1. Introduction
    1. Licensing
    2. System Requirements
    3. Setup and Installation
  2. Getting Started
    1. Creating the Database
    2. RM Studio Users/Contacts
    3. Email Configuration
    4. Web Module Setup
    5. Web Module Update
  3. Navigating RM Studio
    1. Main Menu
      1. Save Function
      2. Import External Data
        1. Import Assets
      3. Clear User Cache
      4. Security
      5. Properties
      6. Languages
      7. Registration
      8. User Manual
      9. Manage Checkouts
      10. About
      11. Application Style
    2. Navigation Tree
    3. Tabs
    4. The Grid
    5. Context & Flow
  4. Common Entities
    1. Business Entities
      1. Asset Details - Basic Information tab
      2. Asset Details - Risks tab
      3. Asset Details - Categories tab
      4. Asset Details - Business Entities tab
    2. Contacts
    3. Teams
    4. Categories
    5. Assets
    6. Threats
    7. Standards/Controls
      1. How to: Standards, Regulations, Controls
      2. Standards Implementation Comparison
    8. Documents
  5. Gap Analysis
    1. How to: Gap Analysis
    2. Reporting
  6. Risk Assessment
    1. How to: Risk Assessment
      1. Working with Assets
      2. Evaluation Values
      3. Evaluating Risks
      4. Various Definitions
      5. Risk Assessment Reporting
    2. Evaluation Templates
    3. Risk Owner Web Solution
  7. Web Module
    1. Dashboard
    2. My Tasks
    3. Reports
    4. Standards/Regulations
    5. Documents
    6. Incidents
    7. Risk Owner Web Solution
  8. Control Maturity and Effectiveness Assessment
    1. Control Assessment Templates
    2. Reporting
  9. Risk Treatment
    1. How to: Risk Treatment
      1. Risk Treatment Templates
      2. Risk Criteria
      3. Asset Level
      4. Controls Tab
      5. Scheduling a Future Control
      6. Future Controls Tab
      7. Overview
      8. Reload Assets, Threats and Controls
    2. Risk Treatment Reports
  10. STPA
    1. STPA Projects
    2. Models and Diagrams
      1. How to: Create CS Models
        1. Models Progress Check
      2. How to: Create CS Diagram
        1. Diagram Elements
    3. Analyses
      1. How to: Define Purpose of Analysis
      2. Losses
      3. Hazards
      4. Relationship
      5. Constraints
      6. How to: Identify UCAs
        1. UCA Progress Check
      7. How to: Identify Loss Scenarios
        1. Loss Scenario Progress Check
    4. Reporting
    5. Global Properties
  11. Business Continuity Management Module
    1. Organization
      1. New Organization
      2. Stakeholders
      3. Resources/Processes
        1. Impact Analysis
        2. Requirements
    2. Incident Response/Recovery
      1. Associated Threats
      2. Plans
        1. Steps
      3. Maintenance
        1. Test plans
        2. Test Results
    3. Templates
    4. Maintenance
    5. Reports BCM
  12. Database Settings
    1. Database Upgrade
    2. Add Existing
    3. Remove
    4. Migrate
    5. Backup
    6. Restore
  13. Glossary
  14. Calculations

6.2.Evaluation Templates

Control Assessment Template; these are used to qualitatively evaluate Threats and Assets in RM Studio. Users can add their own Asset or Threat Evaluations or change the definition of the Standard Asset and Threat Evaluations.

To add a new Control Assessment Template click the “Add Control Assessment Template” button (1) and give the Evaluation Template a name. When you have a new Evaluation Template highlighted in the list on the left hand side you will be able to “Add value” by pushing the appropriate button (2). Every Control Assessment Template can hold more than one Template Value.

When Asset Evaluation Templates are in use they can only be partially modified, such as changing the definitions of factor values as well as the defaults for security risk calculations.

Shortcomings of Evaluation Templates

If an Evaluation Template has no Template Factor then it cannot be used as either a Threat Template or as an Asset Template for a new Risk Assessment.

If an Evaluation Template has any Factor Value equal to 0 (zero) then it cannot be used as either a Threat or Asset Template for a new Risk Assessment.

There may not be more than one Evaluation Template with the same name, names should be unique for each Template.

There may not be more than one Template Factor in the same Evaluation Template with the same name. Names of Template Factors should be unique within a single Evaluation Template.

There may not be more than one Factor Value in the same Template Factor with the same name. Names of Factor Values should be unique within a single Template Factor.

Every change made to the Standard Templates will affect the calculations in the Processes using the default factors.

The algorithm used for calculating security risk is most accurate when factor values start at value 1 (one) and the increment between values is 1 (one).

Suggest Edit