Control Risk Strategies
The control risk strategy will only be completed after the resource attribute valuation (Confidentiality, Integrity and Availability), Control Maturity Assessment and the Riskrisk Assessment entity are complete.
Divisions
This shows the maximum risk associated with each of the divisions The tan indicator shows that the risk assessment or control assessment is still in progress so the results of the risk assessment are not yet visible.
Controls
This shows all applicable controls and the related risk score of that control, also displayed is the risk treatment action. Clicking on a control will populate the control overview tab and show the following information.
Control Overview
This shows the 3 values for risk:
These can be modified within the Home -> Organisation -> RA Setup -> View Risk Types.
Risk Treatment Decision
A risk strategy can then be allocated to the controlled risk. The risk owner will be defaulted as the control owner but can be set as any contact within Abriska. An action description allows any difference from the recommendation to be recorded.
The default risk decisions are explained below.
Threats
This tab will only be populated once you click on the “Threat” button at the top of the control overview tab. It shows all of the threats that are related to this control, any therefore what threats the organisation is being exposed to having this control at this level of maturity. The maximum score on this table will be the maximum score for the control.
Resources
This tab will only be populated once you click on the “Threat” button at the top of the control overview tab and then click on a threat and it will display all of the related resources. This will show all of the resources that are exposed to this threat as a result of the maturity of this control.
Back to Control Maturity Assessment