¶ Applying Asset, Threat, and Vulnerability analysis for your users
Diri has a great feature for sharing risk related information with your users, if you already have, or are in the process of making, overall asset, threat, and vulnerability analysis. In Diri, you can share and reuse standardized assessments across your organization to make risk work more consistent, efficient, and aligned.
¶ How it works
Administrators can configure a standard set of assets, threats, and vulnerabilities. These items are can be set as write-protected at the top level and can be inherited by suborganizations. Users in suborganizations can then choose from and utilize these shared elements in their own risk assessments. The options for “Can modify” and “Use inherited” are set in the tables as a default setting, but can also be found by using the managed tables feature “Configure”.
In the above example the suborganizations will both receive and be able to modify the threats.
¶ Assets
Shared assets can be added directly to risk assessments. Each asset includes predefined confidentiality, integrity, and availability (CIA) levels set at the top level. These CIA levels serve as a guide for consequence assessment, helping ensure consistency across the organization.
¶ Threats
Threats have a name, description, and threat level. The threat level can be used to guide the probability in your risk assessments. Threats can be marked as editable or inheritable depending on admin settings.
¶ Vulnerabilities
Vulnerabilities include a name, description, and exposure level. The exposure level can be used to guide the probability or likelihood component of your risk analysis. Like threats, vulnerabilities can be shared or customized locally depending on inheritance settings.
¶ Benefits
This feature ensures consistent terminology and scoring across all organizational levels, simplifies the process of creating new risk assessments by reusing established elements, and provides a more streamlined assessment process built on the same decision basis. It also helps maintain central control while allowing flexibility in suborganizations.
¶ Admin settings
Administrators can define which items are write-protected, choose whether items are inheritable by suborganizations, and maintain shared libraries for all users.
If you are an administrator, go to your organization’s sentral registers on the top level to set which should be inherited.
If you are a user, these shared assets, threats, and vulnerabilities will be available when adding items to your risk assessments.