1. Introduction
    1. Licensing
    2. System Requirements
    3. Setup and Installation
  2. Getting Started
    1. Creating a Database
    2. RM Studio Users/Contacts
    3. Email Configuration
    4. Web Module Setup
    5. Web Module Update
  3. Navigating RM Studio
    1. Main Menu
      1. Save Function
      2. Import External Data
        1. Import Assets
      3. Clear User Cache
      4. Security
      5. Properties
      6. Languages
      7. Registration
      8. User Manual
      9. Manage Checkouts
      10. About
      11. Application Style
    2. Navigation Tree
    3. Tabs
    4. The Grid
    5. Context & Flow
  4. Common Entities
    1. Business Entities
      1. Asset Details - Basic Information tab
      2. Asset Details - Risks tab
      3. Asset Details - Categories tab
      4. Asset Details - Business Entities tab
    2. Contacts
    3. Teams
    4. Categories
    5. Assets
    6. Threats
    7. Standards/Controls
      1. How to: Standards, Regulations, Controls
      2. Standards Implementation Comparison
    8. Documents
  5. Gap Analysis
    1. How to: Gap Analysis
    2. Reporting
  6. Risk Assessment
    1. How to: Risk Assessment
      1. Working with Assets
      2. Evaluation Values
      3. Evaluating Risks
      4. Various Definitions
      5. Risk Assessment Reporting
    2. Risk Owner Tasks
    3. Risk Profile
  7. Web Module
    1. Dashboard
    2. My Tasks
    3. Reports
    4. Standards/Regulations
    5. Documents
    6. Incidents
    7. Risk Owner Web Solution
  8. Control Assessment
    1. Control Assessment Templates
    2. Control Assessment
    3. Reports - Control Assessment
  9. Risk Treatment
    1. How to: Risk Treatment
      1. Risk Treatment Templates
      2. Risk Criteria
      3. Asset Level
      4. Controls Tab
      5. Scheduling a Future Control
      6. Future Controls Tab
      7. Overview
      8. Reload Assets, Threats and Controls
    2. Risk Treatment Reports
  10. STPA
    1. STPA Projects
    2. Models and Diagrams
      1. How to: Create CS Models
      2. How to: Create CS Diagram
        1. Diagram Elements
        2. Models Progress Check
    3. Analyses
      1. How to: Define Purpose of Analysis
      2. Losses
      3. Hazards
      4. Relationship
      5. Constraints
      6. How to: Identify UCAs
      7. How to: Identify Loss Scenarios
        1. Loss Scenario Progress Check
    4. Reporting
    5. Global Properties
  11. Business Continuity Management Module
    1. Organization
      1. New Organization
      2. Stakeholders
      3. Resources/Processes
        1. Impact Analysis
        2. Requirements
    2. Incident Response/Recovery
      1. Associated Threats
      2. Plans
        1. Steps
      3. Maintenance
        1. Test plans
        2. Test Results
    3. Templates
    4. Maintenance
    5. Reports BCM
  12. Database Settings
    1. Database Upgrade
    2. Add Existing
    3. Remove
    4. Migrate
    5. Backup
    6. Restore
  13. Glossary
  14. Calculations

6.1.4.Various Definitions

Scope and Basic Criteria

In the Scope and Basic Criteria field you will enter the defined Scope for your Assessment along with the Basic Criteria that you have given yourself.

The Scope will define all the aspects that you will take into account when doing your Assessment.

The Basic Criteria will state how much Risk you are willing to accept i.e. the minimum level of Risk.

See the following text for an example of “Scope and Basic Criteria”

  • Risk Criteria
    • According to the Standard ISO/IEC 27001:2005
  • Risk Assessment approach and criteria
    • For Risk Assessment according to the Standard: ISO/IEC 27001:2005 Information Technology – Secure Techniques – Information Security Management Systems – Requirements.
    • In accordance to Fritz & Son’s information security policy, accepted in March 2009. Fritz & Son’s security forum has approved the method used in·RM Studio·Risk Assessment··process for use in Risk Assessments at Fritz & Son. Information assets have been defined as group assets. Value of assets has been assessed as well as their properties regarding confidentiality, integrity and availability (CIA). Threats to assets have been identified, the probability of occurrence and impact have been estimated. Vulnerability of assets towards a threat has also been estimated.
  • In this method the risk calculations is based on the following evaluations:
    • The value of the asset
    • The probability of a specific threat
    • The impact of the threat
    • The vulnerability of the Asset
    • Base Security risk is the real risk as evaluated by the user regarding the 4 variables through a 4th dimensional matrix.

Relationship Between Assets and Threats

RM Studio contains a database of Threats. If you want to create a new Threat at this point, then you must first save and close the current Assessment before creating a “New Threat” in the Threat module of RM Studio.

Each Threat must be examined. If you do not agree that a Threat is imminent, you can delete it by highlighting the Threat.

Enter information in the Description window to support the Assessment.

Evaluation Values

The values registered for the properties of the Threat are used for calculating the Security Risk. In the Standard Evaluation Template the properties are: Impact, Probability and Vulnerability. The values for each of the properties can be defined as Immense, Very High, High, Medium or Low. The definitions of the terms can be found in the Definitions of Threat Properties.

The properties and their values can be adjusted as needed via the Evaluation Templates.


The Impact of Threat property assesses how serious the consequences are should the Threat occur.


The Probability of Threat property dictates how likely a Threat is to occur.


The Vulnerability of Asset property evaluates how vulnerable the Asset is to the Threat.


RM Studio provides powerful trace-ability capabilities, with a complete version history on Risk Assessments. Users can now call up a version history for any Assessment and view previous versions as a whole or dig down into the individual building blocks of the Assessment, such as Assets and Risks. The version history will be applied to other elements of RM Studio and made even more powerful in our future releases.

Item History

If you right-click on a Risk Assessment, an Asset in Assessment, or a Risk, you can choose History from the context menu. This will bring up the Item History window (1). This window shows the entire history for this particular item. You will see the ID of the Change-set associated with the history entry, the action taken, who performed the action and when.

If you then right click on any entry in the Item History window, you can choose “View Item”, “Change-set details”, and if you are viewing the item history for an Assessment, you can choose “View Assessment version”.

Suggest Edit