1. Introduction
    1. Licensing
    2. System Requirements
    3. Setup and Installation
  2. Getting Started
    1. Creating a Database
    2. RM Studio Users/Contacts
    3. Email Configuration
    4. Web Module Setup
    5. Web Module Update
  3. Navigating RM Studio
    1. Main Menu
      1. Save Function
      2. Import External Data
        1. Import Assets
      3. Clear User Cache
      4. Security
      5. Properties
      6. Languages
      7. Registration
      8. User Manual
      9. Manage Checkouts
      10. About
      11. Application Style
    2. Navigation Tree
    3. Tabs
    4. The Grid
    5. Context & Flow
  4. Common Entities
    1. Business Entities
      1. Asset Details - Basic Information tab
      2. Asset Details - Risks tab
      3. Asset Details - Categories tab
      4. Asset Details - Business Entities tab
    2. Contacts
    3. Teams
    4. Categories
    5. Assets
    6. Threats
    7. Standards/Controls
      1. How to: Standards, Regulations, Controls
      2. Standards Implementation Comparison
    8. Documents
  5. Gap Analysis
    1. How to: Gap Analysis
    2. Reporting
  6. Risk Assessment
    1. How to: Risk Assessment
      1. Working with Assets
      2. Evaluation Values
      3. Evaluating Risks
      4. Various Definitions
      5. Risk Assessment Reporting
    2. Risk Owner Tasks
    3. Risk Profile
  7. Web Module
    1. Dashboard
    2. My Tasks
    3. Reports
    4. Standards/Regulations
    5. Documents
    6. Incidents
    7. Risk Owner Web Solution
  8. Control Assessment
    1. Control Assessment Templates
    2. Control Assessment
    3. Reports - Control Assessment
  9. Risk Treatment
    1. How to: Risk Treatment
      1. Risk Treatment Templates
      2. Risk Criteria
      3. Asset Level
      4. Controls Tab
      5. Scheduling a Future Control
      6. Future Controls Tab
      7. Overview
      8. Reload Assets, Threats and Controls
    2. Risk Treatment Reports
  10. STPA
    1. STPA Projects
    2. Models and Diagrams
      1. How to: Create CS Models
        1. Models Progress Check
      2. How to: Create CS Diagram
        1. Diagram Elements
    3. Analyses
      1. How to: Define Purpose of Analysis
      2. Losses
      3. Hazards
      4. Relationship
      5. Constraints
      6. How to: Identify UCAs
        1. UCA Progress Check
      7. How to: Identify Loss Scenarios
        1. Loss Scenario Progress Check
    4. Reporting
    5. Global Properties
  11. Business Continuity Management Module
    1. Organization
      1. New Organization
      2. Stakeholders
      3. Resources/Processes
        1. Impact Analysis
        2. Requirements
    2. Incident Response/Recovery
      1. Associated Threats
      2. Plans
        1. Steps
      3. Maintenance
        1. Test plans
        2. Test Results
    3. Templates
    4. Maintenance
    5. Reports BCM
  12. Database Settings
    1. Database Upgrade
    2. Add Existing
    3. Remove
    4. Migrate
    5. Backup
    6. Restore
  13. Glossary
  14. Calculations

6.Risk Assessment

Risk assessment is the determination of quantitative or qualitative estimate of risk related to a well-defined situation and a recognized threat or hazard.

The RM Studio Risk Assessment was designed for the ISO/IEC 27001:2005 based on the ISO/IEC 27005:2011 Information technology — Security techniques — Information security risk management (second edition). The development over the years has also incorporated elements of the ISO 31000:2009 and the ISO/IEC 27001:2013 revision, as well as small influence from a few other standards.

Currently the risk assessment methodology follows and fully complies with the ISO/IEC 27001:2013 (clause 6.1.2).

In RM Studio the risk assessment and management follows a five step process:

  1. Establish the context – understand the operating context and environment (Business Entities);
  2. Identify the risks or hazards – identify the internal and external risks or hazards that pose a threat (Threat libraries);
  3. Analyze the risks – systemic analysis of various contributing and leading factors (Asset + Threat = Risk) ;
  4. Evaluate and prioritize the risks – characterize and prioritize the list of risks for further action (Risk scoring);
  5. Mitigate the risks – identify the range of options to mitigate the risk and implement the best choice using available resources (moving to the Risk Treatment).

The RM Studio Risk Assessment (RA) is built from the data entry items in the Common section of the Navigation tree. The Business Entities, Contacts, Assets, and Threats are compiled together to form the desired risk assessment. It is very important to remember the initial setup and understanding of the scope for the RA should be well thought out prior to beginning the RA.

To open the Risk Assessment simply double click in the Nav tree. The Risk Assessment opens into the work space. If you are using a new database for the first time the list will be empty. If you are re-opening the Risk Assessment in a database that has previous RAs, you will notice the list of RAs. The focus will jump to the most recent RA you have created.

6.1.How to: Risk Assessment

6.2. Risk Profiles

6.3. Risk Owner Task

Suggest Edit