Threats & Vulnerabilities
How a database of known vulnerabilities and threats can be used
Introduction
Each risk you create requires you to describe what Threats and Vulnerabilities exist around them, you can do this using Tags or a text field. All these fields are optional, so using Customizations you could if you want remove them from the form.
Tags come from eramba database, you can control what tags exist using the "Settings" > "Threats" / "Vulnerabilities" settings. Under this menu you can Add, Edit and Delete tags.
Automatic Suggestion
When Risk link to Assets eramba will suggest Threat and Vulnerabilities automatically based on the "Type" of asset (Software, Data Asset, Etc). These suggestions might not always be accurate and therefore you will have to adjust them. The database that links Threats, Vulnerabilities and their associated Asset Types does not have a user interface.
Playlist
- Episode 1Introduction to Risk Management7 mins left
- Episode 2Problem vs. Solution Principle5 mins left
- Episode 3Typical Risk Questions8 mins left
- Episode 4Risk Calculation Methods4 mins left
- Episode 5Configuring the Risk Module2 mins left
- Episode 6Risk Management Related Modules1 min left
- Episode 7Identifying Risks6 mins left
- Episode 8Identifying Risk Solutions4 mins left
- Episode 9Creating a Risk4 mins left
- Episode 10Threats & Vulnerabilities1 min left
- Episode 11Reviewing Risks7 mins left