1. Introduction
    1. System Requirements
    2. Setup and Installation
  2. Getting Started
    1. Creating a Database
    2. Email Configuration
    3. Web Module Setup
    4. Web Module Update
  3. Navigating RM Studio
    1. Main Menu
      1. Save Function
      2. Import External Data
        1. Import Assets
      3. Clear User Cache
      4. Security
      5. Properties
      6. Languages
      7. Registration
      8. User Manual
      9. Manage Checkouts
      10. About
      11. Application Style
    2. Navigation Tree
    3. Tabs
    4. The Grid
    5. Context & Flow
  4. Common Entities
    1. Business Entities
      1. Asset Details - Basic Information tab
      2. Asset Details - Risks tab
      3. Asset Details - Categories tab
      4. Asset Details - Business Entities tab
    2. Contacts
    3. Teams
    4. Assets
    5. Asset Categories
    6. Asset Attributes
    7. Threats
    8. Standards/Controls
      1. How to: Standards, Regulations, Controls
      2. Standards Implementation Comparison
    9. Documents
  5. Gap Analysis
    1. How to: Gap Analysis
    2. Reporting
  6. Risk Assessment
    1. How to: Risk Assessment
      1. Risk Assessment Overview
      2. Adding Assets
      3. Adding Risks
      4. Evaluation Values
      5. Evaluating Risks
      6. Various Definitions
      7. Risk Assessment Reporting
    2. Risk Owner Tasks
    3. Risk Profile
  7. Web Module
    1. Dashboard
    2. My Tasks
    3. Reports
    4. Standards/Regulations
    5. Documents
    6. Incidents
    7. Risk Owner Web Solution
  8. Control Assessment
    1. Control Assessment Templates
    2. Control Assessment
    3. Reports - Control Assessment
  9. Risk Treatment
    1. How to: Risk Treatment
      1. Risk Treatment Templates
      2. Risk Criteria
      3. Asset Level
      4. Controls Tab
      5. Scheduling a Future Control
      6. Future Controls Tab
      7. Overview
      8. Reload Assets, Threats and Controls
    2. Risk Treatment Reports
  10. STPA
    1. STPA Projects
    2. Models and Diagrams
      1. How to: Create CS Models
      2. How to: Create CS Diagram
        1. Diagram Elements
        2. Models Progress Check
    3. Analyses
      1. How to: Define Purpose of Analysis
      2. Losses
      3. Hazards
      4. Relationship
      5. Constraints
      6. How to: Identify UCAs
      7. How to: Identify Loss Scenarios
        1. Loss Scenario Progress Check
    4. Reporting
    5. Global Properties
  11. Business Continuity Management Module
    1. Organization
      1. New Organization
      2. Stakeholders
      3. Resources/Processes
        1. Impact Analysis
        2. Requirements
    2. Incident Response/Recovery
      1. Associated Threats
      2. Plans
        1. Steps
      3. Maintenance
        1. Test plans
        2. Test Results
    3. Templates
    4. Maintenance
    5. Reports BCM
  12. Database Settings
    1. Database Upgrade
    2. Add Existing
    3. Remove
    4. Migrate
    5. Backup
    6. Restore
  13. Glossary
  14. Calculations

9.2.Risk Treatment Reports

Statement of Applicability (SOA): the Statement of Applicability report is an overview of the status of the Risk Treatment. A Statement of Applicability is a list of all Controls from the Standard used to perform the Risk Treatment which have been labelled as Implemented, Not Implemented, Future Controls or Not Applicable. The descriptions entered for each respective control are also printed out. The status of the Risk Treatment is also displayed graphically. The report is useful for the managers of business units, customers, and agencies, e.g. the Data Protection Authority, which require a declaration of the security of the Risk Treatment in question. It can also be submitted to auditors.

Risk Treatment – Future controls (simple report): this report provides an overview of all Future Controls that have been defined for a given Risk Treatment. They are ranked according to date, so that the Control with the earliest date of implementation is shown first.

The Executive Summary report:·A great overview of Security Risk and Ratio of Controls. All calculations are shown graphically in a color coded way and gives the management key information on a single sheet.

Risk Treatment: All risks are listed along with their base, current and future security risk. The list is grouped by the Risk Treatment. Users can sort Risks by Base Security Risk, Current Security Risk, or Future Security Risk. This report provides a total overview of the risks and the treatment for each of them.

Controls With Assets: This report will show you all the Controls in your Risk Treatment, the name of the Control, Status of the Control, and Assets associated with the Control.


Risk With Controls: This report is only available to those using the Local Reports. This report is useful when information is needed on whether or not a control has been implemented for specific risks (image 16.1).

Suggest Edit