Q&A on the new vsRisk 2 – Part 2

Last week, we posted the first part of the Q&A session hosted after the vsRisk webinar that was held on 23 January 2014. The webinar was hosted for newcomers and existing customers to vsRisk, which demonstrated the exciting new features of the vsRisk 2. Here is the 2nd part of the questions that were asked by the audience, and the responses that were provided by the webinar presenter, Phil Hare, information security consultant and product development advisor for vsRisk.

To find out more about vsRisk, please download the 14-day free trial here. You can also contact us for a personal demo on servicecentre@vigilantsoftware.co.uk.

Question:

The acceptance criteria is binary; is there a banding option?

Answer:

With ‘banding’ meaning ‘high’, ‘medium’ and ‘low’, there is no banding option at the moment regarding the risk acceptance criteria. The standard is simply concerned whether or not a risk is within acceptance criteria. We understand the reasoning behind banding and is something we will consider in future versions.

Question:

Will vsRisk do cross mapping?

Answer:

At the moment this is part of the development process of future vsRisk versions. The 2013 version of ISO27k requires the identification of risk owners rather than asset owners. How does vsRisk handle this? This is one of the changes that is beng planned. At the moment, it is a case of mandating that asset owners are risk owners by default.

Question:

Can an admin create their own Control Set? ie NIST

Answer:

You can manually add other controls  via the control management screen.  vsRisk’s development team are developing tools to use with vsRisk for compliance with a number of other frameworks. A number of individual control packs are being planned for release.

Question:

What were the database options in standalone mode?

Answer:

The platform within Standalone mode is MS SQL Express 2008 R2. We are looking at other options for further development in later versions.

Question:

Can we add some other risk assessment frameworks like NIST 800-53, etc.?

Answer:

You can manually add other controls  via the control management screen.  vsRisk’s development team are developing tools to use with vsRisk for compliance with a number of other frameworks.  A number of individual control packs are being planned for release.

Question:

We all know cyber laws varies from nation to nation so can we add cyber laws of a particular country to at the time of risk assessment?

Answer:

You can import any control set into vsRisk to use for your assessment

Question:

Is it possible to bulk load the list of assets?

Answer:

Yes you can, through the import section, using the default Excel spreadsheet.

Is it possible create dependence between assets?

Answer:

At the moment vsRisk doesn’t support this.

Question:

Is it possible to live feed/ integrate the asset list in vsRisk with a CMDB tool?

Answer:

At the moment it isn’t possible, no, but we are working on it.

Question:

Is it possible to customise reports e.g. add your company logo?

Answer:

Yes.  You can export the report into Excel and then edit it as you wish. You can then modify these reports by dropping your own company logo in to the report.  Within the application itself there is no function yet for adding your own logo.

If you have any further questions on the functionality of vsRisk, please get in touch by emailing us.

Leave a Reply

Your email address will not be published. Required fields are marked *