Create or Edit Threat Analysis and Risk Mitigation Questions
You can create new questions or edit existing questions and assign Risk Values, Question Impact, and Question Sequence to use with the Risk Assessment form. The questions help assess risk and threat and the current state of requirements.
Threat Analysis Questions and Risk Mitigation Questions populate the Risk Assessment. We recommend that you align Risk Assessment questions with current industry standards such as FedRAMP:2014, ISO 27001:2013, or ISO 9001:2015.
You must be logged in as a GRC Manager to create or edit Threat Analysis or Risk Mitigation questions.
To create new Threat Analysis and Risk Mitigation Questions:
You can add new questions to an existing Risk Assessment or create a new Risk Assessment and add new questions to it.
1.Open the Risk Assessment workspace.
2.Open an existing Risk Assessment, or click New GRC Risk Assessment to create a new Risk Assessment.
3.In the Threat Analysis tab:
Click New GRC Threat Analysis to open a blank Threat Analysis Assessment form.
Enter the question text in the Threat Analysis Control field.
Add any additional details you want to include in the Additional Details field.
Click Save.
4.In the Risk Mitigation tab:
Click New GRC Risk Mitigation to open a blank Risk Mitigation Assessment form.
Enter the question text in the Risk Mitigation Control field.
Add any additional details you want to include in the Additional Details field.
Click Save.
To edit existing Threat Analysis and Risk Mitigation Questions:
1.Open the Risk Assessment workspace.
2.Open an existing Risk Assessment, or click New GRC Risk Assessment to create a new Risk Assessment.
3.In the Threat Analysis tab:
Double-click the question to edit.
The Threat Analysis Assessment form opens.
Edit the question in the Threat Analysis Control field.
Edit the details in the Additional Details field if required.
Click Save.
4.In the Risk Mitigation tab:
Double-click the question to edit.
The Risk Mitigation Assessment form opens.
Edit the question in the Risk Mitigation Control field.
Edit the details in the Additional Details field if required.
Click Save.