1. Introduction
    1. System Requirements
    2. Setup and Installation
  2. Getting Started
    1. Creating a Database
    2. Email Configuration
    3. Web Module Setup
    4. Web Module Update
  3. Navigating RM Studio
    1. Main Menu
      1. Save Function
      2. Import External Data
        1. Import Assets
      3. Clear User Cache
      4. Security
      5. Properties
      6. Languages
      7. Registration
      8. User Manual
      9. Manage Checkouts
      10. About
      11. Application Style
    2. Navigation Tree
    3. Tabs
    4. The Grid
    5. Context & Flow
  4. Common Entities
    1. Business Entities
      1. Asset Details - Basic Information tab
      2. Asset Details - Risks tab
      3. Asset Details - Categories tab
      4. Asset Details - Business Entities tab
    2. Contacts
    3. Teams
    4. Assets
    5. Asset Categories
    6. Asset Attributes
    7. Threats
    8. Standards/Controls
      1. How to: Standards, Regulations, Controls
      2. Standards Implementation Comparison
    9. Documents
  5. Gap Analysis
    1. How to: Gap Analysis
    2. Reporting
  6. Risk Assessment
    1. How to: Risk Assessment
      1. Risk Assessment Overview
      2. Adding Assets
      3. Adding Risks
      4. Evaluation Values
      5. Evaluating Risks
      6. Various Definitions
      7. Risk Assessment Reporting
    2. Risk Owner Tasks
    3. Risk Profile
  7. Web Module
    1. Dashboard
    2. My Tasks
    3. Reports
    4. Standards/Regulations
    5. Documents
    6. Incidents
    7. Risk Owner Web Solution
  8. Control Assessment
    1. Control Assessment Templates
    2. Control Assessment
    3. Reports - Control Assessment
  9. Risk Treatment
    1. How to: Risk Treatment
      1. Risk Treatment Templates
      2. Risk Criteria
      3. Asset Level
      4. Controls Tab
      5. Scheduling a Future Control
      6. Future Controls Tab
      7. Overview
      8. Reload Assets, Threats and Controls
    2. Risk Treatment Reports
  10. STPA
    1. STPA Projects
    2. Models and Diagrams
      1. How to: Create CS Models
      2. How to: Create CS Diagram
        1. Diagram Elements
        2. Models Progress Check
    3. Analyses
      1. How to: Define Purpose of Analysis
      2. Losses
      3. Hazards
      4. Relationship
      5. Constraints
      6. How to: Identify UCAs
      7. How to: Identify Loss Scenarios
        1. Loss Scenario Progress Check
    4. Reporting
    5. Global Properties
  11. Business Continuity Management Module
    1. Organization
      1. New Organization
      2. Stakeholders
      3. Resources/Processes
        1. Impact Analysis
        2. Requirements
    2. Incident Response/Recovery
      1. Associated Threats
      2. Plans
        1. Steps
      3. Maintenance
        1. Test plans
        2. Test Results
    3. Templates
    4. Maintenance
    5. Reports BCM
  12. Database Settings
    1. Database Upgrade
    2. Add Existing
    3. Remove
    4. Migrate
    5. Backup
    6. Restore
  13. Glossary
  14. Calculations

8.1.Control Assessment Templates

How to: Control Assessment Template

Control assessment templates are used to qualitatively evaluate implemented controls. RM Studio includes a default Control Assessment Template that users can edit, prior to first use, or add their own control assessment evaluations.

To open the Control Assessment Template for reviewing the default or creating a new template, double click “Control Assessment Templates” under the Risk Management – Templates and Profiles from the Navigation tree.

You will notice a popup window open to the right titled Control Assessment Template. The Standard Control Assessment (default) will be highlighted. Click the small, hollow arrowhead on the left to open the Control Assessment and Control Effectiveness values (Initial, Repeatable, etc.).

The Standard Control Assessment consists of 5 values for assessing both the Control Assessment Maturity and Control Effectiveness. Each of the five values has a numerical Factor value that is used to calculated the Control Implementation Assessment scoring. The CA factor values are applied to the controls that are used in the Risk Treatment when using the CA.

*Note: when creating a new Risk Treatment you have the option to use the Risk Assessment and the Gap analysis or use the Risk Assessment and the Control Assessment, which includes the Gap by default.

How to: Create a new Control Assessment Template

  1. Click the “Add Control Assessment Template” button.
  2. Name the New Control Assessment Template.
  3. Provide a Description for clarity and transparency for any auditor.
  4. Under the new template on the left side, select either the Control Maturity or Control Effectiveness, then click the “Add value” button.
  5. You will notice the Value Information presents on the right. Enter a unique name for the New Factor Value (the first factor value is “Initial” in the Standard CA template). Repeat for as many Factor Values as preferred.
  6. Enter the Factor numerical value (in the Standard CA template, “Initial” has a factor of 1, “Repeatable” has a factor of 2, and so on). The Factor numerical value is used for the calculation in both the Control Assessment scoring and the Risk Treatment (more details can be found in the Risk Treatment Calculations).
  7. Enter a Description for each New Factor Value to clarify for others using the new template.
  8. Repeat steps 4-7 to continue adding New Factor Values for the Control Maturity and Control Effectiveness.
  9. If you want to remove a newly created Factor Value, simply click the Remove button at the bottom next to the Add Value button.
  10. Remember to click the OK button icon button to save the newly created/edited template.

Note: The algorithm used for calculating security risk is most accurate when factor values start at value 1 (one) and the increment between values is 1 (one).

 

Suggest Edit