Creating a Asset
How to create items on the module
Introduction
Assets on their own do nothing in eramba, please remember that if you want to create assets is because you have already reviewed and understood the Risk or Data Protection modules courses. Only then you will have a full understanding of where Assets fit in the whole picture.
Business Units
You will need to provide one or more Business Units that will act as parent to the Asset. This is meant to give the Assets an owner from an organizational perspective.
Creating and Asset
To create an Asset using the web interface you can click on “Actions” and then "Add". CSV Imports can be used for importing multiple assets at once, please review the Import course to understand how that works.
A form will then appear. Most of the fields are pretty obvious, but some might not be straightforward, so we’ll cover them in more detail in this guide.
Asset Roles
Every Asset has three roles, “Owner”, “Guardian” and “User.” These must be assigned to an eramba user or group (System > Settings > User Management).
- Owner: is typically the person who acquired the asset. In the example of an HR system, we would typically assign this to IT or HR or both. The owner will be automatically assigned to all reviews of an Asset and is the only mandatory role on the Asset module.
- Guardian: is typically the person who looks after the assets making sure it is functioning properly. Again this would likely be IT or HR or both! This field is optional we recommend not using it unless you really need to.
- User: is typically the person that uses the asset, in this case, is likely to be HR alone. This field is optional we recommend not using it unless you really need to.
Is very important you have a consistent approach to these roles because you will be using notifications and you want the right people to receive them. We also typically advise using groups (as opposed to users, as shown in the screenshot above). Groups contain more than one user which ensures more chances of getting feedback.
Asset Classifications
As explained in the previous sections, you can optionally define a classification for your assets under the "Settings" menu. Classifications are only used when doing Asset Risk Management and only if the "Magerit" calculation is used (not recommended).
Asset Type
When adding a new asset you will need to provide the type of asset you are creating. Types are important because:
- When assigning Assets to Risks, eramba will automatically suggest Threats and Vulnerabilities that are applicable to that asset type.
- Only Assets of type “Data” will be shown on the Data Flow Module
You can create additional Asset Types under “Settings”.
Playlist
- Episode 1Introduction to the Asset Module10 mins left
- Episode 2Typical Asset Questions4 mins left
- Episode 3Introduction to the Business Unit Module1 min left
- Episode 4Business Unit Module Tabs1 min left
- Episode 5Creating a Business Unit1 min left
- Episode 6Creating a Processes0 mins left
- Episode 7Introduction to Liabilities1 min left
- Episode 8Introduction to Third Parties1 min left
- Episode 9Asset Module Tabs1 min left
- Episode 10Creating a Asset2 mins left
- Episode 11Reviewing Assets7 mins left