'use client' // ============================================================================= // Step 5: Risk & Protection Level // CIA assessment and protection level determination // ============================================================================= import React, { useState, useEffect } from 'react' import { useTOMGenerator } from '@/lib/sdk/tom-generator' import { RiskProfile, CIARating, ProtectionLevel, calculateProtectionLevel, isDSFARequired, } from '@/lib/sdk/tom-generator/types' // ============================================================================= // CONSTANTS // ============================================================================= const CIA_LEVELS: { value: CIARating; label: string; description: string }[] = [ { value: 1, label: 'Sehr gering', description: 'Kein nennenswerter Schaden bei Verletzung' }, { value: 2, label: 'Gering', description: 'Begrenzter, beherrschbarer Schaden' }, { value: 3, label: 'Mittel', description: 'Erheblicher Schaden, aber kompensierbar' }, { value: 4, label: 'Hoch', description: 'Schwerwiegender Schaden, schwer kompensierbar' }, { value: 5, label: 'Sehr hoch', description: 'Existenzbedrohender oder irreversibler Schaden' }, ] const REGULATORY_REQUIREMENTS = [ 'DSGVO', 'BDSG', 'MaRisk (Finanz)', 'BAIT (Finanz)', 'PSD2 (Zahlungsdienste)', 'SGB (Gesundheit)', 'MDR (Medizinprodukte)', 'TISAX (Automotive)', 'KRITIS (Kritische Infrastruktur)', 'NIS2', 'ISO 27001', 'SOC 2', ] // ============================================================================= // CIA SLIDER COMPONENT // ============================================================================= interface CIASliderProps { label: string description: string value: CIARating onChange: (value: CIARating) => void } function CIASlider({ label, description, value, onChange }: CIASliderProps) { const level = CIA_LEVELS.find((l) => l.value === value) const getColor = (v: CIARating) => { if (v <= 2) return 'bg-green-500' if (v === 3) return 'bg-yellow-500' return 'bg-red-500' } return (

{label}

{description}

{level?.label}
onChange(parseInt(e.target.value) as CIARating)} className="w-full h-2 bg-gray-200 rounded-lg appearance-none cursor-pointer accent-blue-600" />
1 2 3 4 5

{level?.description}

) } // ============================================================================= // PROTECTION LEVEL DISPLAY // ============================================================================= interface ProtectionLevelDisplayProps { level: ProtectionLevel } function ProtectionLevelDisplay({ level }: ProtectionLevelDisplayProps) { const config: Record = { NORMAL: { label: 'Normal', color: 'text-green-800', bg: 'bg-green-100', description: 'Standard-Schutzmaßnahmen ausreichend', }, HIGH: { label: 'Hoch', color: 'text-yellow-800', bg: 'bg-yellow-100', description: 'Erweiterte Schutzmaßnahmen erforderlich', }, VERY_HIGH: { label: 'Sehr hoch', color: 'text-red-800', bg: 'bg-red-100', description: 'Höchste Schutzmaßnahmen erforderlich', }, } const { label, color, bg, description } = config[level] return (
{label}

{description}

) } // ============================================================================= // COMPONENT // ============================================================================= export function RiskProtectionStep() { const { state, setRiskProfile, completeCurrentStep } = useTOMGenerator() const [formData, setFormData] = useState>({ ciaAssessment: { confidentiality: 3, integrity: 3, availability: 3, justification: '', }, protectionLevel: 'HIGH', specialRisks: [], regulatoryRequirements: ['DSGVO'], hasHighRiskProcessing: false, dsfaRequired: false, }) const [specialRiskInput, setSpecialRiskInput] = useState('') // Load existing data useEffect(() => { if (state.riskProfile) { setFormData(state.riskProfile) } }, [state.riskProfile]) // Calculate protection level when CIA changes useEffect(() => { if (formData.ciaAssessment) { const level = calculateProtectionLevel(formData.ciaAssessment) const dsfaReq = isDSFARequired(state.dataProfile, { ...formData, protectionLevel: level, } as RiskProfile) setFormData((prev) => ({ ...prev, protectionLevel: level, dsfaRequired: dsfaReq, })) } }, [formData.ciaAssessment, state.dataProfile]) // Handle CIA changes const handleCIAChange = (field: 'confidentiality' | 'integrity' | 'availability', value: CIARating) => { setFormData((prev) => ({ ...prev, ciaAssessment: { ...prev.ciaAssessment!, [field]: value, }, })) } // Handle regulatory requirements toggle const toggleRequirement = (req: string) => { setFormData((prev) => { const current = prev.regulatoryRequirements || [] const updated = current.includes(req) ? current.filter((r) => r !== req) : [...current, req] return { ...prev, regulatoryRequirements: updated } }) } // Handle special risk addition const addSpecialRisk = () => { if (specialRiskInput.trim()) { setFormData((prev) => ({ ...prev, specialRisks: [...(prev.specialRisks || []), specialRiskInput.trim()], })) setSpecialRiskInput('') } } const removeSpecialRisk = (index: number) => { setFormData((prev) => ({ ...prev, specialRisks: (prev.specialRisks || []).filter((_, i) => i !== index), })) } // Handle submit const handleSubmit = (e: React.FormEvent) => { e.preventDefault() const profile: RiskProfile = { ciaAssessment: formData.ciaAssessment!, protectionLevel: formData.protectionLevel || 'HIGH', specialRisks: formData.specialRisks || [], regulatoryRequirements: formData.regulatoryRequirements || [], hasHighRiskProcessing: formData.hasHighRiskProcessing || false, dsfaRequired: formData.dsfaRequired || false, } setRiskProfile(profile) completeCurrentStep(profile) } return (
{/* CIA Assessment */}

CIA-Bewertung

Bewerten Sie die Schutzziele für Ihre Datenverarbeitung. Was passiert, wenn die Vertraulichkeit, Integrität oder Verfügbarkeit der Daten beeinträchtigt wird?

handleCIAChange('confidentiality', v)} /> handleCIAChange('integrity', v)} /> handleCIAChange('availability', v)} />
{/* Justification */}