Secureframe is thrilled to elevate our services to meet the evolving needs of our valued clients. We're proud to unveil our new and improved Risk Management module! In response to valuable feedback from our community, we've refined and improved our Risk Management module to offer greater flexibility and enhanced functionality. We're committed to providing the best experience for our users
Main features:
- Risk Library
- Robust workflows for risk assessment
- Robust workflows for risk review
- Robust workflow for risk mitigation and remediation
Our new Risk Management module is to help users streamline their risk identification, assessment, and management process. Using our new module & workflows, users can determine which risks are truly applicable to them and determine how to handle them.
Risk Library/workflow
Our new risk library contains hundreds of common & pre- populated risks that you can select from and assess as you conduct your risk due diligence. As you add any of these risks to your Risk Management module, you will be able to review, document, treat the risk as needed for your risk management posture. If none of these risks apply to your organization, that’s fine, you can create custom risks!
In addition to our risk library, Secureframe allows you to create custom risks for your organization. Users have the same capabilities with these risks as the ones from the risk library, just with more customization capabilities.
This is the first page within the risk assessment workflow and is where crucial details for each risk are to be inputted and defined. The platform includes validations to ensure that critical information is entered. If these are not filled out, the platform will not allow you to complete the risk assessment. The details page as seen below includes risk formula calculations and the appropriate owner, departments, category, and tags defined for each risk.
Assessment
As you create or select risks, you will need to conduct a risk assessment for each risk. This risk assessment involves selecting the impact and likelihood scores which are part of the formula to calculate overall risk. The likelihood-impact risk formula assesses the potential risk of an event by considering the probability of its occurrence (likelihood) multiplied by the magnitude of its potential consequences (impact). This helps prioritize and manage risks based on their overall potential impact on a system or project.
Treatment
Within the treatment section, your organization will determine how to handle the risk, whether that be via risk acceptance, transfer, avoidance, or mitigation. Within this screen you will justify any decisions regarding treatment as well as residual risk. Residual risk is the amount of risk or danger associated with an action or event remaining after natural or inherent risks have been reduced by risk controls.
- Acceptance - Retain the risk as-is with no further changes.
- Transfer - Shift the risk outside of your organization, e.g., cyber liability insurance
- Avoid - Fix the risk and remove the risk entirely or reduce the threat of the risk.
- Mitigation - Identify controls or other solutions to put in place that can reduce the threat of the risk.
Review
This is where the risk assessment is completed. Please confirm all information and ensure the completeness and accuracy of it prior to hitting “complete assessment”.
Categories
These can be used to organize risks.
Draft/Complete
Risks have two stages; draft and complete. Risks in draft can be worked on, completed, or deleted and are fully customizable as needed. Completed risks can be edited, however they must be reverted to draft in order to do that. Additionally, you can click into each risk to see relevant risk details and calculations.
View History
View history is where users and/or auditors can export a history of risks and actions taken for them when needed for an audit or security questionnaire. Any updates to the risk item are captured here in a change log.
Risk Management Settings
Within settings, users can configure their “tags” and their “scoring” configurations. Please see the respective sections below for more information.
Tags
Tags are used to assign relevant details, categories, & information to individual risks. Similar to categories, tags help risks provide context & information to the admins that are responsible for risk management. Secureframe provides Categories and Departments for you to choose from, but you can customize or add tags if needed.
Scoring
This is where users can assign or set weights for respective risk scores. Different scores & weights may impact different organizations differently, so we wanted to give our users the flexibility to weigh scores differently. Be sure to edit scoring before adding risks.
Comments
0 comments
Article is closed for comments.