-- ========================================================= -- Migration 015: IT-Security Training Modules -- ========================================================= -- 8 neue IT-Security Micro-/Annual-Trainingsmodule -- fuer Template-Tenant und Breakpilot-Tenant -- ========================================================= DO $$ DECLARE -- Tenant IDs tmpl_id UUID := '00000000-0000-0000-0000-000000000000'; bp_id UUID := '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'; -- Module IDs for template tenant CTM t_sec_pwd UUID; t_sec_desk UUID; t_sec_kiai UUID; t_sec_byod UUID; t_sec_video UUID; t_sec_usb UUID; t_sec_inc UUID; t_sec_home UUID; -- Module IDs for breakpilot tenant CTM b_sec_pwd UUID; b_sec_desk UUID; b_sec_kiai UUID; b_sec_byod UUID; b_sec_video UUID; b_sec_usb UUID; b_sec_inc UUID; b_sec_home UUID; BEGIN -- ======================================================= -- 1) Template Tenant Modules -- ======================================================= IF EXISTS (SELECT 1 FROM training_modules WHERE tenant_id = tmpl_id AND module_code = 'SEC-PWD' LIMIT 1) THEN RAISE NOTICE 'IT-Security modules already exist for template tenant, skipping template insert'; ELSE INSERT INTO training_modules (id, tenant_id, module_code, title, description, regulation_area, nis2_relevant, frequency_type, validity_days, risk_weight, duration_minutes, pass_threshold, sort_order) VALUES (gen_random_uuid(), tmpl_id, 'SEC-PWD', 'Passwortsicherheit & MFA', 'Sichere Passwoerter, Multi-Faktor-Authentifizierung, Passwort-Manager', 'iso27001', false, 'micro', 180, 1.5, 10, 70, 21), (gen_random_uuid(), tmpl_id, 'SEC-DESK', 'Sichere Datenablage & Clean Desk', 'Clean-Desk-Policy, sichere Ablage, Bildschirmsperre, Dokumentenvernichtung', 'iso27001', false, 'micro', 180, 1.5, 10, 70, 22), (gen_random_uuid(), tmpl_id, 'SEC-KIAI', 'Personenbezogene Daten in KI-Tools', 'DSGVO-konforme Nutzung von KI, ChatGPT & Co., Datenweitergabe-Risiken', 'dsgvo', false, 'annual', 365, 2.5, 30, 70, 23), (gen_random_uuid(), tmpl_id, 'SEC-BYOD', 'BYOD & Mobile Security', 'Bring Your Own Device, Mobile Device Management, Geraetetrennung', 'iso27001', false, 'annual', 365, 2.0, 15, 70, 24), (gen_random_uuid(), tmpl_id, 'SEC-VIDEO', 'Sichere Videokonferenzen', 'Datenschutz in Videokonferenzen, Screensharing-Risiken, Aufzeichnungsregeln', 'iso27001', false, 'micro', 180, 1.5, 10, 70, 25), (gen_random_uuid(), tmpl_id, 'SEC-USB', 'USB & Externe Medien', 'Risiken externer Datentraeger, USB-Richtlinien, Verschluesselung', 'iso27001', false, 'micro', 180, 1.5, 10, 70, 26), (gen_random_uuid(), tmpl_id, 'SEC-INC', 'Sicherheitsvorfall melden', 'Erkennung von Sicherheitsvorfaellen, Meldewege, Sofortmassnahmen, Dokumentation', 'iso27001', true, 'micro', 180, 1.5, 10, 70, 27), (gen_random_uuid(), tmpl_id, 'SEC-HOME', 'Homeoffice-Sicherheit', 'Sicheres Arbeiten von zuhause, VPN, WLAN-Sicherheit, physische Sicherheit', 'iso27001', false, 'annual', 365, 2.0, 15, 70, 28); END IF; -- Lookup template module IDs for CTM SELECT id INTO t_sec_pwd FROM training_modules WHERE tenant_id = tmpl_id AND module_code = 'SEC-PWD'; SELECT id INTO t_sec_desk FROM training_modules WHERE tenant_id = tmpl_id AND module_code = 'SEC-DESK'; SELECT id INTO t_sec_kiai FROM training_modules WHERE tenant_id = tmpl_id AND module_code = 'SEC-KIAI'; SELECT id INTO t_sec_byod FROM training_modules WHERE tenant_id = tmpl_id AND module_code = 'SEC-BYOD'; SELECT id INTO t_sec_video FROM training_modules WHERE tenant_id = tmpl_id AND module_code = 'SEC-VIDEO'; SELECT id INTO t_sec_usb FROM training_modules WHERE tenant_id = tmpl_id AND module_code = 'SEC-USB'; SELECT id INTO t_sec_inc FROM training_modules WHERE tenant_id = tmpl_id AND module_code = 'SEC-INC'; SELECT id INTO t_sec_home FROM training_modules WHERE tenant_id = tmpl_id AND module_code = 'SEC-HOME'; -- Template CTM entries (skip if already exist) IF NOT EXISTS (SELECT 1 FROM training_matrix WHERE tenant_id = tmpl_id AND module_id = t_sec_pwd LIMIT 1) THEN INSERT INTO training_matrix (tenant_id, role_code, module_id, is_mandatory, priority) VALUES -- SEC-PWD: R7, R8, R9 (tmpl_id, 'R7', t_sec_pwd, true, 4), (tmpl_id, 'R8', t_sec_pwd, true, 4), (tmpl_id, 'R9', t_sec_pwd, true, 3), -- SEC-DESK: R9 (tmpl_id, 'R9', t_sec_desk, true, 3), -- SEC-KIAI: R3, R7, R9 (tmpl_id, 'R3', t_sec_kiai, true, 3), (tmpl_id, 'R7', t_sec_kiai, true, 4), (tmpl_id, 'R9', t_sec_kiai, true, 3), -- SEC-BYOD: R2, R8, R9 (tmpl_id, 'R2', t_sec_byod, true, 4), (tmpl_id, 'R8', t_sec_byod, true, 4), (tmpl_id, 'R9', t_sec_byod, true, 3), -- SEC-VIDEO: R9 (optional) (tmpl_id, 'R9', t_sec_video, false, 5), -- SEC-USB: R2, R8, R9 (tmpl_id, 'R2', t_sec_usb, true, 4), (tmpl_id, 'R8', t_sec_usb, true, 4), (tmpl_id, 'R9', t_sec_usb, true, 3), -- SEC-INC: R2, R7, R8, R9 (tmpl_id, 'R2', t_sec_inc, true, 2), (tmpl_id, 'R7', t_sec_inc, true, 4), (tmpl_id, 'R8', t_sec_inc, true, 2), (tmpl_id, 'R9', t_sec_inc, true, 2), -- SEC-HOME: R8, R9 (tmpl_id, 'R8', t_sec_home, true, 4), (tmpl_id, 'R9', t_sec_home, true, 3); END IF; -- ======================================================= -- 2) Breakpilot Tenant Modules -- ======================================================= IF EXISTS (SELECT 1 FROM training_modules WHERE tenant_id = bp_id AND module_code = 'SEC-PWD' LIMIT 1) THEN RAISE NOTICE 'IT-Security modules already exist for Breakpilot tenant, skipping Breakpilot insert'; ELSE INSERT INTO training_modules (id, tenant_id, module_code, title, description, regulation_area, nis2_relevant, frequency_type, validity_days, risk_weight, duration_minutes, pass_threshold, sort_order) VALUES (gen_random_uuid(), bp_id, 'SEC-PWD', 'Passwortsicherheit & MFA', 'Sichere Passwoerter, Multi-Faktor-Authentifizierung, Passwort-Manager', 'iso27001', false, 'micro', 180, 1.5, 10, 70, 21), (gen_random_uuid(), bp_id, 'SEC-DESK', 'Sichere Datenablage & Clean Desk', 'Clean-Desk-Policy, sichere Ablage, Bildschirmsperre, Dokumentenvernichtung', 'iso27001', false, 'micro', 180, 1.5, 10, 70, 22), (gen_random_uuid(), bp_id, 'SEC-KIAI', 'Personenbezogene Daten in KI-Tools', 'DSGVO-konforme Nutzung von KI, ChatGPT & Co., Datenweitergabe-Risiken', 'dsgvo', false, 'annual', 365, 2.5, 30, 70, 23), (gen_random_uuid(), bp_id, 'SEC-BYOD', 'BYOD & Mobile Security', 'Bring Your Own Device, Mobile Device Management, Geraetetrennung', 'iso27001', false, 'annual', 365, 2.0, 15, 70, 24), (gen_random_uuid(), bp_id, 'SEC-VIDEO', 'Sichere Videokonferenzen', 'Datenschutz in Videokonferenzen, Screensharing-Risiken, Aufzeichnungsregeln', 'iso27001', false, 'micro', 180, 1.5, 10, 70, 25), (gen_random_uuid(), bp_id, 'SEC-USB', 'USB & Externe Medien', 'Risiken externer Datentraeger, USB-Richtlinien, Verschluesselung', 'iso27001', false, 'micro', 180, 1.5, 10, 70, 26), (gen_random_uuid(), bp_id, 'SEC-INC', 'Sicherheitsvorfall melden', 'Erkennung von Sicherheitsvorfaellen, Meldewege, Sofortmassnahmen, Dokumentation', 'iso27001', true, 'micro', 180, 1.5, 10, 70, 27), (gen_random_uuid(), bp_id, 'SEC-HOME', 'Homeoffice-Sicherheit', 'Sicheres Arbeiten von zuhause, VPN, WLAN-Sicherheit, physische Sicherheit', 'iso27001', false, 'annual', 365, 2.0, 15, 70, 28); END IF; -- Lookup Breakpilot module IDs for CTM SELECT id INTO b_sec_pwd FROM training_modules WHERE tenant_id = bp_id AND module_code = 'SEC-PWD'; SELECT id INTO b_sec_desk FROM training_modules WHERE tenant_id = bp_id AND module_code = 'SEC-DESK'; SELECT id INTO b_sec_kiai FROM training_modules WHERE tenant_id = bp_id AND module_code = 'SEC-KIAI'; SELECT id INTO b_sec_byod FROM training_modules WHERE tenant_id = bp_id AND module_code = 'SEC-BYOD'; SELECT id INTO b_sec_video FROM training_modules WHERE tenant_id = bp_id AND module_code = 'SEC-VIDEO'; SELECT id INTO b_sec_usb FROM training_modules WHERE tenant_id = bp_id AND module_code = 'SEC-USB'; SELECT id INTO b_sec_inc FROM training_modules WHERE tenant_id = bp_id AND module_code = 'SEC-INC'; SELECT id INTO b_sec_home FROM training_modules WHERE tenant_id = bp_id AND module_code = 'SEC-HOME'; -- Breakpilot CTM entries (skip if already exist) IF NOT EXISTS (SELECT 1 FROM training_matrix WHERE tenant_id = bp_id AND module_id = b_sec_pwd LIMIT 1) THEN INSERT INTO training_matrix (tenant_id, role_code, module_id, is_mandatory, priority) VALUES -- SEC-PWD: R7, R8, R9 (bp_id, 'R7', b_sec_pwd, true, 4), (bp_id, 'R8', b_sec_pwd, true, 4), (bp_id, 'R9', b_sec_pwd, true, 3), -- SEC-DESK: R9 (bp_id, 'R9', b_sec_desk, true, 3), -- SEC-KIAI: R3, R7, R9 (bp_id, 'R3', b_sec_kiai, true, 3), (bp_id, 'R7', b_sec_kiai, true, 4), (bp_id, 'R9', b_sec_kiai, true, 3), -- SEC-BYOD: R2, R8, R9 (bp_id, 'R2', b_sec_byod, true, 4), (bp_id, 'R8', b_sec_byod, true, 4), (bp_id, 'R9', b_sec_byod, true, 3), -- SEC-VIDEO: R9 (optional) (bp_id, 'R9', b_sec_video, false, 5), -- SEC-USB: R2, R8, R9 (bp_id, 'R2', b_sec_usb, true, 4), (bp_id, 'R8', b_sec_usb, true, 4), (bp_id, 'R9', b_sec_usb, true, 3), -- SEC-INC: R2, R7, R8, R9 (bp_id, 'R2', b_sec_inc, true, 2), (bp_id, 'R7', b_sec_inc, true, 4), (bp_id, 'R8', b_sec_inc, true, 2), (bp_id, 'R9', b_sec_inc, true, 2), -- SEC-HOME: R8, R9 (bp_id, 'R8', b_sec_home, true, 4), (bp_id, 'R9', b_sec_home, true, 3); END IF; RAISE NOTICE 'Migration 015: IT-Security modules inserted successfully'; END $$;