RM Studio v5.6 Release – STPA Update

Release of the RM Studio v5.6

Here at Stiki – Information Security we continue to improve our integrated risk management framework solution, RM Studio. The latest release is not a major upgrade to the previous version, but it does include several nice improvements. Some of the improvements are directly requested by a few our users and we always strive to meet the needs of our customers.

Systems-Theoretic Process Analysis (STPA): UPDATE!

Over the past 2.5 years a large portion of our resources have been occupied with designing and developing a ground-breaking software for the engineering world. When the project started our vision was to create a solution for performing STPA for the purposes of Engineering a Safer World. But in addition to, we intended on creating the integrated risk management framework solution that will utilize STPA methodology in cybersecurity/ infosec risk management.

What is STPA? Check here.

We recently attended the 6th Annual European STAMP/STPA Workshop and Conference at the Amsterdam University of Applied Sciences. At the conference we held a tutorial session demonstrating the niché STPA software that will be available at the beginning of 2019. The software provides all the necessary tools to perform STPA for identification of socio-technical systems safety, hazards and losses including:

• Hierarchical Control Structure diagramming through a tremendous graphical library provided by yWorks.
• Hazards and losses identification and relationship diagramming
• Linking of constraints
• Unsafe control action assessment
• Control loop loss scenarios
• Reporting of all the analysis data and diagrams

For more information or to schedule a demo, contact us: sales@riskmanagementstudio.com.

RM Studio v5.6 Release notes

New Features:

• Added a new report: Controls in Risk Treatment
  • The new report presents the Risk Treatment(s) that contain the requirements or controls of the chosen standard or regulation along with the current implementation status from the Treatment.
• Added a justification text field to the risk and asset evaluation factors in the Risk Assessment
  • The text field allows the user to input justification or reasoning for the why the selected evaluation was chosen for a risk or asset evaluation factor (e.g. why a value of “High” was chosen for “Impact” on a specific risk).
  • Note: The justification text is an optional feature that is enabled in the Risk Profile for the evaluation factors where a justification is desired (justifications are not enabled by default).
  • Also enabled on the web solution as part of the risk owner surveys (tasks)- see Web 2.1 below

Improvements/Modifications:

• Report logos are now stored in the RM Studio database. The database update process will attempt to automatically upload existing logos to the database from the file system. A warning will be displayed for those logos that can’t be automatically uploaded and will need to be manually uploaded after the update.
• Added a list to Standard Mapping Sets that shows all controls/requirements and their mappings to the standards/regulations

Bug fixes:

• Fixed various bugs in the Data Management module
• Fixed a bug in ISO 27001:2013 where clause 5.1.h appeared under section 5.2

RMS – Web 2.1

New Features:

• When performing a Risk Evaluation task, risk owners provide justification text for their risk evaluations to the Risk Assessment managers for a better understanding of the risk owner’s chosen levels of risk.
• Note: the justifications for evaluations must be enable in the Risk Profile

RMS – Web API 1.2

New Features:

• Added a new field to AssetEvaluation and RiskEvaluation models for justification text