📊Creating your first risk assessment

Small tutorial to learn how to create your first compliance assessment

How to create a risk assessment

1. Firstly, we need to import some external objects before starting our risk assessment: a matrix, threats and reference controls.

2. We can create the risk assessment, and let's take a look inside.

3. We find three parts: details about the assessment, the list of associated risk scenarios and the risk matrix view.

4. Let's add the first scenario and do the current assessment of it.

You can see that I didn't find the threat I was looking for in the imported library, so I decided to create my custom threat.

5. From now on, you won't necessarily follow the same steps depending on your needs. In this example I choose to mitigate the scenario by creating an applied control for it.

6. We go back in the scenario edit view, add the freshly created applied control, do the residual assessment and choose a strength of knowledge level.

As you can see, back in the risk assessment view, the current and residual scenario were added in matrix views with a diamond to indicate the strength of knowledge. To find out more about this concept, take a look at the Risk analysis introduction from the Society of Risk Analysis.

Congratulation! 🎉 If you followed the three last pages, you have just created your first assessments on CISO Assistant! The following section will show you how to use our management tools 🔎