Not logged in - Login
View History

Assets

Assets (Resources in some other modules such as BIA) are a hierarchy that must be allocated to a division. Assets must be defined, and should follow a hierarchical classification scheme. The default categories are: Equipment, Information, People, Premises, Suppliers and Technology. Each of these can then be further expanded on to allow assets to be grouped together e.g. ‘Technology’ could be split into ‘Hardware’ and ‘Software’.

Assets (Resources) should be defined before starting the BIA. This ensures that all activities pick resources from the same list. If a resource is initially missed, this can be added during the BIA. However, only an organisation administrator can add resources at this point.

Creating a New Asset

There are two ways to create a new asset (resource in BIA). Either:
  • Click ‘Create New Asset’ from the resource hierarchy sidebar (Organisation > Assets)
  • Navigate to the type and then click ‘New Child Asset’ i.e. to create a new ‘People’ resource, click ‘People’ within the hierarchy and then select ‘New Child Asset’ from the sidebar.

Either approach will open the same 'Details' form.

Business Impact Analysis (BIA) Details

There are additional fields which need to be defined when an organisation is using the Abriska business continuity BIA module. Descriptions of each of these additional fields are provided below.

  • Multiple - Selecting 'yes' for this variable will mean that when activities specify that they use this resource, activities will need to indicate how many resources they use. When resources are flagged as ‘Multiple’ they will be highlighted with an asterisk on the hierarchy.
  • Limited - If a resource is flagged as a ‘Multiple’, there will be an additional option to flag this resource as ‘Limited’. This implies that there are a restricted number of these resources within the organisation and getting a replacement or adding to this number would be difficult.
  • Limited Number - If ‘Limited’ is set to 'yes', this allows the number of resources owned by the organisation to be set.
  • Recovery Point Objective (RPO) - This indicates that the resource contains information and any activity using this resource needs to enter the RPO.

Changing a resource from multiple to singular or vice versa can lead to possible issues if the BIA has been started. Refer to the following to understand the implications.
  1. Multiple -> Singular: If an activity has already indicated that this resource is used, then a number of resources will have been allocated to this activity. In making this modification, this multiple information will be lost.
  2. Singular -> Multiple: Each activity which has indicated that this resource is used will have been allocated one resource. In making this modification, ………………….

Asset Dependencies

Abriska has been designed to model relationships between assets (resources in BIA). If one asset requires another asset for it to be operationally functional, this relationship can be represented within Abriska. As an example, if a web server relies on a database server, this relationship can be represented and risks that affect the dependent database server will be linked through to the web server. The relationship is one way therefore the user only selects the assets that a particular asset requires. In the above example, the database server is independent of the web server and so would not be linked to these risks.

To add these relationships, click on ‘View Asset Dependencies’ OR 'View Asset Resources' on the asset form. The former option will show all assets that the selected asset depends on whilst 'View Dependant Assets' displays the reverse relationship - assets that are dependent on the selected asset.

Warning: If a asset is unlinked from another asset, this relationship is deleted within the database.

Asset Attributes

If Abriska is being used to conduct ISO 27001 compliant risk assessments, the option will be available to assess asset attributes. These attributes are used to ‘value’ a resource in terms of its ‘Confidentiality, Integrity and Availability’. These values can be defined by clicking ‘Assets’ from the organisation homepage and then clicking ‘View Attributes’. For each attribute that is identified, a value must be defined for each asset that is loaded into Abriska. These values can either be defined directly against the asset, or can be inherited based on the relationships that have been setup within the asset structure.
Resource Attribute Inheritance

Within the diagram above, the ‘Sensitive Document’ depends on the ‘Application’, which depends on the ‘Database’. If a value is specified for Confidentiality, Integrity and Availability for the ‘Sensitive Document’, then the ‘Application, ‘Database’ and ‘Server’ will inherit these values. To view a status of all of the assets within the organisation, click on “Asset Attribute Hierarchy” within the main assets list.

Deleting an Asset

When a asset not used by any activities, is not linked to other assets, or used within a risk assessment, the ‘Delete Asset’ button will appear on the asset form.

Warning: As no linked data will exist for the asset, this delete is a firm delete operation.


Back to Organisation Setup