This week, we released a brand new version of our risk assessment software tool, vsRisk™. Version 3.0 includes three new updates to functionality: custom acceptance criteria, a risk assessment wizard and control set synchronisation through CyberComply. Version 3.0 also allows you to export the asset database in order to populate an asset management system/register.
New: The risk assessment wizard
The risk assessment wizard is a brand new feature that has been introduced with vsRisk 3.0 to make it easier for you to complete a risk assessment. The risk assessment wizard guides you through eight simple steps to complete a risk assessment for an asset. This is a particularly helpful tool if you are new to risk assessments. The actions for each step are completed in the central panel of the wizard and your progress is displayed in the summary panel on the left-hand side.
The wizard will guide you through the following eight stages in your risk assessment:
- Select asset –select an existing asset from the database or create a new one.
- Select threat – choose a threat that could compromise the confidentiality, integrity or availability of the selected asset.
- Select vulnerability – choose a vulnerability that leaves the selected asset open to attack from the chosen threat.
- Assess initial risk – assess the initial risk to the asset by evaluating the likelihood of the threat/vulnerability combination occurring and what the impact on the confidentiality, availability and integrity of the asset would be if that threat/vulnerability combination was to occur.
- Set response – decide how to respond to the risk by modifying, sharing, retaining or avoiding it. In previous versions of vsRisk, these options were known as treating, transferring, tolerating and terminating.
- Select controls – for modified risks, you will select which controls to implement in order to reduce the risk to an acceptable level.
- Residual risk – assess what the residual risk to the asset is now that the risk has been modified.
- Finalise risks – select a risk owner (this is a requirement of ISO 27001:2013).
Book a live one-to-one demonstration to see more of vsRisk
To see the full capabilities of vsRisk 3.0, we highly recommend that you book a live one-to-one demonstration with a dedicated support executive. Please follow this link to book a vsRisk demonstration at a time and date convenient for you »