Assessing and Establishing Your Risk Management Policy
ISO 27001 – Information Security Management System
One of the value adding features of RM Studio is the ability to create your own custom Evaluation Templates. RM Studio comes equipped with two Evaluation Templates that are developed based on ISO 27001 methodology.
The Evaluation Template is used to qualitatively evaluate threats and assets in RM Studio. The Evaluation Templates within RM Studio can be tailored to each user’s unique needs. The default value settings for each factor are: Low (1), Medium (2), High (3), Very High (4), and Immense (5). These factors were developed to comply with the ISO/IEC 27001 standard.
The RM Studio default settings for the Asset Evaluation Template are:
- Value: The quantitative financial value of the asset. The greater the factor score the more difficult it is to replace the asset.
- Confidentiality: The level of awareness that is acceptable regarding the asset. The greater the factor the score, the higher the level of confidentiality.
- Integrity: The level of accuracy the asset must exhibit. The greater the factor score, the greater the importance of accuracy.
- Availability: The level of availability of the asset in regards to business operations. The greater the factor score, the greater the asset is accessible for business operations.
The RM Studio default settings for the Threats Evaluation Template are:
- Probability: The likelihood the event will occur. The greater the factor score, the greater the likelihood of occurrence.
- Impact: The level of disruption the event has on the specific asset. The greater the factor score, the greater the disruption.
- Vulnerability: The level of damage caused by the event to the specific asset. The greater the factor score, the greater the damage to the usability of the asset.
The following outlines how to create a custom evaluation template in RM Studio.
Step 1: Launch the Evaluation Template Creator
- In the Menu Tree, Assessment and Treatment → Templates and double-click on Evaluation Templates.
- The Evaluation Templates creator appears.
Step 2: Add Evaluation Template
- In the Evaluation Templates creator, select Add Evaluation Template.
- In the Name field, enter the name of the new evaluation template (Example: “Custom Threat Evaluation”).
- In the Description field, enter an appropriate description of the evaluation template.
Step 3: Create a Template Factor
- Select Add Template Factor.
- A new row appears below the new evaluation template and the Template Factor Information pane is displayed.
- In the Name field, enter the name of the new evaluation factor (Example: Political Instability).
- In the Description field, enter an appropriate description of the evaluation factor (Example: “The level of political stability for the site location.”).
Step 4: Adding factor values.
- Select the new evaluation template.
- Select Add Factor Value.
- The Factor Value Information pane will appear.
- In the Name field, enter the name of the new factor value (Example: Low).
- In the Factor field, provide a value for the factor (Example: 1).
- In the Description field, provide a detailed description of the factor value (Example: The local political environment is stable, and there are no foreseeable issues).
- These steps should be repeated until all desired factor values have been established.
- Once the factor values have been entered, click Apply.
Users can create multiple Evaluation Templates based on their unique needs. It is important to remember that Evaluation Templates are used to assess either assets or threats in RM Studio.
For more information on RM Studio, contact our support department at firstname.lastname@example.org.