For the purposes of these requirements, we are using the fictional Woodgrove National Bank as our organizational archetype. Woodgrove National Bank is a leading global investment bank that serves institutional, corporate, government and individual clients in its role as a financial intermediary. Its business includes securities underwriting, sales and trading, financial advisory services, investment research, venture capital, and brokerage services for financial institutions. Woodgrove employs more than 15,000 people in 60 offices worldwide. Enterprise headquarters for Woodgrove is located in New York.
The scenarios for the EFS Assistant will use the following fictional employees of Woodgrove National Bank:
| Persona || Role || Description |
| Nicolas Velez || Financial Analyst, Knowledge Worker || Nicolas works in finance. His only computer is a brand new ThinkPad laptop running Windows Vista. Because of Nicolas’ specific job function, he is often on the road and stores many different types of confidential data on his laptop. In addition, he often needs to install unique financial analysis tools on his laptop computer. |
| Quentin Kelly || HR Manager, Knowledge Worker || Quentin works in human resources. He uses a 1 year old Toshiba laptop running Windows XP. Because of Quentin's specific job function, he has lots of personal information on his laptop at all times. He does not travel much, but does use his laptop to extend his work day into the evenings. |
| Meg Collins || Desktop/Laptop System Administrator || Meg is responsible for managing desktop computers across the organization and defining the deployment process for service packs and updates to these computers. She is involved in setting the strategic direction for the desktop OS, applications, and hardware. Meg is the escalation point for Desktop Support.|
| Diane Meyers || Operations Analyst || Diane monitors enterprise systems, but does no end user support. While Diane is responsible for network monitoring, several of her peers are responsible for monitoring servers and services. |
| Kevin Parrish || Security Specialist || Kevin is responsible for determining and implementing server security policy and evaluating new technology. |
| Phil Otten || Help Desk Support || Phil is a member of the Help Desk team that is the first line of support for requestors. He responds to calls concerning network, desktop, and application problems. He addresses logon problems, password resets, and most issues with desktop applications, and typically handles 50+ calls each day.|
Following are the scenarios for the EFS Assistant tool. Each scenario will list the personas involved in the scenario, a narrative describing the scenario itself, and the requirements that are driven by the scenario.
SCEN-010: Evaluate the EFS Assistant
Meg has heard about the EFS Assistant from Kevin Parrish, the Security Analyst at Woodgrove Bank. She would like to evaluate whether or not this tool would help her ensure encryption of data on her company's laptops. Therefore, she downloads the EFS Assistant package which includes the tool, some documentation, and various other support files. She looks at the documentation a bit and sees that the first chapter is an evaluator's guide that explains how she can determine if this tool is appropriate for her organization. She reads this section, has a quick glance through the rest of the document and decides to install the tool.
First, Meg double clicks the installer package. She is given several options: install the tool itself, install the administrative templates, create a start menu icon, etc.. Because she has read the evaluator's guide, she decides to accept the defaults and install everything. Because Meg has run the installer interactively, the installer configures appropriate defaults for an evaluator.
Because the installer configured the tool for evaluation mode, Meg could run the tool without configuration and it would encrypt many of the folders on her test system. However, Meg is the cautious sort, and decides that she would like to run the tool in reporting mode to see what it would encrypt before actually encrypting anything. Therefore, she consults the administrator's guide and learns how to configure this mode. She uses the administrative interface to change the configuration on her test system to reporting only mode, then runs the tool.
When she's done, she uses the accompanying reporting tool to understand what folders and files the tool would have encrypted. She is satisfied that the tool will not cause any issues, so she recongifures the tool to run in encryption mode and then starts the tool again my selecting it from the start menu. She goes away to get a cup of coffee while the tool runs.
When she returns, she notices that the tool has completed its run. She uses the reporting tool to see what the tool did and is satisfied that it encrypted appropriate folders and files. After a few more rounds of increasingly restrictive modifications to the configuration of the tool, she becomes convinced that the tool has the capabilities that she requires and decides that it will meet the needs of her production users.
SCEN-020: Install the EFS Assistant into the production environment for a pilot group of users
Meg Collins, Nicolas Velez, Kevin Parrish
Meg decides that the EFS Assistant will work in her environment, and decides to deploy it to a pilot group of users. She uses the administrative interface to configure the tool for the pilot users. Next, she uses her company's software deployment tool to push the installer to the selected laptops in the pilot group and install the tool. She chooses to have the tool run on every authentication and uses her company's client management system to make that change.
Nicolas Velez is a member of the pilot group of users. Meg informed him that he would see some changes on his system via an email that he received the prior week. The email also explained why this was happening and what to do if he notices something unusual.
Nicolas logs in the first morning after the software has been installed on his system. Unbeknownst to Nicolas, the tool starts up upon his authentication. Unfortunately, because of a glitch in the software distribution tool, the tool was installed on Nicolas' system, but the configuration settings were not. In order to prevent the tool from doing something unexpected, the tool exits immediately.
By the next day, the configuration for the tool has reached Nicholas' laptop. As before, when he logs in the tool starts. This time, the tool finds its configuration and begins running as configured. Meg has configured the tool to only encrypt specified folders (i.e., minimal encryption mode). Nicholas does not see anything on his screen that tells him the tool is running, but he does notice that the hard drive access light is glowing steadily. He starts up Outlook and Word and goes about his business. He does not notice that his system is running slower because of the tool.
Thirty minutes later, Nicholas undocks his laptop and goes to a meeting. While Nicholas does not know it, the tool has stopped scanning his disks in order to avoid draining his battery while he does not have AC power. When he gets back to his desk and redocks his laptop, the tool will start running again.
The tool finishes its run on Nicholas' machine. Nicholas notices that certain folders and files are now colored green. He remembers that the communication he received from Meg told him to expect this, and that this means these files are now protected in case his laptop is lost or stolen.
A week later, Meg decides she would like to see how the pilot users are getting along as well as how well the minimal encryption configuration is working for these users. She uses SMS to pull information off the pilot laptops then analyzes the data. She realizes that all but one of the pilot users have a folder that she feels should be encrypted but is not. After consulting with Kevin Parrish, Woodgrove's security specialist, she decides this folder does indeed need to be encrypted. She updates the configuration with the administrative tool, waits a few days and rechecks. She sees that the folder is now being encrypted on all machines.
SCEN-030: Getting more aggressive with encryption
Meg Collins, Nicolas Velez, Kevin Parrish
Meg starts to think of other ways to make the tool encrypt more sensitive data on her laptops. Again, she talks to Kevin and discusses a situation she is seeing on some of the pilot laptops. Some users are creating folders in locations that she does not know about beforehand, such as under C:\. She wants to make sure that confidential data stored in such folders is encrypted, but can't know ahead of time where those folders will be. She remembers from the documentation that the tool has the ability to help address this situation: it can be configured to find folders containing data files and encrypt those folders.
Meg decides to try out this capability on her pilot users. After talking to Kevin, she finds out the types of data file types the organization uses and configures them into the administrative tool. In addition, she configures the tool to encrypt folders containing these files. She waits to see how this works out for the pilot users. A few days later, she pulls the reports for encryption on her pilot users' machines and finds that, indeed, she has found and encrypted a number of new folders on each user's machine. She is pleased.
Kevin Parrish meets with Meg and discusses the success they are having with the pilot for the EFS Assistant. Kevin mentions that it a new corporate policy has been established that requires all data files on mobile PCs must be encrypted no matter where they are. Meg is ready for this request. She tells Kevin that the EFS Assistant can help enforce this policy. Kevin asks her to make it happen and report back.
Meg goes to the administrative interface and configures the tool to encrypt all data files no matter where they are found. The configuration is applied to the pilot laptops, and the next time the tool runs, these files are encrypted as instructed. Again, Meg waits a few days, then checks the reports for these pilot systems. She is pleased to see that many additional data files are encrypted on the pilot systems, and that still no one has called her to complain about broken applications or other unusual behavior.
Meg is starting to wonder just how far she can push the encryption on her pilot systems. She decides to ask for volunteers from the pilot group for people who would help her conduct an experiment. She knows that the EFS Assistant can be configured to encrypt just about everything on the hard drive except for folders that are specifically configured not to be encrypted. She feels she can do this because in her environment, everyone has his/her own laptop.
She uses the administrative tool to set up a new policy for the volunteer group. After a few days she checks the reports and sees that, indeed, all but the a small number of folders are being encrypted. In the folder that are not encrypted, all data files are encrypted individually. She estimates that she is encrypting nearly 100% of all the data on the pilot laptops, and about 80% of all the folders on the systems.
She is very pleased with the results until she gets a call from Nicolas. Nicolas has an application that has stopped working. After a bit of research, she determines that there is a folder that must be accessed by a system process that should not be encrypted. Unfortunately, the EFS Assistant has encrypted this folder. The good news for Meg is that the EFS Assistant can handle this situation. She uses the administrative interface to add the problem folder to the list of folders that should not be encrypted. This will prevent the folder from being encrypted again. She tells Nicolas how to decrypt this folder by hand and informs him that he can also wait until the EFS Assistant runs again at which time it will decrypt the problem folder. Nicolas needs to get his system working again immediately, so he decrypts the folder by hand. After he does so, his system starts working as expected.
SCEN-040: Deploying and supporting the EFS Assistant in the enterprise environment
Meg Collins, Quentin Kelly
The pilot went well so Meg decides it is time to deploy the EFS Assistant to the entire enterprise. She wants to play it safe by configuring the tool to run in reporting only mode first. She uses the administrative interface to configure the appropriate settings, then uses her software distribution system to install the tool on each machine. The configuration information is also pushed to each laptop as is the setting which tells the tool to run on each logon.
After a few days, Meg checks the reports to see how the tool is functioning. She reviews a sample of representative systems and sees that her encryption settings are working as expected. She changes the configuration to turn off the reporting mode and run in encryption mode. She also configures the tool to display status balloons when the tool begins processing and when it finishes.
The next day, Quentin docks his laptop and starts it up. He logs into the network. After he has been logged in for a few minutes, he notices a small balloon in the corner of his screen. The balloon says that his computer is encrypting his files to protect the sensitive data they contain. He's a bit nervous about this, but remembers the memo that he saw a few days ago that this new tool was coming. He is given the option to click a link that will ensure that he never sees this balloon again. He'd like to continue to be reminded about this new process, so he decides not to disable this balloon. He somewhat apprehensively closes the balloon by clicking on the close button. Some time later, a new balloon pops up on Quentin's screen saying that his files are now encrypted. Again, he is given the option to not see the balloon next time. This time he decides to choose to never see this balloon again. When he does so, the balloon disappears. He notices that many of the files and folders on his system now have their names in green rather than black. He remembers that the memo said that this is because the files are encrypted. He browses around through his files and sees that all of his confidential files have green titles. He opens a few of them and sees that he can still open the files and that the performance of his computer does not seem to be any different. He is happy that his company took these steps to protect the employees data that he carries on his laptop.
This section of the document discusses the various requirements for the EFS Assistant.
Consolidated Requirements List
Following are all the requirements for the EFS Assistant. In addition, this table shows the priority and source for the requirement as well as the priority of the scenario:
| Req # || Requirement || Priority || Source || Source Pri. |
| REQ-0010 || There must be an installer || || SCEN-010 || |
| REQ-0020 || Installer must be able to install the tool itself || || SCEN-010 || |
| REQ-0030 || Installer must be able to add the tool to the start menu || || SCEN-010 || |
| REQ-0040 || Installer must provide options to install/not install various features || || SCEN-010 || |
| REQ-0050 || Installer must be able to configure default settings for an evaluator || || SCEN-010 || |
| REQ-0060 || Installer must provide help to user about what features should be installed based on the purpose of the installation || || SCEN-010 || |
| REQ-0070 || There must be guidance to help evaluators understand how to get familiar with the tool || || SCEN-010 || |
| REQ-0080 || There must be a way to configure the tool locally || || SCEN-010 || |
| REQ-0090 || There must be an administrative interface for configuring the tool || || SCEN-010, SCEN-020, SCEN-030, SCEN-040 || |
| REQ-0095 || There must be a way to configure the tool from a central location || || SCEN-020, SCEN-030, SCEN-040 || |
| REQ-0100 || There must be a way to find out exactly what the tool did after it ran || || SCEN-010, SCEN-020, SCEN-030, SCEN-040 || |
| REQ-0110 || There must be a way to return a system to the state it was in before the tool ran || || SCEN-010 || |
| REQ-0120 || The tool must support a reporting only mode that does not actually encrypt || || SCEN-010 || |
| REQ-0130 || The tool must support a minimal encryption mode that only encrypts the basic folders that can be encrypted || || SCEN-010 || |
| REQ-0140 || The tool must be able to be installed by typical software distribution tools || || SCEN-020, SCEN-040 || |
| REQ-0150 || It must be possible to configure the tool for subsets of users in the organization || || SCEN-020 || |
| REQ-0160 || It must be possible to instruct the installer to install tool components separately (e.g., tool itself, configuration templates, etc.) || || SCEN-020 || |
| REQ-0170 || It must be possible to configure the tool to run at various times (e.g., on authentication, from the start menu, etc.) || || SCEN-020 || |
| REQ-0180 || The tool must not run if it cannot find its configuration || || SCEN-020 || |
| REQ-0190 || There must be a sample document for communicating about the EFS Assistant that administrators can send to users || || SCEN-020, SCEN-040 || |
| REQ-0200 || It must be possible to configure the tool to only encrypt specific folders || || SCEN-020 || |
| REQ-0210 || The tool must suspend when the laptop is running on battery power and resume when AC power returns || || SCEN-020 || |
| REQ-0220 || The tool must continue to function when the laptop is undocked or docked || || SCEN-020 || |
| REQ-0230 || It must be possible to configure certain folders to be encrypted || || SCEN-020 || |
| REQ-0240 || When a folder is configured to be encrypted, all its subfolders will also be encrypted || || SCEN-020 || |
| REQ-0250 || It must be possible to configure certain folders not to be encrypted || || SCEN-020, SCEN-030 || |
| REQ-0260 || When a folder is configured not to be encrypted, all its subfolders will also not be encrypted || || SCEN-020 || |
| REQ-0270 || The tool must know about certain default folders that should be encrypted || || SCEN-020 || |
| REQ-0280 || The tool must know about certain default folders that should not be encrypted || || SCEN-020 || |
| REQ-0290 || Configurations set by the administrator will override default settings || || SCEN-020 || |
| REQ-0300 || There must be a way to a gather the results of the tools run from a cental system such as SMS || || SCEN-020 || |
| REQ-0310 || There must be a way to encrypt uncategorized folders if the contain only data files || || SCEN-030 || |
| REQ-0320 || The tool be able to encrypt all data files no matter where they are || || SCEN-030 || |
| REQ-0330 || The tool should run on laptops that are used by only a single person || || SCEN-030 || |
| REQ-0340 || There must be a way to have a subset of all laptops have a unique configuration from the others || || SCEN-030 || |
| REQ-0350 || The tool must be able to encrypt all folders on a laptop except those specifically excluded by the administrator || || SCEN-030 || |
| REQ-0360 || The tool must be able to decrypt encrypted folders on the do not encrypt list || P3 || SCEN-030 || |
| REQ-0370 || There must be a guide describing how to install and configure the tool || || SCEN-010, SCEN-020, SCEN-030, SCEN-040 || |
| REQ-0380 || The guidance must explain how to support users when things go wrong || || SCEN-030 || |
| REQ-0390 || There must be a way to gather and view results centrally || || SCEN-020, SCEN-030, SCEN-040 || |
| REQ-0400 || The tool must be able to display status balloons when it starts and when it finishes || || SCEN-040 || |
| REQ-0410 || The administrator must be able to turn on or off the display of status balloons || || SCEN-040 || |
| REQ-0420 || The tool must be able to delay for a while before starting to minimize start up time || P2 || SCEN-040 || |
| REQ-0430 || It must be possible to close the start up and finishing status balloons || || SCEN-040 || |
| REQ-0440 || It must be possible to choose to not see a the start up of finishing balloons on subsequent runs of the tool || || SCEN-040 || |
| REQ-0450 || The user should be able to turn off one balloon without impacting the display of the other || || SCEN-040 || |
| REQ-0460 || The tool must not have a significant imact on system performance || || SCEN-040 || |
| REQ-0470 || The tool must run on Windows Vista || P1 || SCEN-010, SCEN-020, SCEN-030 || |
| REQ-0480 || The tool must run on Windows XP SP2 || P1 || SCEN-040 || |
| REQ-5000 || There must be a way to quickly configure the tool to not run || || Non-Functional || |
| REQ-5010 || The tool must coexist with antivirus tools || || Non-Functional || |
| REQ-5020 || The tool must coexist with backup tools || || Non-Functional || |
| REQ-5030 || The tool must run on typically configured mobile computers || || Non-Functional || |
| REQ-5040 || The tool should gracefully handle shutdown via the Task Manager || || Non-Functional || |
| REQ-5050 || The tool should log errors and continue operation whenever possible || || Non-Functional || |
| REQ-5060 || The tool should detect the default language of the system and run in that language || || Non-Functional || |
| REQ-5070 || The installer should detect the default language of the system and run in that language || || Non-Functional || |
| REQ-5080 || The tool should support running on non-English versions of Windows || || Non-Functional || |
| REQ-5090 || The tool should support encrypting folders that are configured to roam using Roaming User Profiles || || Non-Functional || |
| REQ-5100 || The tool should support leaving folders that are configured to roam using Roaming User Profiles unencrypted || || Non-Functional || |
| REQ-5110 || The tool should support uncompressing folders in order to encrypt them || || Non-Functional || |
| REQ-5120 || The tool should support leaving compressed folders unencrypted || || Non-Functional || |
| REQ-5130 || The tool should support encrypting shared folders || || Non-Functional || |
| REQ-5140 || The tool should support leaving shared folders unencrypted || || Non-Functional || |
| REQ-5150 || The tool should preserve file and folder modification dates || || Non-Functional || |
| REQ-6000 || The tool must run on laptops that are used by multiple users || P3 || Non-Goal || |
- FEAT-010: Installer
- FEAT-020: Configuration utility
- FEAT-030: EFS Assistant software
- FEAT-040: Reporting tool
This section describes the configuration options available and how they work.
Following is the complete list of configuration options available to the administrator via the administrative interface:
| Configuration Option || Possible Settings (Default in bold) || Purpose |
| Reporting Mode || Enabled or Disabled || Tells the tool if it should just report on the encryption it would perform or actually perform the encryption. This setting is intended for testing and evaluation of the tool. NOTE: When this setting is enabled, the tool will not cause any data to be protected. |
| Folder encryption mode || Specified folders only; Specified folders and categorize based on files; Maximize number of folders encrypted || This setting tells the tool if it should only encrypt folders that the administrator has specified or are defaults (Specified folders only), if it should encrypt the previous folders plus folders that only contain data files (Specified folders and categorize based on files), or if it should encrypt all folders that are not specifically classified by the administrator as red (Maximize number of folders encrypted). NOTE: There is no default for this setting. If it is not configured, the tool will not run. |
| Encrypt individual files || Enabled; Disabled || Enabling this setting will cause files of the types listed in the 'File types to encrypt' setting to be encrypted if they are found in uncategorized folders. See below for exact details of how this setting and the 'Folder encryption mode' setting work together. |
| Debug logging || Enabled; Disabled || When enabled, turns on debug logging |
| Folders to encrypt || List of folders (No default) || This is the list of folders that the administrator wants encrypted. When a folder is in this list, all folders under that folder will also be encrypted, unless overridden an entry in the "Folders not to encrypt" list. |
| Folders not to encrypt || List of folders (No default) || This is the list of folders that the administrator wants not to encrypt. When a folder is in this list, all folders under that folder will also not be encrypted, unless overridden an entry in the "Folders to encrypt" list. |
| File types to encrypt || List of file extensions (No default) || This list of extensions serves two purposes. First, it is used as the list of data file types for folder content classification. Second, when "Individual file encryption" is enabled, files of these types will be encrypted. See the "Interaction of Settings" section for more information. |
| Force decompression of folders to be encrypted || Enabled; Disabled || Enabling this setting will cause compressed folders to be decompressed so that they can be encrypted. |
| Encrypt shared folders || Enabled; Disabled || Enabling this setting will cause encryption of folders that are marked as shared folders. Encrypting these folders may prevent other users from accessing them successfully. |
| Encrypt Roaming User Profile (RUP) folders || Enabled; Disabled || Enabling this setting will cause RUP folders to be encrypted. |
| Display status balloons || Enabled; Disabled || Enabling this setting will cause status balloons to be displayed when the tool starts up and finishes. |
Interaction of Settings
The following table describes how the two main administrative settings, Folder encryption mode
and Encrypt individual files
, should work together to achieve various levels of encryption coverage:
| || Folder encryption mode: Specified folders only || Folder encryption mode: Specified folders and categorize by files || Folder encryption mode: Maximized number of folders encrypted |
| Encrypt individual files Disabled or not configured || All specified folders only || All specified folders and folders categorized by file || All non-red folders |
| Encrypt individual files Enabled || All specified folders; individual files in uncategorizable folders || All specified folders and folders categorized by file; individual files in uncategorizable folders || All non-red folders; Encrypt individual files setting has no effect |
- Folder content classification is based on the list of file extensions configured by the "File types to encrypt" setting.
- When encrypting individual files, the files to be encrypted are those configured by the "File types to encrypt" setting.
- No matter what the combination of these two settings, if Reporting mode is enabled, the tool will not actually encrypt anything. Instead, it will report on what it would have done.
| Term || Definition |
| Red Folder || A folder that should not be encrypted. |
| Green Folder || A folder that should be encrypted. |
| Uncategorized Folder || A folder that is not configured as either a red or green folder. |
| Folder content classification || A process by which the tool attempts to figure out whether a folder should be marked for encryption based upon the files that are in the folder. |
| Yellow Folder || Synonymous with Uncategorized Folder. |