NEED A HAND WITH RISK ASSESSMENT OR ARAT RISK ASSESSMENT TOOL?
READ THE GUIDE!
The easiest way to create new asset is to create a copy of existing asset and then modify its metadata. With this approach the assesor drags along all the related threaths and vulnerabilites and may even drag allong risk estimations. Therefore the time consuming, repeatable actions of assiging threats, vulnerabilites ... to each information asset may be avoided.
By clicking the arrow on the top rigth corrner of the asset (see figure below), you are given three options:
Selecting »Copy« option a popup window will appear where you can modify certain asset atributes and define what of metadata you want to drag along. The left verifcal bars indicate the business process and asset group where the new asset will be placed.
By modifying the »Name« attribute you define the asset name. You may fill the »Description« field, to specify the asset in more details.
You may defined the asset »Owner« from the dropdown. Only one of ARAT users may be selected as asset owner.
The »Copy incidents« check box allows you to keep all threahts and vulnerabilites, and consequently risk incidents realted to the source asset.
The »Copy estimation« check box allows you to keep the risk estimation of the source assets, if there are any.
The »Copy treatments« check box allows you to keep the risk treatments pertainng to source assets, if there are any.
By saving the modifications, you create new asset, which is automatically selected for your scope.
Alternatively, you may use the (+) push button visible within every asset group (see figure below).
In this case you are creating new asset item from scratch and you will have to fill every data. Also in the risk estimation step you will have to assign vulnerabilites and threats from scratch, as no prefilling will be done for you.