HOPEX IT Risk Management : HOPEX IT Risk Management : Using HOPEX IT Risk Management : Managing IT Risks
   
Managing IT Risks
 
Describing the IT Asset Inventory and Identifying Vulnerabilities
Identifying IT Assets
Positioning Vulnerabilities on IT Assets
Identifying and Positioning Risks
Positioning Risks Using a Matrix
Positioning risks individually for each asset
Identifying Risk Scenarios
Creating a risk scenario
Creating a risk scenario diagram
Risk causality report
Examples
Direct Risk Assessment
Assessing risks directly
Risk Assessment Templates
Defining Action Plans for Improvement Purposes
Once you have established an inventory of the IT assets of your enterprise, you can:
position vulnerabilities on IT assets
identify the risks
position risks on IT Assets
identify risk scenarios
assess risks directly or via assessment campaigns
define action plans for improvement purposes
For more details on the characteristics of risks, see "Viewing Risks".
You can also, at any time, produce reports on the management of IT risks, threats and vulnerabilities. For more details, see "IT Risk Reports".
Describing the IT Asset Inventory and Identifying Vulnerabilities
Identifying IT Assets
For you to be able to manage risks, assets must be clearly identified and an inventory of all assets must be established and managed.
*For more details, see "Inventory of IT Assets".
Positioning Vulnerabilities on IT Assets
You can identify vulnerabilities and position them on assets (applications and software technologies). You can use a matrix to assist you in this task.
*For more information on vulnerabilities, see "Inventory for Threats and Vulnerabilities".
To position vulnerabilities on IT assets:
1. See "Accessing the IT Inventory".
2. Click Threats and Vulnerabilities > IT Asset Contextualization.
3. Click New.
4. Click Add Row to add vulnerabilities.
5. Click Add Column to add IT assets.
6. Click in the cells in question to connect vulnerabilities and IT assets.
*To access application vulnerabilities, see "Vulnerabilities of an application".
Identifying and Positioning Risks
To determine the risks to which IT assets are subject, you can:
use the vulnerabilities identified in the properties page for this asset.
*For more details, see "Vulnerabilities of an application".
use the vulnerabilities connected to threats.
*For more details, see "Viewing Threats".
Once the risks are identified, HOPEX IT Risk Management provides two methods for positioning risks on IT assets.
Positioning Risks Using a Matrix
To position risks on IT assets, you can use a specific matrix.
To use the Risks x IT assets matrix:
1. Click on Library > Risks > Matrix > Risks per IT Asset.
2. Add:
risks in rows
IT assets in columns
3. Click in the cells in question to connect vulnerabilities and IT assets.
Positioning risks individually for each asset
Risks can be positioned directly on the IT assets:
applications
technologies
Depending on the assessment used, you can choose to position the risks on:
applications
applications deployed
For more details, see "Risk scope".
*Please note that the choice of risk positioning has an impact within the framework of risk assessment. Two different assessment models are available. See "Risk Assessment Templates".