[Trike-devel] Help sections needed in the spreadsheet

[Eleanor S. <el...@dy...>]

Going from the latest version on octotrike.org, here's some stuff that
we need more help around:

Entire spreadsheet:
 o What actions will break the spreadsheet?
 o What are the applicability columns for?
Actor tab:
 o What do "favored user", "authenticated", "attacker", and (especially)
     "uses system", "used by system", "shared", and "shared resources"
     imply?
 o What are the privileges columns for and how do they work?
Data Model tab:
 o What do "shared" and "transient" mean?
Intended Actions tab:
 o Where do we specify the rules for "conditional"?
Connections tab:
 o What does "shared" mean?
 o Do the from/to/OSI layer/traverses/protocol columns matter?  For
     what?
 * The to and from targets are misformatted/whited out
Protocols tab:
 o What is this tab for?
Threats tab:
 * Can we have an "nonsenical" marking, instead of just ignoring it in
     the security objectives?
 o What do the different severity levels affect?
Security Objectives tab:
 o What should populate the "prohibited threats" and "initial
     configuration" columns?
Use Case Details:
 o What goes in the "choice", "terminal", "variation", and "attacker
     influenced", columns?


This is a combination of things that I don't understand at the moment
and questions which I think someone else would have.  I'm assuming here
that someone gets the basics of what an actor, asset, etc., is, which
obviously isn't true in general, but that's a different level of docs.

I know some of the above are for things which aren't hooked up yet,
which is fine, but we should have a list somewhere in the help of which
bits of data aren't hooked up/fully factored.  Also, we should put a
spreadsheet version number in the System Overview tab, so we can tell if
we're using a current revision of the spreadsheet/what problems a
spreadsheet is likely to have, and probably start keeping a changelog,
possibly also in the help.

E.

-- 
Ideas are my favorite toys.