One of the core features in Diri is the use of predefined libraries with suggestions and categorization, available in Step 3 – Risk Assessment. These libraries include Threats, Vulnerabilities, Events, and Consequences, which users can select from and expand as needed during their risk assessments.
This significantly reduces the workload, as users don’t need to come up with every item on their own. Based on research and experience, we know that a relatively limited set of events and consequences tend to occur in cybersecurity contexts. However, we also acknowledge that certain events may be unique to specific systems. For that reason, users can add custom entries to the libraries when necessary.
While in the risk assessment, you can open the knowledge libraries by clicking "New event" or "New category" or editing an existing one. Clickin "New event" will open the following prompt:
In the above prompt, you can choose an existing event from the list that appears by clicking "Select event". The event library contains many cybersecurity events that you can work with in the risk assessment. The event selection is a category and you can provide a description in the text field below.
You can add a new event to your risk assessment, if none of the existing events are what you are looking for you can click "Add new event" as illustrated below:
Your new event will only be visible to users of this specific risk assessment. Check the box and type the event name you want to work with. You will be asked to give both the name of the event in your current language and an English description. If both are in English, feel free to duplicate the name. Click "Save" and the new event will appear in the original list.