Default Records and Text
There is presently a range of default data that you will see in the system, including the following:
- Asset Categories: These are relevant to the Asset Criticality Assessment within each assessment and enable Assessors to group assets under common categories (e.g. employees, contractors and visitors are all categorised as ‘People’). These enable Assessors to describe assets are higher level categories within their reports, rather than to list every individual asset. Default Asset Categories can only be edited by the Account Administrator – Organisational and Business Units Administrators can edit those applicable to their entities only.
- Risk Types: These are relevant to the Risk Register and allow Assessors to associate individual risks with risk categories for reporting purposes. Default Risk, Types can only be edited by the Account Administrator – Organisational and Business Units Administrators can edit those applicable to their entities only.
- Criteria: Default Asset Criticality, Threat, Risk Control Effectiveness and Risk Criteria exist within the system and can be used as is, or adjusted and saved under a different name for future use. This enables quick orientation for users, in terms of how criteria is intended to be constructed, and in many cases it can be used as is.
- Hazards and Events – Threat Actors and Acts: A default list of these appear within the Threat/Hazard Assessment stage of a risk assessment, enabling users to quickly delete what they don’t need and populate the remainder.
- Control Categories and Controls: Similarly, the Risk Control Effectiveness (RCE) Assessments contains a quantity of default content to guide users – this can be deleted if not needed, or repurposed (if users have permissions to do so) to speed the assessment process along.