Q & A on the new vsRisk 2 – Part 1

Vigilant Software recently held a webinar on 23 January 2014 for newcomers and existing customers to vsRisk, which demonstrated the exciting new features of the vsRisk 2.

Here are some of the questions that were asked by the audience, and the responses that were provided by the webinar presenter, Phil Hare, information security consultant and product development advisor for vsRisk.  We will be posting another series of these questions and answers soon.

To find out more about vsRisk, please download the 14-day free trial here. You can also contact us for a personal demo on servicecentre@vigilantsoftware.co.uk.

Question:

I currently employ version 1.7 with vsMonitor over a network. This allows my IAO’s to enter and manage their assets. I believe that ver 2.0 does not support this function?

Answer:

Version 2 does support this function. The Asset Monitor in the previous vsRisk has now been replaced by vsRisk Lite which also allows users to add risk-related information about assets in their control through a licence-free desktop-launch application. The information can then be emailed to the lead risk assessor to consolidate.

The new vsRisk Multi-user allows up to 10 multiple users to conduct multiple, concurrent risk assessments on assets within their control through a remote database.

Question:

How many levels of folders can you have? e.g. Hardware Servers Windows 2012 Servers, Hardware Servers Solaris Servers?

Answer:

You can have unlimited folders/ sub-assets. Please download the demo of vsRisk and try to implement this as appropriate.

Question:

Can you use this tool to carry out a risk assessment for multiple companies, e.g. specific to group companies?

Answer:

vsRisk 2 is licensed  on a “per-ISMS” basis. If the ISMS in question was across an entire group of companies, then the licence to use one copy of vsRisk would apply. To generate assessments between different ISMSs is not a supported feature. If you are a consultant, please get in touch with us and we can provide you with options for use across multiple companies.

Question:

Can you put an asset in both a Site and in an asset type group?

Answer:

Yes, you can create as many multiple groups as you wish.

Question:

ISO 27001: 2013 is not dependent on ASSETS.

Answer:

The new standard does not preclude using an asset-based risk assessment. Organisations that have existing asset-based models can continue to use this approach. There are some minor changes being planned for vsRisk which will support non-asset based approaches to risk assessments. Therefore vsRisk 2.0 does support ISO27001:2013 via the ISO27001:2013 control set, for an asset-based risk assessment methodology.

Can you have sub groups?

Yes.

Question:

Can you import assets from Excel?

Answer:

Yes, asset import from Excel is available in the Settings section.

Question:

Can you add threats & vulnerabilities to asset groups? Do they then apply to all assets within that group?

Answer:

Yes. The group’s Ts & Vs will be applied to the entire group. You can still amend the asset’s individual assessment.  

 

Next week we will post additional questions and answers.

If you have a question, please email us.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *