HOPEX IT Risk Management
Introduction to HOPEX IT Risk Management
Overview
Business
Managing IT Risks
Managing IT Compliance
Managing IT vendors
Connecting to HOPEX IT Risk Management
Running the Application
HOPEX IT Risk Management Solution Profiles
IT RM functional administrator
IT GRC Manager
Application owner
Summary of Rights by Profile
Rights concerning IT risks
Rights concerning IT compliance
Rights concerning IT vendors
Interface Presentation
Managing inventories
Inventory of IT Assets
About the IT Asset Inventory
Importance of the IT Asset Inventory
IT asset types
Accessing the IT Inventory
Describing Applications
General characteristics of the application
Type of application
Functional scope of the application
Responsibilities concerning an application
Technologies linked to applications
Data exchanged
Vulnerabilities of an application
Controls connected to an application
Describing Technologies
Accessing technologies
Defining Technology Characteristics
Technology types
Risks and vulnerabilities of a technology
Inventory for Threats and Vulnerabilities
Examples of Threats, Vulnerability types, and Vulnerabilities
Viewing Threats
Accessing threats
Creating a threat type
Threat characteristics
Viewing Vulnerabilities
Accessing vulnerabilities
Creating a vulnerability type
Characteristics of vulnerabilities
Scope of vulnerabilities
CVSS assessment
Reports concerning vulnerabilities
Inventory of Risks and Controls
Viewing Risks
Accessing risks
Assessed characteristics
Risk scope
Risk Analysis
Risk assessment
Risk treatment
Viewing Controls
Accessing controls
Scope of a control
Control assessment
Preparing the Working Environment for Questionnaires
Inventory of Requirements and Regulations
Accessing Requirements and Regulations
Characteristics of regulations
Requirement Characteristics
Vendor Inventory
Accessing the list of vendors
Characteristics of vendors
Vendor type
List of technologies provided
Vendor Risk Assessment
Using HOPEX IT Risk Management
Managing IT Risks
Describing the IT Asset Inventory and Identifying Vulnerabilities
Identifying IT Assets
Positioning Vulnerabilities on IT Assets
Identifying and Positioning Risks
Positioning Risks Using a Matrix
Positioning risks individually for each asset
Identifying Risk Scenarios
Creating a risk scenario
Creating a risk scenario diagram
Risk causality report
Examples
Direct Risk Assessment
Assessing risks directly
Risk Assessment Templates
Defining Action Plans for Improvement Purposes
Managing IT Compliance
Building Controls and Control Type Inventories
Links between controls and control types
Linking control types to regulatory requirements
Defining the application scope of the control
Defining Regulatory Requirements to be Met
Identifying Controls on Applications
Direct Control Assessment
Assessing controls directly
Template used to assess controls
Managing IT Vendors
Identifying IT Vendors
Specifying the Cost of Products and Services
Assessing Vendors
Assessments by Questionnaires
Principle of Assessments by Campaigns
Concepts overview
Assessment session
Questionnaire
Assessment campaign
Assessment Steps
Preparing the work environment
Starting a campaign and assessment sessions
Creating Assessment Campaigns
Accessing Assessment Campaigns
Creating Assessment Campaigns
Creating Assessment Sessions
Accessing Assessment Sessions
Creating Assessment Sessions
Creating Assessment Sessions
Previewing assessment session parameters
Creating and launching assessment sessions
Planning Sessions Within a Campaign (Optional)
Deploying Assessment Campaigns
Defining Assessment Campaign Scope and Respondents
Defining assessment campaign scope
Specifying respondents
Distributing Assessments Within Sessions
Validating Assessment Campaigns
Displaying the Objects to Assess and their Contexts
Defining the Scope of the Assessment Session and the Respondents
Defining the Session Scope
Specifying respondents
Validating the Objects to Assess and their Contexts
Validating the Assessment Session
Viewing Generated Questionnaires
Regenerating Questionnaires
Sending Questionnaires
Completing Questionnaires
Accessing Assessment Questionnaires
Requesting questionnaire transfer
Monitoring Questionnaire Progress
Consulting Session Results
Viewing Questionnaires Sent
Validating Assessment Questionnaires
Asking a respondent to modify answers
Reassigning questionnaires
Closing the assessment session
Treating risks
Risk Treatment Mode
Treatment Modes
Risk levels
Specifying Controls to be Implemented
Managing action plans
Creating Action Plans
Characterizing Action Plans
General characteristics
Financial assertion
RACI
Success factors
Scope
Milestones
Attachments
Managing Actions
Action Plan Workflows
"Bottom-up" approach
"Top-down" approach
Action workflow
Action Plan Follow-Up
Indicating action plan progress
Action plan follow-up reports
HOPEX IT Risk Management Reports
Accessing Reports
Accessing the report tab
Accessing reports directly available on objects
Accessing widgets
IT Risk Reports
Risk Identification Reports
Criticality of applications
Table of Threats and Vulnerabilities
IT Asset Reports
Risk level aggregated by business process
Risk Heatmap
Application Heatmap
Risk widgets
Risk causality report
Reports Concerning Vulnerabilities
IT Compliance Reports
Control Identification
Access path
Parameters
Result
Example
Control Level by Regulation
Access path
Parameters
Result
Example
Risk Level Aggregated by Business Process
Access path
Parameters
Result
Example
Compliance Widgets
Process Compliance
Regulatory compliance
Global control level
Vendor Management Reports
Matrix Vendor by Vendor Type x Risk Level
Access path
Parameters
Results
Example
Vendor Risk Level by Business Line
Access path
Parameters
Results
Example
Assessment Reports
Session Follow-Up
Access path
Parameters
Result
Session Statistics
Access path
Parameters
Result
HOPEX IT Risk Management
Session Statistics
This site works best with JavaScript enabled