1. Introduction
    1. Licensing
    2. System Requirements
    3. Setup and Installation
  2. Getting Started
    1. Creating a Database
    2. RM Studio Users/Contacts
    3. Email Configuration
    4. Web Module Setup
    5. Web Module Update
  3. Navigating RM Studio
    1. Main Menu
      1. Save Function
      2. Import External Data
        1. Import Assets
      3. Clear User Cache
      4. Security
      5. Properties
      6. Languages
      7. Registration
      8. User Manual
      9. Manage Checkouts
      10. About
      11. Application Style
    2. Navigation Tree
    3. Tabs
    4. The Grid
    5. Context & Flow
  4. Common Entities
    1. Business Entities
      1. Asset Details - Basic Information tab
      2. Asset Details - Risks tab
      3. Asset Details - Categories tab
      4. Asset Details - Business Entities tab
    2. Contacts
    3. Teams
    4. Categories
    5. Assets
    6. Threats
    7. Standards/Controls
      1. How to: Standards, Regulations, Controls
      2. Standards Implementation Comparison
    8. Documents
  5. Gap Analysis
    1. How to: Gap Analysis
    2. Reporting
  6. Risk Assessment
    1. How to: Risk Assessment
      1. Working with Assets
      2. Evaluation Values
      3. Evaluating Risks
      4. Various Definitions
      5. Risk Assessment Reporting
    2. Evaluation Templates
    3. Risk Owner Web Solution
  7. Web Module
    1. Dashboard
    2. My Tasks
    3. Reports
    4. Standards/Regulations
    5. Documents
    6. Incidents
    7. Risk Owner Web Solution
  8. Control Maturity and Effectiveness Assessment
    1. Control Assessment Templates
    2. Reporting
  9. Risk Treatment
    1. How to: Risk Treatment
      1. Risk Treatment Templates
      2. Risk Criteria
      3. Asset Level
      4. Controls Tab
      5. Scheduling a Future Control
      6. Future Controls Tab
      7. Overview
      8. Reload Assets, Threats and Controls
    2. Risk Treatment Reports
  10. STPA
    1. STPA Projects
    2. Models and Diagrams
      1. How to: Create CS Models
        1. Models Progress Check
      2. How to: Create CS Diagram
        1. Diagram Elements
    3. Analyses
      1. How to: Define Purpose of Analysis
      2. Losses
      3. Hazards
      4. Relationship
      5. Constraints
      6. How to: Identify UCAs
        1. UCA Progress Check
      7. How to: Identify Loss Scenarios
        1. Loss Scenario Progress Check
    4. Reporting
    5. Global Properties
  11. Business Continuity Management Module
    1. Organization
      1. New Organization
      2. Stakeholders
      3. Resources/Processes
        1. Impact Analysis
        2. Requirements
    2. Incident Response/Recovery
      1. Associated Threats
      2. Plans
        1. Steps
      3. Maintenance
        1. Test plans
        2. Test Results
    3. Templates
    4. Maintenance
    5. Reports BCM
  12. Database Settings
    1. Database Upgrade
    2. Add Existing
    3. Remove
    4. Migrate
    5. Backup
    6. Restore
  13. Glossary
  14. Calculations

6.1.1.Working with Assets

To enter the Risk Assessment double click the risk assessment you want to execute and it’ll pop up in a tab below the Risk Assessment tab (1). Next to it is the Assets tab (2). Select the Assets tab and click on the plus sign to select an asset (3). That will open up a pop up which displays the assets you already defined. See 4.5 Assets for more detail on that.

Now that you’ve selected an asset to do an assessment on, you must choose who’s responsible for that Asset (4). According to the ISO 27002 Standard, a Responsible Person (Owner) must be registered for all information Assets in addition to assessing their Confidentiality, Integrity and Availability. The Responsible Person cannot be the Business Entity itself, but must be a specific individual who is registered under a name or job position.

Then you can select an operator.The Responsible Person and the Operator need not be the same person. The Operator is also selected from a drop down list (5).

The System Administrator can be the Operator, while the head of the IT division is the person Responsible for the Asset.

 

« How to: Risk AssessmentEvaluation Values »
Suggest Edit