Media content

Key Benefits

Risk Assessment Methodology

Configuration of threats with probability and scenarios (manual, daily, M times in N days/years). Financial, operational, and reputational impact levels with country-specific translations. Risk level calculation using a formula that considers asset criticality.

Vulnerabilities & Response Measures

Registry of vulnerabilities linked to asset types; asset-to-vulnerability mapping. Response measures: type, status, responsible person, deadline, residual risk, effectiveness, cost, priority, monitoring frequency, and next review date.

Reports & Scheduled Distributions

Generate risk reports in various formats; report profiles for quick generation. Scheduled reports with recurring execution and email delivery; execution history with attachments.

Export, Import & AI

Export risk calculations, response measures, and vulnerabilities to Excel/CSV. Import vulnerabilities from CSV. Guides with translations; optional AI-powered threat analysis, vulnerability generation, and remediation measure suggestions.

Features & Capabilities

Configuration & Directories

  • Risk assessment configuration and guide with country-specific translations
  • Threats: name, description, risks, probability, and impact with translations
  • Financial, operational, and reputational impact levels with criteria and translations
  • Risk and residual risk levels with translations
  • Response measure types and statuses, effectiveness, priority, monitoring frequency

Threats & Probability

  • Threat registry with code, description, and risk description
  • Probability: manual entry or scenario-based (daily, M times in N days/years)
  • Impact: single value or combination of financial, operational, reputational impact
  • Automatic recalculation of probability and impact when scenario or levels change
  • Country-specific threat translations; optional AI-powered translation

Vulnerabilities

  • Vulnerability registry linked to information asset types
  • Threats associated with each vulnerability
  • Remediation controls (link to another vulnerability)
  • Country-specific vulnerability translations; CSV/Excel import and export
  • Optional AI-powered generation of vulnerabilities and remediation measures

Asset-Based Risk Assessment

  • Link vulnerabilities to information assets with status (Yes/No)
  • Risk level calculation: probability × impact × asset criticality
  • Manual risk level assignment (override)
  • Risk assessment dashboard with filters and detailed view
  • Export risk calculations and assets to Excel

Risk Response Measures

  • Measures for asset–vulnerability pairs: type, description, responsible person, deadline, status
  • Residual risk level and justification
  • Measure effectiveness, metrics, and evaluation date
  • Implementation and annual maintenance costs, resources, ROI estimate
  • Priority, monitoring frequency, next review date; measure attachments

Reports & Scheduled Reports

  • Generate risk reports based on selected parameters and format
  • Report profiles: saved settings for quick generation and link sharing
  • Scheduled reports: schedule, format, recipients; automatic execution and email delivery
  • Execution history of scheduled reports and download of generated files
  • Report guide with country-specific translations

Acceptable Risk & Access Control

  • Define acceptable risk level; record deletion
  • Group and company-based access: configuration, risk assessment, reports
  • Permissions: view, edit, add, and delete reports

Use Cases

Risk Assessment by Assets and Vulnerabilities

Configure threats with probability and impact, maintain a vulnerability registry by asset type. Link vulnerabilities to information assets; the system calculates the risk level considering asset criticality. View results on the risk assessment dashboard, filter by company, and export to Excel.

Planning and Monitoring Response Measures

For each asset–vulnerability pair, create response measures: type, responsible person, deadline, status. Evaluate residual risk, effectiveness, cost, and priority; set monitoring frequency and next review date. Add attachments and track change history.

Reports for Management and Audit

Generate risk reports in the required format for selected companies and parameters. Save report profiles for reuse or link sharing. Schedule reports for email delivery; download archives from execution history.

Acceptable Risk and Manual Override

Define the organization's acceptable risk level. If needed, manually override the risk level for specific threat–asset pairs. The system considers overrides in calculations and reports.

Vulnerabilities: Import, Export, and AI

Import vulnerabilities from CSV using a template; export the registry to CSV or Excel. Use guides with country-specific translations. Optionally, leverage AI for threat analysis, generating vulnerability descriptions, and suggesting remediation measures.

Technical Details

Architecture

Risk assessment module: configuration (threats, impact and risk levels), vulnerabilities linked to asset types, asset-to-vulnerability mapping, risk level calculation using a formula that considers criticality. Response measures with types, statuses, residual risk, effectiveness, cost, and monitoring. Reports, report profiles, and scheduled reports with recurring execution and email delivery. Data is stored in the project database; emails are sent via the mail configuration.

Security

Access to configuration, risk assessment, and reports is managed by user groups and company lists. Permissions are checked for adding, editing, and deleting reports and profiles. CSRF protection; input validation. Audit log of actions related to risk assessment.

Scalability

Threat, vulnerability, asset, and measure data is stored in the database; lists use pagination. Optimized queries for risk calculation and report generation. Scheduled reports are executed on a schedule (using project queues/scheduler). Suitable for typical deployments.

Customization

Financial, operational, and reputational impact levels with criteria and examples; risk and residual risk levels; measure types, statuses, effectiveness, priority, monitoring frequency — all with country-specific translations. Guides with translations; optional AI-powered translation and text generation.

Frequently Asked Questions

How is the risk level calculated?

The risk level is calculated based on the probability of threat occurrence, the impact value (or a combination of financial, operational, and reputational impact), and the criticality of the information asset. The formula considers the vulnerability-to-asset linkage and its status (presence/absence of the vulnerability). The result is displayed as a risk level from the directory.

What are risk response measures?

Response measures are planned actions for an asset–vulnerability pair: measure type, description, responsible person, deadline, status. Additionally, you can specify the residual risk level after implementation, effectiveness, cost, priority, monitoring frequency, and next review date. Attachments can be added to the measure.

Can I schedule automatic report distribution?

Yes. The module includes scheduled reports: you choose a schedule, report format, and recipients (via email). The system generates the report on schedule and sends it to the specified addresses. Execution history is preserved; you can download the generated file.

How do I import vulnerabilities?

Vulnerabilities can be imported from a CSV file using a template. Download the template, fill in your data, and upload the file. Exporting vulnerabilities to CSV and Excel is also available for backup or external processing.

What is the acceptable risk level?

The acceptable risk level is a threshold that the organization considers tolerable. It can be set in the module. If needed, a manual override can be applied to specific calculations, which is used instead of the automatically calculated level.

Is AI support available in the risk module?

Yes, optional features include: threat analysis, generation of vulnerability descriptions and remediation measures, and translation of threat and vulnerability texts using AI. Guides support AI-powered translation. The availability of these features depends on the AI provider configuration in the project.

How is access restricted by company?

Access to risk assessment configuration, asset-based risk evaluation, and reports is configured via user groups. Each group can be assigned a list of companies: users only see assets and data related to those companies. Separate permissions for adding, editing, and deleting reports can be set.

Related Modules

Standards & Compliance

Asset Management

Incident Management

Ready to Get Started?

Explore this module and enhance your organization's security posture