Today we officially released the newest version of Risk Management Studio, v4.8. The new release includes several new upgrades to the standards available for deployment and small modifications to the interface and reporting.
We added two new standards that have been requested by our customers, as well as modified one standard from a previous release per our customers preferences.
- Internal Control – Integrated Framework by Committee of Sponsoring Organizations of the Treadway Commission (COSO), this standard has no mapping between Threats and Controls, so users will need to create the Category/Threat mapping if they are going to use the controls in Risk Treatment.
- ISO 31000:2009, this standard provides principles and generic guidelines on risk management. Users will need to create the category/threat mapping if you are going to use the controls in Risk Treatment.
- PCI-DSS 3.0, revision 2.0, this is an update to the standard PCI-DSS 3.0, but is following more with best practices from our clients. Sub-requirements of the Standard eg. (a. b. c. etc) folded under the main requirements for a more complete view of the implementation. The Standard includes default mappings between the Threat – Categories – Controls, but can be edited to meet your organizations exact needs in the Risk Treatment.
- A Control to Threat mapping wizard was added to the Insight tool. In the Insight tool (found under the Menu, second from the bottom of the list) you will see the default mapping we include with RM Studio. Administrators may edit this mapping by right clicking the Threats and using the selection wizard to choose the applicable Threats for the Control.
- A few reports were modified as well:
- There was a bug in the reports where the Rich Text Editor didn’t display the hyperlink properly
- Risk Owners have been added to the “Assets with Threats” report
- Cosmetic changes made to multiple reports
- General modifications to the system include:
-
- deleting Categories from the Threat window,
- text in the Risk Treatment modified to match with the Risk Management System Standards (ISO 31000 and ISO/IEC 27005)
- Inherent Risk (was Base Risk)
- Residual Risk (was Current Risk)