Control Mapping to Threats and Assets

Control to Threat Linking

Each control that is loaded into Abriska needs to be related through to the threats that they mitigate. This relationship is used within the risk calculation to calculate how vulnerable a resource is to a particular threat.

For example, consider the risk of computer viruses and malicious code, potential controls that could be implemented include having anti-virus controls and awareness training. If either of these controls are weak then the organisation’s resources could be vulnerable to virus / malicious code.

Warning: Changing the control to threat linking will modify the results of the risk assessment.

For an offline Excel spreadsheet of the mapping, please go to Reports and run and download the Organisation Control Threats report.

Control to Asset/Resource Linking

Each control that is loaded into Abriska also needs to be related through to the resources that they protect. This relationship is used within the risk calculation to calculate how vulnerable a resource is to a particular threat.

By default the relationships are all set to true, therefore each control can potentially reduce the vulnerability of all resources. These setting can be configured when an organisation wishes to conduct a very detailed risk assessment of a certain asset type (for example, paper assets).

For an offline Excel spreadsheet of the mapping, please go to Reports and run and download the Organisation Control Resource report.



Back to Controls in Control Maturity Assessment Setup