Prüffragen beantworten/en: Unterschied zwischen den Versionen
Aus HITGuard User Guide
Weitere Optionen
Isan (Diskussion | Beiträge) Die Seite wurde neu angelegt: „Answering review questions“ |
Übernehme Bearbeitung einer neuen Version der Quellseite |
||
| (47 dazwischenliegende Versionen von 3 Benutzern werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
<span id="Fragen_und_Hinweise"></span> | |||
===Questions and hints=== | |||
< | The review question is displayed as it was prepared in the knowledge base. Question, description, copyright and all translations are adopted from there.</p>Free review results that aren't taken from a knowledge base can be created directly on this page. More on this [[Special:MyLanguage/Prüfergebnisse|here]].</p> | ||
<b>Hint for auditors:</b> | |||
[[Datei:Abweichungsanalyse Schritt 3 Prüffrage beantworten.png|left|thumb| | This information is only displayed if a hint for the auditor was recorded with the review question in the knowledge base and the review was not opened via the "My tasks" menu. Clicking on "Open" displays the hint. A hint might be, for example, a link to a document that is relevant for answering the question. These hints are only visible for the experts and professionals conducting the review. The interview partner does not have access to the hint. | ||
===Evidences and additional information=== | |||
The right side of the assistant, which can be collapsed, shows additional information and previews of the uploaded evidences.</p><b>Assigned protection targets & weightings:</b><br>The protection targets and their weightings as recorded in the knowledge base are shown here. For free review results, protection targets and weightings can be entered directly in this form.</p><b>Linked standards and norms:</b><br>Lists the standard chapters the review question maps to.</p><b>Related standards and norms:</b><br>Lists the standard chapters related to the originally mapped standard chapter via incoming and outgoing mappings.</p><b>Evidences:</b><br>Evidences can be uploaded directly below the answering of the question. Icons for all documents and the date of the upload are shown on the right side of the assistant. A preview is shown for images. The evidences can be opened for display, downloaded, or deleted again. | |||
[[Datei:Abweichungsanalyse Schritt 3 Prüffrage beantworten.png|left|thumb|901px]] | |||
<br clear=all> | <br clear=all> | ||
===Answering=== | |||
Here, you are prompted to answer the review question. The answer can either be Yes/No/Partly or a score (from 0 to 5). What type of answer is admissible is dictated by the questionnaire in the knowledge base. Information gatherings are answered by filling in the comment and/or uploading an attachment.</p> If a review question is not relevant in the context of the review, it can be marked as "unnecessary". Unnecessary questions can be excluded from reports. | |||
If a justification template has been assigned to the question in the knowledge base, it can be selected via the "Plus" button in the bottom right corner of the justification field. If no justification template has been prepared, the "Plus" is not shown. | |||
The option to record a determination type is only available, if the [[Special:MyLanguage/Managementsysteme#general_settings|audit management add-on]] has been activated in the current management system and the respective option has been activated under [[Special:MyLanguage/Auditmanagement_Einstellungen|"Audit management → Settings"]]. | |||
If the review object is a revaluation, previous answers will be displayed below the review question. | |||
Clicking on the previous answer opens a dialog that shows the answer history. This history shows previous answers as well as any uploaded evidences. | |||
[[Datei:Abweichungsanalyse Zuvor beantwortet.png|left|thumb|900px]]<br clear=all> | |||
[[Datei:Abweichungsanalyse Antworthistorie.PNG|left|thumb|900px|Answer history]]<br clear=all> | |||
===Clarification needed=== | |||
Questions can be marked with "clarification needed". They are then shown with an exclamation mark in the bar on the left.</p>This is necessary whenever something needs to be clarified before the review question or result can be assessed. After conducting a number of reviews, it can be very handy to have all open questions in one place. For this, you have the overview under [[Schwachstellen#Abkl.C3.A4rungsbedarf| "Risk management → Vulnerabilities → Clarification needed"]].</p>Entire review objects can also be marked with "Clarification needed", which marks all corresponding review questions and review results. | |||
<span id="Maßnahme/Kontrolle/Bedrohung_hinzufügen"></span> | |||
===Add measure/control/threat=== | |||
Here, you can link measures and/or controls and/or threats with the review result. Practitioners only have the option of submitting new measures here. | |||
[[Datei:Abweichungsanalyse | [[Datei:Abweichungsanalyse verknüpfte Maßnahmen.PNG|left|thumb|900px|Linked measures/controls/threats]] | ||
<br clear=all> | <br clear=all> | ||
<b> | Click the respective button to open an overview. The overview lists all existing measures/controls/threats you can link with the review question, as well as any knowledge base templates. Using the "plus" button, you can also create new measures/controls/threats and link them. | ||
[[Datei:Maßnahmenmodal.png|left|thumb|900px|Example measure list]]<br clear=all> | |||
{| class="wikitable" | |||
! colspan="2" | <b>Measures/controls</b> | |||
|- | |||
= | !Templates | ||
|All templates for measures/controls/threats that are linked with the current review question in the knowledge base. They are marked with a blue badge and their background is grey. They can be created with a double-click or with a click on the blue "Create" button (to the very right). They are shown even after a measure/control has been created from them for this review question. | |||
|- | |||
!Existing | |||
|All existing measures/controls/threats of the management system, sorted by their relevance for the current review question. The sorting order is described further down in this table. Measures/controls can be assigned one by one or in multiples. Measures/controls that have already been linked with the current review question are no longer shown in the list. | |||
|- | |||
! colspan="2" | <b>Checkboxes</b> | |||
|- | |||
!...based on templates | |||
|Shows only existing measures/controls/threats created from templates that are linked directly in the knowledge base as a recommendation for a gap identified in this review question. | |||
|- | |||
!Linked standards/norms | |||
|Shows only existing measures/controls that are linked via their norm-mapping to the same standard/norm chapters as the review question, as well as any parent chapters. | |||
|- | |||
!Related standards/norms | |||
|Shows only existing measures/controls whose norm-mapping does not contain the same standard/norm chapters as the review question, but instead contains chapters that in turn reference the chapters of the review question (incoming and outgoing mappings between standards/norms). Parent chapters are not considered here. | |||
|- | |||
!Recently used | |||
|Changes the order of the measure/controls as follows:<br>1. measures/controls created from templates<br>2. templates for measures/controls from the current review question<br>3. existing measures/controls, in descending order by the date of their most recent assignment | |||
|- | |||
! colspan="2" | <b>Relationships</b> | |||
|- | |||
| colspan="2" | This column explains the relationships of the listed measures/controls using badges. Explanations of the individual badges are given in tooltip. These can be displayed by hovering over a badge with the mouse. It is possible to search in this column, e.g. for standard/norm chapters mentioned in a badge. | |||
|- | |||
!Blue number | |||
|Shows in how many reviews the measure/control has been linked with review questions or review results. | |||
|- | |||
!Green text | |||
|For measures/controls created on the basis of templates from a knowledge base, this shows the name of the template. Additionally, the badge's tooltip shows the knowledge base and its version. | |||
|- | |||
!Purple text | |||
|Shows onto which chapters (standard, numbering, and name) of a standard or norm a measure/control is mapped. | |||
|- | |||
!Pink text | |||
|Shows the further, indirect mappings (standard, numbering, and name) of a measure/control. | |||
|- | |||
! colspan="2" | <b>Sorting order</b> | |||
|- | |||
| colspan="2" | First, you see existing measures/controls/threats that have already been created elsewhere from knowledge base templates recommended here. These are followed by the templates. Then you see all existing measures/controls/threats sorted by their relevance: those that have already been assigned to reviews multiple times; those that map onto the review question´s norm chapter; those that indirectly map the review question's norm chapter; all remaining measures/controls/threats in alphabetical order. | |||
|- | |||
|} | |||
<b>Handle gaps</b> | |||
* It's possible to record the impact the linked measure's implementation has on the answer to the review question. When the measure is completed, the review object is automatically suggested for revaluation under "Risk management → Vulnerabilities → Objects of review" | |||
<!-- | |||
On the right side, you can see the assigned protection targets and uploaded evidences can be viewed. The upload of evidences itself is located directly underneath the section for answering review questions/results. Large pictures/photos that are uploaded are downsized automatically before being embedded into reports (max. size 1 image per page).</p>Also on the right, the norm mappings of the review question are displayed, as set in the knowledge base (direct and indirect, further mappings). | |||
The right part of the assistant next to review questions and review results can be hidden using the little arrow. | |||
--> | |||
Aktuelle Version vom 26. November 2024, 11:05 Uhr
Questions and hints
The review question is displayed as it was prepared in the knowledge base. Question, description, copyright and all translations are adopted from there.
Free review results that aren't taken from a knowledge base can be created directly on this page. More on this here.
Hint for auditors:
This information is only displayed if a hint for the auditor was recorded with the review question in the knowledge base and the review was not opened via the "My tasks" menu. Clicking on "Open" displays the hint. A hint might be, for example, a link to a document that is relevant for answering the question. These hints are only visible for the experts and professionals conducting the review. The interview partner does not have access to the hint.
Evidences and additional information
The right side of the assistant, which can be collapsed, shows additional information and previews of the uploaded evidences.
Assigned protection targets & weightings:
The protection targets and their weightings as recorded in the knowledge base are shown here. For free review results, protection targets and weightings can be entered directly in this form.
Linked standards and norms:
Lists the standard chapters the review question maps to.
Related standards and norms:
Lists the standard chapters related to the originally mapped standard chapter via incoming and outgoing mappings.
Evidences:
Evidences can be uploaded directly below the answering of the question. Icons for all documents and the date of the upload are shown on the right side of the assistant. A preview is shown for images. The evidences can be opened for display, downloaded, or deleted again.
Answering
Here, you are prompted to answer the review question. The answer can either be Yes/No/Partly or a score (from 0 to 5). What type of answer is admissible is dictated by the questionnaire in the knowledge base. Information gatherings are answered by filling in the comment and/or uploading an attachment.
If a review question is not relevant in the context of the review, it can be marked as "unnecessary". Unnecessary questions can be excluded from reports.
If a justification template has been assigned to the question in the knowledge base, it can be selected via the "Plus" button in the bottom right corner of the justification field. If no justification template has been prepared, the "Plus" is not shown.
The option to record a determination type is only available, if the audit management add-on has been activated in the current management system and the respective option has been activated under "Audit management → Settings".
If the review object is a revaluation, previous answers will be displayed below the review question.
Clicking on the previous answer opens a dialog that shows the answer history. This history shows previous answers as well as any uploaded evidences.
Clarification needed
Questions can be marked with "clarification needed". They are then shown with an exclamation mark in the bar on the left.
This is necessary whenever something needs to be clarified before the review question or result can be assessed. After conducting a number of reviews, it can be very handy to have all open questions in one place. For this, you have the overview under "Risk management → Vulnerabilities → Clarification needed".
Entire review objects can also be marked with "Clarification needed", which marks all corresponding review questions and review results.
Add measure/control/threat
Here, you can link measures and/or controls and/or threats with the review result. Practitioners only have the option of submitting new measures here.
Click the respective button to open an overview. The overview lists all existing measures/controls/threats you can link with the review question, as well as any knowledge base templates. Using the "plus" button, you can also create new measures/controls/threats and link them.
| Measures/controls | |
|---|---|
| Templates | All templates for measures/controls/threats that are linked with the current review question in the knowledge base. They are marked with a blue badge and their background is grey. They can be created with a double-click or with a click on the blue "Create" button (to the very right). They are shown even after a measure/control has been created from them for this review question. |
| Existing | All existing measures/controls/threats of the management system, sorted by their relevance for the current review question. The sorting order is described further down in this table. Measures/controls can be assigned one by one or in multiples. Measures/controls that have already been linked with the current review question are no longer shown in the list. |
| Checkboxes | |
| ...based on templates | Shows only existing measures/controls/threats created from templates that are linked directly in the knowledge base as a recommendation for a gap identified in this review question. |
| Linked standards/norms | Shows only existing measures/controls that are linked via their norm-mapping to the same standard/norm chapters as the review question, as well as any parent chapters. |
| Related standards/norms | Shows only existing measures/controls whose norm-mapping does not contain the same standard/norm chapters as the review question, but instead contains chapters that in turn reference the chapters of the review question (incoming and outgoing mappings between standards/norms). Parent chapters are not considered here. |
| Recently used | Changes the order of the measure/controls as follows: 1. measures/controls created from templates 2. templates for measures/controls from the current review question 3. existing measures/controls, in descending order by the date of their most recent assignment |
| Relationships | |
| This column explains the relationships of the listed measures/controls using badges. Explanations of the individual badges are given in tooltip. These can be displayed by hovering over a badge with the mouse. It is possible to search in this column, e.g. for standard/norm chapters mentioned in a badge. | |
| Blue number | Shows in how many reviews the measure/control has been linked with review questions or review results. |
| Green text | For measures/controls created on the basis of templates from a knowledge base, this shows the name of the template. Additionally, the badge's tooltip shows the knowledge base and its version. |
| Purple text | Shows onto which chapters (standard, numbering, and name) of a standard or norm a measure/control is mapped. |
| Pink text | Shows the further, indirect mappings (standard, numbering, and name) of a measure/control. |
| Sorting order | |
| First, you see existing measures/controls/threats that have already been created elsewhere from knowledge base templates recommended here. These are followed by the templates. Then you see all existing measures/controls/threats sorted by their relevance: those that have already been assigned to reviews multiple times; those that map onto the review question´s norm chapter; those that indirectly map the review question's norm chapter; all remaining measures/controls/threats in alphabetical order. | |
Handle gaps
- It's possible to record the impact the linked measure's implementation has on the answer to the review question. When the measure is completed, the review object is automatically suggested for revaluation under "Risk management → Vulnerabilities → Objects of review"