As Ryan, the IT Leader and the person in charge of providing secure IT practices in my organization, I want to know exactly what data leaves my domain before it does so that I can protect the interest of my internal and external customers.
This should be recorded in a way that can be tracked. Database preferred.
It should explicitly collect the date and name of the person authorizing the data collection.
This story or sub-epic will include stories for the following, and will be considered complete when we can:
- Explain what data we are collecting. (See Situation Data Transfer Prototype).
- Explain that agreeing will also agree to the generic data collection done by OpenNMS (provide a notice similar to that).
- Writes to the database (or wherever we store the permission data).
- The GUI provides a way to rescind the permission. The user is explained that they can rescind at any time.
- The usual Done, Done criteria (automated testing, documented, QA, etc...)
This story does not need:
- Actual data to be transferred to be considered complete.
|Questions or Stories to Create||Main Contact|
|What we are collecting (list) (Check with
|How do we generalize the data (inventory objects may be different, alarm descriptions may be different).|
|Plan or mechanism for asking for permission again if we change the list of things we collect.||Gerardo|
|We can only ask administrators for permission. So data transfers will be paused until administrator approves. (A regular user may be logging in just to see situations).|
|How long do we keep the data?|
|How frequently do we transfer data?|
|How do we buffer the data?|
|Where and how do we store the agreement from the user?|
|How do we ask the user again for permission when a new list of items collected is available? (Versioning)?|
|How do I actually code the questions - related ALEC-108.|