for team to work on project free from distractions. |
Tech: R-7 | The application is at risk of an injection attack. | Follow the OWASP guidlines for preventing injection attacks and the testing protocol. |
Tech: R-8 | Insufficient verification/authentication of users | Using secure authentication practices. |
Relationship Between Technical Risk and Business Goals
Business Goal | Business Risk | ID | Technical Risk |
---|---|---|---|
Increase & Expand User Engagement | * | * | * |
Low reputation | Tech R-2 | Team is not experienced using location technologies. | |
Puts users at risks | Tech R-4 | Any data we have is not properly secured and stored. | |
Threatens user engagement | Tech R-5 | Inadequate testing does not cover requirements. | |
Breaks user experience | Tech R-8 | Insufficient verification/authentication of users | |
Promote Education and Awareness | * | * | * |
Damage Reputation w/ Misinformation | Tech R-3 | Emission calculations are inaccurate. | |
Maintain App Performance | * | * | * |
Threatens app performance & workflow | Tech R-6 | Developers have limited time to work due to other classes. | |
Halts app performance | Tech R-7 | The application is at risk of an injection attack. |