1. Introduction
    1. System Requirements
    2. Setup and Installation
  2. Getting Started
    1. Creating a Database
    2. Email Configuration
    3. Web Module Setup
    4. Web Module Update
  3. Navigating RM Studio
    1. Main Menu
      1. Save Function
      2. Import External Data
        1. Import Assets
      3. Clear User Cache
      4. Security
      5. Properties
      6. Languages
      7. Registration
      8. User Manual
      9. Manage Checkouts
      10. About
      11. Application Style
    2. Navigation Tree
    3. Tabs
    4. The Grid
    5. Context & Flow
  4. Common Entities
    1. Business Entities
      1. Asset Details - Basic Information tab
      2. Asset Details - Risks tab
      3. Asset Details - Categories tab
      4. Asset Details - Business Entities tab
    2. Contacts
    3. Teams
    4. Assets
    5. Asset Categories
    6. Asset Attributes
    7. Threats
    8. Standards/Controls
      1. How to: Standards, Regulations, Controls
      2. Standards Implementation Comparison
    9. Documents
  5. Gap Analysis
    1. How to: Gap Analysis
    2. Reporting
  6. Risk Assessment
    1. How to: Risk Assessment
      1. Risk Assessment Overview
      2. Adding Assets
      3. Adding Risks
      4. Evaluation Values
      5. Evaluating Risks
      6. Various Definitions
      7. Risk Assessment Reporting
    2. Risk Owner Tasks
    3. Risk Profile
  7. Web Module
    1. Dashboard
    2. My Tasks
    3. Reports
    4. Standards/Regulations
    5. Documents
    6. Incidents
    7. Risk Owner Web Solution
  8. Control Assessment
    1. Control Assessment Templates
    2. Control Assessment
    3. Reports - Control Assessment
  9. Risk Treatment
    1. How to: Risk Treatment
      1. Risk Treatment Templates
      2. Risk Criteria
      3. Asset Level
      4. Controls Tab
      5. Scheduling a Future Control
      6. Future Controls Tab
      7. Overview
      8. Reload Assets, Threats and Controls
    2. Risk Treatment Reports
  10. STPA
    1. STPA Projects
    2. Models and Diagrams
      1. How to: Create CS Models
      2. How to: Create CS Diagram
        1. Diagram Elements
        2. Models Progress Check
    3. Analyses
      1. How to: Define Purpose of Analysis
      2. Losses
      3. Hazards
      4. Relationship
      5. Constraints
      6. How to: Identify UCAs
      7. How to: Identify Loss Scenarios
        1. Loss Scenario Progress Check
    4. Reporting
    5. Global Properties
  11. Business Continuity Management Module
    1. Organization
      1. New Organization
      2. Stakeholders
      3. Resources/Processes
        1. Impact Analysis
        2. Requirements
    2. Incident Response/Recovery
      1. Associated Threats
      2. Plans
        1. Steps
      3. Maintenance
        1. Test plans
        2. Test Results
    3. Templates
    4. Maintenance
    5. Reports BCM
  12. Database Settings
    1. Database Upgrade
    2. Add Existing
    3. Remove
    4. Migrate
    5. Backup
    6. Restore
  13. Glossary
  14. Calculations

4.7.Threats

RM Studio includes an ISMS Threat library that is optimized for ISO 27001, but this may not be a complete Threat and Vulnerability library for your specific information security requirements. You can add, delete, or modify all included threats to better tailor the library to meet your needs, as well as change the associations with categories and controls.

When creating new Threat, the new Threat must have a Name, be assigned to a Category and linked to mitigating controls from the Standard you are preparing to implement or existing company process or procedure.

How to Create a New Threat

  1. Name the threat with great detail. The more precise the name the better it is for other people to understand and use, and the same is true for the description of the new threat.
  2. Input a detailed description of the threat, and identify the key markers of the threat.
  3. Threat Type is used for sorting purposes and can be used to specify types of threats for specific departments, divisions, etc. Threat Types are created separately and selected in a drop down.
  4. The status is Active or Inactive and by default all new threats are active. You may choose to inactivate a threat until a specific time or after using RM Studio for a period of time, a threat may become irrelevant and then be changed to inactive.

Categories

To assign the Threat to a Category navigate to the Category tab and click on the “Add New Categories” icon. You will then be presented with a list of Categories. Select one Category and click the OK button to assign it to the Threat. You can add more Categories to a Threat by repeating these steps.

Threatened Assets

The Threatened Assets tab aggregates all the Assets from all the Assessments that have been marked as threatened by the respective Threats.

Mitigating Controls

Under Mitigating Controls you can define which Controls work against a given Threat. To add a new Mitigating Control from the Control list you must click on the “Add New Mitigating Control” icon on the Mitigating Controls Toolbar.

Threat Types are a way to categorize threats for easy identification for the users. All predefined threats are assigned to the “Stiki” threat Type.

Threat Types is where you set the name for the Threat type in your Threats list. Every Threat in RM Studio is by default assigned to the Created By Stiki type and now you can create your own types and categorize your Threats.

The only thing to do here is to open up Threats > Threat Types, press add new button, give the new type a name and save. From there you can navigate to Threats, press the refresh button, create Threats and assign your type to them. You can also change the ones that are assigned to Stiki to your new type. Furthermore you can also remove the type and leave it BLANK with no type at all.

To assign, remove or delete type’s right-click the type assigned to the Threat and navigate to Type and change the settings.

« Asset AttributesStandards/Controls »
Suggest Edit