This page enumerates production risks and mitigation measures.
Risks
- hardware failure
- denial of service attacks
- SQL injection attacks
- credential security
- viruses
- data center is physically destroyed
- data center connectivity is lost
- database is corrupted
- production support
- key person risk
- deployment practices
- development practices
Mitigation of Risks
The following section details the risks, if they will be addressed, and how they will be mitigated.
...
Hardware Failure
...
todo
...
General Security Measures
...
Until we are better staffed to administer a public facing site, we shall allow only traffic from the city and county to access the site and web services.
...
Denial of Service Attacks
...
Therefore we We will not be taking any meaures to detect or to mitigate a DOS attack.
...
SQL Injection Attacks
...
See "Denial of Service Attacks" section above. The application code uses a framework to escape all user input which effectively dispenses with this problem.
...
Credential Security
...
Can Should we/can we enforce strong passwords?
Should we/can we force password changes?
Each year we will conduct a user account audit and disable or remove all accounts that are not in use.
...
Viruses
...
See "Denial of Service Attacks" section above. todo
...
data center is physically destroyed
...
todo
...
data center connectivity is lost
...
todo
...
database is corrupted
...
todo
...
production support
...
todo
...
key person risk
...
todo deployment
...
Deployment practices
...
Mitigation of Risks
Environments
With respect to the MAD application itself, changes The MAD application includes a data server, a map server and a web server. The application deployment are managed using standard practices with 3 separate environments (DEV, QA, PROD). Changes of any sort are first tested in the development DEV environment. If the tests pass, we apply the changes to QA where business users conduct testing. Only after the business users approve the changes do we release any changes to PROD. This includes everything from OS upgrades through to our own application code, minor and major.
To push normal street and parcel data changes into the MAD, we us an For various legacy oriented reasons, we were unable to employ standard practices for the extract, transform, and load (ETL) processprocesses. While this process has been coded to support ( DEV, QA, and PROD ) environments, none of the participating systems have more than a single environment. (Is this correct?) This includes the machine that the ETL jobs run on, the SFGIS dataserver, the DPW data server, and the ASR data server. FME workstation is not being backed up, is virtulaized , etceach of the data servers (SFGIS, DPW, ASR). The workstation that execute the ETL is virtualized but is not backed up and has no failover plan in place. (Is this correct?)
...
Development Practices
...
The software development team uses version control (Subversion), bug tracking (Jira), wiki collaboration (Confluence), all of which is hosted by Atlassian. All source code, ddl, dml, design documents, etc are stored on Atlasian. When a version is released, the repository is tagged. When bug fixes are made to production, a branch is create in the repository.
Recovery Time Objective
Without MAD, DBI will not be able to issue permits. (Is this correct?)
The recovery time objective for the application is 1 hour. (Is this OK?)
...