Release of the RM Studio v5.6
Here at Stiki – Information Security we continue to improve our integrated risk management framework solution, RM Studio. The latest release is not a major upgrade to the previous version, but it does include several nice improvements. Some of the improvements are directly requested by a few our users and we always strive to meet the needs of our customers.
Systems-Theoretic Process Analysis (STPA): UPDATE!
Over the past 2.5 years a large portion of our resources have been occupied with designing and developing a ground-breaking software for the engineering world. When the project started our vision was to create a solution for performing STPA for the purposes of Engineering a Safer World. But in addition to, we intended on creating the integrated risk management framework solution that will utilize STPA methodology in cybersecurity/ infosec risk management.
What is STPA? Check here.
We recently attended the 6th Annual European STAMP/STPA Workshop and Conference at the Amsterdam University of Applied Sciences. At the conference we held a tutorial session demonstrating the niché STPA software that will be available at the beginning of 2019. The software provides all the necessary tools to perform STPA for identification of socio-technical systems safety, hazards and losses including:
- Hierarchical Control Structure diagramming through a tremendous graphical library provided by yWorks.
- Hazards and losses identification and relationship diagramming
- Linking of constraints
- Unsafe control action assessment
- Control loop loss scenarios
- Reporting of all the analysis data and diagrams
For more information or to schedule a demo, contact us: email@example.com.
RM Studio v5.6 Release notes
- Added a new report: Controls in Risk Treatment
- The new report presents the Risk Treatment(s) that contain the requirements or controls of the chosen standard or regulation along with the current implementation status from the Treatment.
- Added a justification text field to the risk and asset evaluation factors in the Risk Assessment
- The text field allows the user to input justification or reasoning for the why the selected evaluation was chosen for a risk or asset evaluation factor (e.g. why a value of “High” was chosen for “Impact” on a specific risk).
- Note: The justification text is an optional feature that is enabled in the Risk Profile for the evaluation factors where a justification is desired (justifications are not enabled by default).
- Also enabled on the web solution as part of the risk owner surveys (tasks)- see Web 2.1 below
- Report logos are now stored in the RM Studio database. The database update process will attempt to automatically upload existing logos to the database from the file system. A warning will be displayed for those logos that can’t be automatically uploaded and will need to be manually uploaded after the update.
- Added a list to Standard Mapping Sets that shows all controls/requirements and their mappings to the standards/regulations
- Fixed various bugs in the Data Management module
- Fixed a bug in ISO 27001:2013 where clause 5.1.h appeared under section 5.2
RMS – Web 2.1
- When performing a Risk Evaluation task, risk owners provide justification text for their risk evaluations to the Risk Assessment managers for a better understanding of the risk owner’s chosen levels of risk.
- Note: the justifications for evaluations must be enable in the Risk Profile
RMS – Web API 1.2
- Added a new field to AssetEvaluation and RiskEvaluation models for justification text