Übernehme Bearbeitung einer neuen Version der Quellseite
(147 dazwischenliegende Versionen von 4 Benutzern werden nicht angezeigt)
Zeile 1:
Zeile 1:
<span id="riskpolicy"></span>
<span id="riskpolicy"></span>
All settings and configurations made here are globally valid. I.e. they affect '''all management systems''' and can only be edited by experts or administrators.
[[Datei:RM_Risikopolitik_Inhalt.png||left|thumb|901px|Inhalt der Risikopolitik]]
All settings and configurations made here are globally valid. I.e. they affect '''all management systems''' and can only be edited by experts or administrators.
<br clear=all>
<span id="Schutzziele"></span>
== <span id="protar"></span>Protection targets==
== <span id="protar"></span>Protection targets==
Jede Norm bzw. jedes Managementsystem verfolgt einen vorgegebenen Zweck. Es werden Ziele definiert um deren Schutz sicherzustellen.
Each standard as well as each management system pursues a given purpose. Goals are defined to ensure their protection.
<u>Herstellerspezifische Schutzziele (nach ISO 27001, ISO 80001):</u>
<u>Manufacturer-specific protection targets (acc. to ISO 27001, ISO 80001):</u>
*Vertraulichkeit
*Confidentiality
*Verfügbarkeit
*Availability
*Integrität
*Integrity
Mit den herstellerspezifischen Schutzzielen wird in weiterer Folge in der Risikobewertung sowie der Strukturanalyse gearbeitet. Diese Ziele werden in den Wissensdatenbanken auf Prüffragen gemappt bzw. ggf. auch auf andere Risiken oder Maßnahmen. Diese Schutzziele können zwar umbenannt oder deaktiviert werden, aber nicht gelöscht. Sie sind unter "Risikomanagement → Risikopolitik → Schutzziele" als "Herstellerspezifisches Schutzziel" gekennzeichnet.<br>
The manufacturer-specific protection targets are subsequently used in risk assessments and structural analyses. These objectives are mapped in the knowledge databases to examination questions or, if required, to other risks or measures. Although these protection targets can be renamed or deactivated, they cannot be deleted. They are marked under "Risk management → Risk policy → Protection targets" as "Manufacturer-specific protection targets".<br>
Weitere Schutzziele können von Experten frei definiert und bearbeitet werden.<br>
Additional protection targets can be freely defined and edited by experts.<br>
Since some manufacturer-specific protection targets are only required for certain industries, not all defined protection targets are supplied as standard. However, these can be imported if required. To do this, simply click on the arrow next to the plus and select the desired target for import.
Die Eintrittswahrscheinlichkeit bezeichnet die geschätzte Wahrscheinlichkeit für das Eintreten eines bestimmten Ereignisses in einem bestimmten zukünftigen Zeitraum (z.B. 1x in 30 Jahren).<br>
This function is needed, for example, to import knowledge bases created by HITGuard that require a protection target that is not delivered by default.
Klassen an Eintrittswahrscheinlichkeiten können frei definiert werden. Die Anzahl der Kategorien, der Name der Eintrittswahrscheinlichkeitsklassen sowie deren Beschreibung und hinterlegte Eintrittswahrscheinlichkeiten (in Häufigkeit je Zeitraum) ist dabei frei konfigurierbar.
<span id="Eintrittswahrscheinlichkeiten"></span>
== <span id="prob"></span>Probabilities of occurrence ==
<u><span id="Riskfactor"></span>Risikofaktor:</u>
The probability of occurrence is the estimated probability of the occurrence of a specific event in a given future period (e.g. 1x in 30 years).<br>
: Der Risikofaktor dient als Multiplikator für die Berechnung der Risikokennzahl eines Risikos. Dabei wird der Risikofaktor der gewählten Eintrittswahrscheinlichkeit mit dem Risikofaktor des gewählten Schadensausmaßes multipliziert und so die Risikokennzahl ermittelt.
:Die Risikokennzahl dient zur Reihung der Risiken. Je höher die Risikokennzahl desto größer die Bedeutung des Risikos.<br>
'''Beispiel in Anlehnung und Erweiterung zu TR719 (80001):'''
As the figure below shows classes of probabilities of occurrence can be freely defined. The number of categories, the name of the occurrence probability classes as well as their description and stored occurrence probabilities (in frequency per period) are freely configurable.
[[Datei:Eintrittswahrscheinlichkeiten.PNG|left|thumb|901px|Probability of occurrence mask]]
<br clear=all>
<u><span id="Riskfactor"></span>Risk factor:</u>
:The risk factor serves as a multiplier for calculating the risk ratio of a risk. The risk factor of the selected probability of occurrence is multiplied by the risk factor of the selected extent of damage, thus determining the risk ratio.
:The risk ratio serves to rank the risks. The higher the risk index, the greater the significance of the risk.<br>
<u>Factual:</u>
: This checkbox can only be activated for one probability of occurrence. If selected, this probability of occurrence is treated as absolute. Risks, opportunities and impacts evaluated as such are then fact. The factual probability of occurrence is marked as such when choosing it in the risk/opportunity/impact.
'''Example based on and extended to TR719 (80001):'''
{| class="wikitable"
{| class="wikitable"
|-
|-
! Eintrittswahrscheinlich-<br>keitsklassen
! Probability of -<br> occurrence classes
! Definition
! Definition
|-
|-
|rowspan = 2| Extrem selten
|rowspan = 2| Extremely rare
| Mindestens einmal in 30 Jahren
| At least once in 30 years.
|-
|-
| Es ist sehr unwahrscheinlich, dass unbeabsichtigte Auswirkungen auftreten.
| It is very unlikely that unintended effects will occur.
|-
|-
|rowspan = 2| Sehr selten
|rowspan = 2| Very rare
| Mindestens einmal in 10 Jahren
| At least once in 10 years.
|-
|-
|Es ist nicht wahrscheinlich, dass unbeabsichtigte Auswirkungen auftreten.
|It is unlikely that unintended effects will occur.
|-
|-
|rowspan = 2| Selten
|rowspan = 2| Rare
| Mindestens einmal in 3 Jahren
| At least once in three years.
|-
|-
| Es können hin und wieder unbeabsichtigte Auswirkungen auftreten.
| There may be unintended effects from time to time.
|-
|-
|rowspan = 2| Wahrscheinlich
|rowspan = 2| Probably
| Mindestens einmal jährlich
| At least once a year
|-
|-
| Es ist wahrscheinlich, dass unbeabsichtigte Auswirkungen auftreten.
| It is likely that unintended effects will occur.
|-
|-
|rowspan = 2| Häufig
|rowspan = 2| Frequently
| Mindestens einmal monatlich
| At least once a month
|-
|-
| Unbeabsichtigte Auswirkungen treten häufig auf.
| Unintended effects often occur.
|-
|-
|rowspan = 2| Sehr häufig
|rowspan = 2| Very frequent
| Mindestens einmal wöchentlich oder mehr
| At least once a week or more
|-
|-
| Unbeabsichtigte Auswirkungen treten sehr häufig bzw. nahezu immer auf.
| Unintended effects occur very frequently or almost always.
|}
|}
[[Datei:Eintrittswahrscheinlichkeiten.PNG|left|thumb|900px|Maske der Eintrittswahrscheinlichkeiten]]
<br clear=all>
<br clear=all>
== <span id="Kriterien für Schadensausmaße"></span>Kriterien für Schadensausmaße ==
<span id="Kriterien_für_Schadensausmaße"></span>
== <span id="Kriterien für Schadensausmaße"></span>Criteria for extent of damage ==
Ein Schaden ist nicht zwingend monetärer Natur. Er kann z.B: durch Effektivitätsverlust, Imageschaden oder Patientenschaden bestimmt werden. Aus diesem Grund bietet HITGuard die Möglichkeit Kriterien für Schadensausmaße frei zu konfigurieren. Diese Kriterien können dann wiederum auf Schadensausmaßklassen gemapped werden, und dadurch für Schutzbedarfsanalysen verwendet werden
Damage is not necessarily of a monetary nature. It can be determined, for example, by loss of effectiveness, image damage or patient damage. For this reason, HITGuard offers the possibility to freely configure criteria for the extent of damage. These criteria can then be mapped to extent of damage classes and thus be used for protection needs analyses.
Kriterien Schadensausmaße können unter "Risikomanagement → Risikopolitik → Kriterien für Schadensausmaße" definiert werden.
Criteria for the extent of damage can be defined under "Risk management → Risk policy → Criteria for extent of damage".
[[Datei:Kriterien für Schadensausmaße.PNG|left|thumb|900px|Example: Criteria for damage extent]]
<br clear=all>
[[Datei:Kriterien für Schadensausmaße.PNG|left|thumb|900px|Beispiel: Kriterien für Schadensausmaße]]
<span id="Schadensausmaße"></span>
<br clear=all>
== <span id="Schadensausmaße"></span>Extent of damage ==
Extent of loss is divided into classes. The loss severity classes are based on the risk-bearing capacity of the company. The highest loss severity class should therefore be based on the maximum loss that the company can bear.
If you want to use different damage extent classes in one or more management systems, then create an additional classification of extent of damage and benefit for this purpose. You can then create new damage extent classes for these.
Then assign the newly created classification to the desired management system as a classification under "Risk management → Settings".
Classes and classifications can be defined by administrators and experts by clicking on the plus next to the classes/classifications. (see figure)
Schadensausmaße werden in Klassen unterteilt. Die Schadensausmaßklassen orientieren sich dabei an der Risikotragfähigkeit des Unternehmens. Die höchste Schadensausmaßklasse sollte sich daher an dem maximalen für das Unternehmen tragbaren Schadens orientieren. Klassen können von Administratoren und Experten definiert werden.
: Dieser Wert stellt die Abhängigkeit, den der Schadensausmaß in einer Schutzbedarfsanalyse repräsentiert, in Prozent dar und wird im Graphen als Kantengewicht verwendet.
:This value represents the dependency that the extent of damage represents in a protection needs analysis in percent and is used in the graph as the edge weight.
:Grundlage der Ermittlung des Wertes kann z.B: die Untergrenze, Obergrenze oder der Mittelwert einer Schutzbedarfsklasse sein.
:The basis for determining the value can be, for example, the lower limit, upper limit or the mean value of a protection needs class.
:'''Beispiel:'''
:'''Example:'''
:{| class="wikitable"
:{| class="wikitable"
|-
|-
! Schadensausmaßklasse!! SBA Kantengewicht
! Damage extent class!! PNA edge weight
|-
|-
| Unbedeutend|| 10%
| insignificant || 10%
|-
|-
| Gering|| 20%
| Low || 20%
|-
|-
| Moderat|| 40%
| Moderately || 40%
|-
|-
| Hoch|| 60%
| Up || 60%
|-
|-
| Katastrophal|| 100%
| Catastrophic || 100%
|}
|}
<u>Risikofaktor:</u>
<u>Risk factor:</u>
: siehe [[#Riskfactor|hier]]
: The risk factor serves as a multiplier for calculating the risk ratio of a risk. The risk factor of the selected probability of occurrence is multiplied by the risk factor of the selected extent of damage, thus determining the risk ratio.
: The risk ratio serves to rank the risks. The higher the risk index, the greater the significance of the risk.<br>
: [[Datei:Beispielhafte Verteilung von Risikofaktoren auf einer Farbskala von Grün nach Rot..png|mini|Examplary distribution of risk factors on a color scale from green to red.]]This risk factor furthermore serves as criterium for the color of extent of damage classification in protection needs reports. On a color scale from green to red, the lowest risk factor results in the color green and the highest in the color red. Risk factors between those two result in colors according to their relative position on the scale from green to red.
<u>Kriterium hinzufügen:</u>
<u>Add criterion:</u>
: Hier können die bereits erstellten Kriterien auf eine Schadensausmaßklasse gemapped werden. Zudem sollte im Kontext der Klasse beschrieben werden welcher Schaden auftreten muss um ein Kriterium zu erfüllen.
:Here the criteria already created can be mapped to an extent of damage class. Furthermore, in the context of the class it should be described what kind of damage must occur to fulfill a criterion.
'''Beispiele für Schadensausmaßklassen:'''
'''Examples for damage extent classes:'''
{| class="wikitable"
{| class="wikitable"
|-
|-
! Schadensausmaßklasse
! Damage extent class
! Definition
! Definition
|-
|-
|rowspan = 4| Gering
|rowspan = 4| Low
| Monetärer Schaden: > 5T EUR und <= 25EUR
| Monetary damage: > 5.000 Euro and <= 25 Euro
|-
|-
| Patientenschaden: geringe und kurzzeitige Unannehmlichkeiten
| Patient harm: minor and short-term inconvenience
|-
|-
| Effektivitätsverlust: kein oder sehr begrenzter Einfluss auf Operationen/Prozeduren
| Effectiveness loss: no or very limited impact on operations/procedures
|-
|-
| Daten- und Systemsicherheit: Bekanntwerden einer entsprechenden Bedrohung oder Schwachstelle hat vernachlässigbaren Einfluss
| Data and system security: disclosure of a relevant threat or vulnerability has negligible effect
|-
|-
|rowspan = 4| Moderat
|rowspan = 4| Moderate
| Monetärer Schaden: > 25T EUR und <= 100T EUR
| Monetary damage: > 25,000 euros and <= 100,000 euros
|-
|-
| Patientenschaden: zeitlich begrenzte und geringere Verletzungen, medizinische Intervention erforderlich
| Patient damage: temporary and minor injuries, medical intervention required
|-
|-
| Effektivitätsverlust: sehr begrenzter oder belästigender Effekt auf Operationen/Maßnahmen
| Effectiveness loss: very limited or nuisance effect on operations/measures
|-
|-
| Daten- und Systemsicherheit: Offenlegung sensibler Informationen könnte negative (finanzielle) Folgen haben und möglicherweise Ressour-cenaufwand zur Beseitigung bedingen
| Data and system security: disclosure of sensitive information could have negative (financial) consequences and may require resources to remediate.
|-
|-
|rowspan = 4| Katastrophal
|rowspan = 4| Catastrophic
| Monetärer Schaden: > 10Mio EUR
| Monetary damage: > 10 million euros
|-
|-
| Patientenschaden: Tod
| Patient harm: Death
|-
|-
| Effektivitätsverlust: geplante Operationen/Prozeduren nicht mehr durchführbar
| Loss of effectiveness: planned operations/procedures no longer feasible
|-
|-
| Daten- und Systemsicherheit: Kann zu vollständiger Offenlegung sensibler Informationen führen
| Data and system security: may lead to full disclosure of sensitive information
Benefit is not necessarily of a monetary nature. It can be determined, for example, by heightened effectiveness, improved image, or patient health. For this reason, HITGuard offers the possibility to freely configure criteria for benefit. These criteria can then be mapped to classifications of extent of damage and benefit and thus be used in protection needs analyses.
Criteria for benefits can be defined under "Risk management → Risk policy → Criteria for benefit".
[[Datei:Risikopolitik_KriterienNutzen.png|left|thumb|900px|Example: Criteria for benefits]]
<br clear=all>
<br clear=all>
== Schutzbedarf ==
==Benefits==
Benefits are divided into classes. These are based on the company's ability to take advantage of opportunities. The highest benefit should, therefore, be based on the maximum benefit the company is able to achieve.
Der Schutzbedarf einer Ressource, Organisationseinheit, Datenkategorie oder eines Prozesses orientiert sich am Ausmaß der Schäden, die entstehen können, wenn die Funktionsweise beeinträchtigt ist. Da die Höhe eines Schadens häufig nicht genau bestimmt werden kann, sollten Sie für Ihren Anwendungszweck passende Klassen definieren.
If you want to use different benefit classes in one or more management systems, then create an additional classification of extent of damage and benefit for this purpose. You can then create new benefit classes for these.
Schutzbedarfsklassen können unter "Risikomanagement → Risikopolitik → Schutzbedarf" von Administratoren oder Experten erstellt und verwaltet werden.<br>
Then assign the newly created classification to the desired management system as a classification under "Risk management → Settings".
Die zuvor definierten Schadensausmaßklassen fallen je nach höhe Ihres [[#BIA edge weights|SBA Kantengewichtes]] in unterschiedliche Schutzbedarfsklassen (je höher das Kantengewicht umso höher der Schutzbedarf).
Classes and classifications can be defined by administrators and experts by clicking on the plus next to the classes/classifications. (see figure)
Die sogenannte SBA-Kantengewicht-Range (von bis) sorgt dafür, dass in der Strukturanalyse durch eine Abhängigkeitsanalyse, eine Schutzbedarfsklasse für eine Datenkategorie oder Ressource ermittelt werden kann. Diese Ermittlung leitet sich über die SBA-Kantengewicht-Range ab. Über alle eingehenden Schutzziel-Beziehungen je Ressource bzw. Datenkategorie wird dabei die Kantenabhängigkeit in % mit dem höchsten SBA-Wert ermittelt und daraus die zugehörige Schutzbedarfsklasse aus dem Range erhoben.
[[Datei:Risikopolitik_Nutzen.png|left|thumb|901px|Example: Benefit Sehr groß]]
<br clear=all>
Die Farbe dient zur Signalisierung der Wichtigkeit einer klasse in der Strukturanalyse.
<u>Monetary benefit:</u>
: Here you define how high the monetary benefit of a class is.
'''Beispiele für Schutzbedarfsklassen:'''
<u>Opportunity factor:</u>
*Normal: Die Schadensauswirkungen sind begrenzt und überschaubar.(0-30% SBA Kantengewicht)
*Hoch: Die Schadensauswirkungen können beträchtlich sein.(30-70% SBA Kantengewicht)
*Sehr Hoch: Die Schadensauswirkungen können ein existentiell bedrohliches, katastrophales Ausmaß erreichen.(70-100% SBA Kantengewicht)
: The opportunity factor serves as a multiplier for calculating the risk ratio of an opportunity. The risk factor of the selected probability of occurrence is multiplied by the opportunity factor of the selected benefit, thus determining the risk ratio.
: The risk ratio serves to rank the risks and opportunities. The higher the risk ratio (meaninng, the further away from zero), the greater the significance of the opportunity.<br>
<u>Add criterion:</u>
:Here the criteria already created can be mapped to a benefit class. Furthermore, in the context of the class it should be described what kind of benefit must occur to fulfill a criterion.
Since protection goals can have different meanings in different classifications, it is possible to specify synonyms for the respective classifications in terms of their naming. For example, the protection goal "confidentiality" can be interpreted as privacy in the context of the data protection classification (see figure). This means that wherever the protection goal is applied, the protection goal characteristic of the damage extent classification of the data privacy management system - i.e., the designation "privacy" - is displayed.
This menu item is only visible if at least two damage extent classifications exist.
Die Risikomatrix ergibt sich für jede Schutzbedarfsklasse aus der Kombination von Schadensausmaß (Vertikal) und Eintrittswahrscheinlichkeit (Horizontal). Hierzu werden die jeweiligen Risikofaktoren multipliziert um die Risikokennzahl zu erhalten. Je höher die Risikokennzahl desto kritischer ist ein Risiko und umso dringender muss ein Risiko behandelt werden um schwerwiegende Folgen zu verhindern.<br>
The protection requirements of a resource, organizational unit, data category, or process are based on the extent of damage that can occur if its operation is impaired. Since it is often not possible to determine the exact amount of damage, you should define classes that are suitable for your application.
Administratoren und Experten können unter "Risikomanagement → Risikopolitik → Risikomatrix" festlegen in welcher Farbe eine Risikokennzahl im Dashboard und der Strukturanalyse angezeigt wird (Je kritischer und dringender desto alarmierender sollte die Farbe sein). Weiters dient die Risikokennzahl der Reihung der Risiken auf dem Dashboard.
Protection Needs Classes can be created and managed by administrators or experts under "Risk Management → Risk Policy → Protection Needs".<br>
The previously defined damage extent classes fall into different protection needs classes depending on the height of your [[#BIA edge weights|PNA edge weight]] (the higher the edge weight, the higher the protection need).
The so-called PNA edge weight range (from to) ensures that a dependency analysis can be used in the structural analysis to determine a protection needs class for a data category or resource. This determination is derived from the PNA edge weight range. For all incoming protection target relationships per resource or data category, the edge dependency is determined in % with the highest PNA value and the corresponding protection need class is determined from the range.
Die Datenklassifikation gibt vor wie Daten, abhängig von Ihrer Klassifizierung, zu handhaben sind. Dies richtet sich nach der Vertraulichkeit der Daten und dem damit einhergehenden erwünschtem Schutzniveau.
The color is used to signal the importance of a class in the structural analysis.
Die Anzahl der Kategorien, der Name der Datenklasse sowie deren Beschreibung sind dabei frei definierbar. Eine neue Klasse kann über den „Plus Button“ erstellt werden.
Üblicherweise kann man eine Assoziation ableiten, sodass der unterschiedlich geltende Schutzbedarf je Datenklasse über die, mit dem Vertraulichkeitsrisiko zusammenhängende Schadensausmaßklasse zu erklären ist. Daher ist ein Mapping zwischen Daten- und Schadensausmaßklassen möglich.
''' Examples for protection needs classes:'''
*Normal: The damage effects are limited and manageable (0-30% PNA edge weight).
*High: The damage effects can be considerable (30-70% PNA edge weight).
*Very high: The damage effects can reach an existentially threatening, catastrophic magnitude (70-100% PNA edge weight).
'''Beispiel:'''
<span id="Risikomatrix"></span>
== <span id="riskmatrix"></span>Risk matrix==
The risk matrix for each protection requirement class results from the combination of extent of damage (vertical) and probability of occurrence (horizontal). For this purpose, the respective risk factors are multiplied in order to obtain the risk ratio. The higher the risk or opportunity ratio (as in, the further away from zero), the more critical a risk is and the more urgent it must be dealt with in order to prevent serious consequences, and the greater an opportunity is and the sooner it should be taken advantage of to gain a benefit.<br>
Administrators and experts can specify in which color a risk indicator is displayed in the dashboard and structural analysis (the more critical and urgent a risk is, the more alarming the color should be) under " Risk Management → Risk policy → Risk matrix". Furthermore, the risk indicator serves to rank the risks and opportunities on the dashboard.
For each classification of extent of damage and benefit there is a separate risk matrix that can be configured.
The data classification specifies how data is to be handled, depending on your classification. This depends on the confidentiality of the data and the corresponding desired level of protection.
The number of categories, the name of the data class and its description are freely definable. A new class can be created using the "Plus" button.
It is usually possible to derive an association so that the different protection needs for each data class can be explained by the extent of damage associated with the confidentiality risk. Mapping between data classes and damage severity classes is therefore possible.
If several damage extent classifications exist, it is necessary to select from which classification the damage extent originates.
[[Datei:Beispiel Datenklassen.PNG|left|thumb|901px|Example: Class "Strictly confidential" ]]
The <i>abilities to control</i> are used to evaluate the quality of the risk treatment measures and controls that have already been implemented for a risk. More about the context of their application can be found [[Special:MyLanguage/Risikobewertung | here]].
The <i>abilities to control</i> available for that evaluation can be managed here.
A new <i>ability to control</i> can be created with the "plus" button. Existing ones can be deleted with the "trash can" button.
The following <i>abilities to control</i> are offered by default:
* '''nicht relevant | not relevant''' - The ability to control the risk with the assigned set of measures and controls is not relevant.
* '''initial | initial''' - The ability to control the risk with the assigned set of measures and controls is in an early state of development.
* '''gemanagt | managed''' - The ability to control the risk with the assigned set of measures and controls can done successfully.
* '''definiert | defined''' - The ability to control the risk with the assigned set of measures and controls is reproducible and can be handled with an adapted standard process.
* '''gemessen | measured''' - The ability to control the risk with the assigned set of measures and controls is measurable with a statistical control.
* '''optimiert | optimized''' - The ability to control the risk with the assigned set of measures and controls is measurable with a statistical control and can improve the modus operandi.
These classes are recommendations and can be edited by Expert users; they are only available in German in the tool.
[[Datei:Abilities to control.PNG|left|thumb|900px|Abilities to control ]]
== <span id="riskcats"></span>Categories of risks/opps and impacts==
To be better able to manage and thus treat identified risks, opportunities, and impacts, categories can be defined under "Risk management → Risk policy → Categories of risks/opps and impacts".
New risk categories can be added with the "Plus" button. They can be renamed at any time. Categories that have not been selected for any risks/opps/impacts can also be deleted. The "Delete" button is deactivated for any categories that are currently in use.
[[Datei:Risikokategorien_Risikopolitik.png|left|thumb|901px|Risk policy > Categories or risks/opps and impacts]]
<br clear=all>
Individual risks, opportunities, and impacts can be assigned to and grouped by one or more category.
[[Datei:Risikokategorien_Übersicht.png|left|thumb|900px|Categories in the overview of risks]]
<br clear=all>
<span id="Kriterien_für_Auswirkungen"></span>
==Criteria for impacts==
An ilmpact can be of different natures. Therefore, HITGuard offers the possibility to freely configure criteria for impacts. These criteria can then be mapped to impacts.
Criteria for impacts can be defined under "Risk management → Risk policy → Criteria for impacts".
[[Datei:Risikopolitik_KriterienAuswirkungen.png|left|thumb|900px|Example: criteria for impacts]]
The impact classifications describe the scale, scope, and remedy (only for negative impacts) of an impact. The are used in the materiality analysis to evaluate positive and negative impacts on the organization from outside and outwards by the organization. Using criteria, additional details can be recorded for the individual impacts.
Impact classes can be defined for each of the three classifications.
<u>Add criterion:</u>
:Here the criteria already created can be mapped to an impact class. Furthermore, in the context of the class it should be described what kind of circumstance must occur to fulfill a criterion.
<u>Impact factor:</u>
: The impact ratio is calculated from the impact factors of the impact classes and the risk factor of the probability of occurrence. Like the risk ratio, it shows how big or small an impact is by a company on its environment.
All settings and configurations made here are globally valid. I.e. they affect all management systems and can only be edited by experts or administrators.
Protection targets
Each standard as well as each management system pursues a given purpose. Goals are defined to ensure their protection.
Manufacturer-specific protection targets (acc. to ISO 27001, ISO 80001):
Confidentiality
Availability
Integrity
The manufacturer-specific protection targets are subsequently used in risk assessments and structural analyses. These objectives are mapped in the knowledge databases to examination questions or, if required, to other risks or measures. Although these protection targets can be renamed or deactivated, they cannot be deleted. They are marked under "Risk management → Risk policy → Protection targets" as "Manufacturer-specific protection targets".
Additional protection targets can be freely defined and edited by experts.
An example for a protection target:
Import manufacturer-specific protection targets
Since some manufacturer-specific protection targets are only required for certain industries, not all defined protection targets are supplied as standard. However, these can be imported if required. To do this, simply click on the arrow next to the plus and select the desired target for import.
This function is needed, for example, to import knowledge bases created by HITGuard that require a protection target that is not delivered by default.
Probabilities of occurrence
The probability of occurrence is the estimated probability of the occurrence of a specific event in a given future period (e.g. 1x in 30 years).
As the figure below shows classes of probabilities of occurrence can be freely defined. The number of categories, the name of the occurrence probability classes as well as their description and stored occurrence probabilities (in frequency per period) are freely configurable.
Probability of occurrence mask
Risk factor:
The risk factor serves as a multiplier for calculating the risk ratio of a risk. The risk factor of the selected probability of occurrence is multiplied by the risk factor of the selected extent of damage, thus determining the risk ratio.
The risk ratio serves to rank the risks. The higher the risk index, the greater the significance of the risk.
Factual:
This checkbox can only be activated for one probability of occurrence. If selected, this probability of occurrence is treated as absolute. Risks, opportunities and impacts evaluated as such are then fact. The factual probability of occurrence is marked as such when choosing it in the risk/opportunity/impact.
Example based on and extended to TR719 (80001):
Probability of - occurrence classes
Definition
Extremely rare
At least once in 30 years.
It is very unlikely that unintended effects will occur.
Very rare
At least once in 10 years.
It is unlikely that unintended effects will occur.
Rare
At least once in three years.
There may be unintended effects from time to time.
Probably
At least once a year
It is likely that unintended effects will occur.
Frequently
At least once a month
Unintended effects often occur.
Very frequent
At least once a week or more
Unintended effects occur very frequently or almost always.
Criteria for extent of damage
Damage is not necessarily of a monetary nature. It can be determined, for example, by loss of effectiveness, image damage or patient damage. For this reason, HITGuard offers the possibility to freely configure criteria for the extent of damage. These criteria can then be mapped to extent of damage classes and thus be used for protection needs analyses.
Criteria for the extent of damage can be defined under "Risk management → Risk policy → Criteria for extent of damage".
Example: Criteria for damage extent
Extent of damage
Extent of loss is divided into classes. The loss severity classes are based on the risk-bearing capacity of the company. The highest loss severity class should therefore be based on the maximum loss that the company can bear.
If you want to use different damage extent classes in one or more management systems, then create an additional classification of extent of damage and benefit for this purpose. You can then create new damage extent classes for these.
Then assign the newly created classification to the desired management system as a classification under "Risk management → Settings".
Classes and classifications can be defined by administrators and experts by clicking on the plus next to the classes/classifications. (see figure)
Beispiel: Schadensausmaß Hoch
Monetary damage:
Here you define how high the monetary damage of a class is.
PNA Edge weight:
This value represents the dependency that the extent of damage represents in a protection needs analysis in percent and is used in the graph as the edge weight.
The basis for determining the value can be, for example, the lower limit, upper limit or the mean value of a protection needs class.
Example:
Damage extent class
PNA edge weight
insignificant
10%
Low
20%
Moderately
40%
Up
60%
Catastrophic
100%
Risk factor:
The risk factor serves as a multiplier for calculating the risk ratio of a risk. The risk factor of the selected probability of occurrence is multiplied by the risk factor of the selected extent of damage, thus determining the risk ratio.
The risk ratio serves to rank the risks. The higher the risk index, the greater the significance of the risk.
Examplary distribution of risk factors on a color scale from green to red.This risk factor furthermore serves as criterium for the color of extent of damage classification in protection needs reports. On a color scale from green to red, the lowest risk factor results in the color green and the highest in the color red. Risk factors between those two result in colors according to their relative position on the scale from green to red.
Add criterion:
Here the criteria already created can be mapped to an extent of damage class. Furthermore, in the context of the class it should be described what kind of damage must occur to fulfill a criterion.
Examples for damage extent classes:
Damage extent class
Definition
Low
Monetary damage: > 5.000 Euro and <= 25 Euro
Patient harm: minor and short-term inconvenience
Effectiveness loss: no or very limited impact on operations/procedures
Data and system security: disclosure of a relevant threat or vulnerability has negligible effect
Moderate
Monetary damage: > 25,000 euros and <= 100,000 euros
Patient damage: temporary and minor injuries, medical intervention required
Effectiveness loss: very limited or nuisance effect on operations/measures
Data and system security: disclosure of sensitive information could have negative (financial) consequences and may require resources to remediate.
Catastrophic
Monetary damage: > 10 million euros
Patient harm: Death
Loss of effectiveness: planned operations/procedures no longer feasible
Data and system security: may lead to full disclosure of sensitive information
Criteria for benefits
Benefit is not necessarily of a monetary nature. It can be determined, for example, by heightened effectiveness, improved image, or patient health. For this reason, HITGuard offers the possibility to freely configure criteria for benefit. These criteria can then be mapped to classifications of extent of damage and benefit and thus be used in protection needs analyses.
Criteria for benefits can be defined under "Risk management → Risk policy → Criteria for benefit".
Example: Criteria for benefits
Benefits
Benefits are divided into classes. These are based on the company's ability to take advantage of opportunities. The highest benefit should, therefore, be based on the maximum benefit the company is able to achieve.
If you want to use different benefit classes in one or more management systems, then create an additional classification of extent of damage and benefit for this purpose. You can then create new benefit classes for these.
Then assign the newly created classification to the desired management system as a classification under "Risk management → Settings".
Classes and classifications can be defined by administrators and experts by clicking on the plus next to the classes/classifications. (see figure)
Example: Benefit Sehr groß
Monetary benefit:
Here you define how high the monetary benefit of a class is.
Opportunity factor:
The opportunity factor serves as a multiplier for calculating the risk ratio of an opportunity. The risk factor of the selected probability of occurrence is multiplied by the opportunity factor of the selected benefit, thus determining the risk ratio.
The risk ratio serves to rank the risks and opportunities. The higher the risk ratio (meaninng, the further away from zero), the greater the significance of the opportunity.
Add criterion:
Here the criteria already created can be mapped to a benefit class. Furthermore, in the context of the class it should be described what kind of benefit must occur to fulfill a criterion.
Protection target synonyms
Since protection goals can have different meanings in different classifications, it is possible to specify synonyms for the respective classifications in terms of their naming. For example, the protection goal "confidentiality" can be interpreted as privacy in the context of the data protection classification (see figure). This means that wherever the protection goal is applied, the protection goal characteristic of the damage extent classification of the data privacy management system - i.e., the designation "privacy" - is displayed.
This menu item is only visible if at least two damage extent classifications exist.
Protection target synonyms
Protection requirement
The protection requirements of a resource, organizational unit, data category, or process are based on the extent of damage that can occur if its operation is impaired. Since it is often not possible to determine the exact amount of damage, you should define classes that are suitable for your application.
Protection Needs Classes can be created and managed by administrators or experts under "Risk Management → Risk Policy → Protection Needs".
Example: Protection requirement High
The previously defined damage extent classes fall into different protection needs classes depending on the height of your PNA edge weight (the higher the edge weight, the higher the protection need).
The so-called PNA edge weight range (from to) ensures that a dependency analysis can be used in the structural analysis to determine a protection needs class for a data category or resource. This determination is derived from the PNA edge weight range. For all incoming protection target relationships per resource or data category, the edge dependency is determined in % with the highest PNA value and the corresponding protection need class is determined from the range.
The color is used to signal the importance of a class in the structural analysis.
Examples for protection needs classes:
Normal: The damage effects are limited and manageable (0-30% PNA edge weight).
High: The damage effects can be considerable (30-70% PNA edge weight).
Very high: The damage effects can reach an existentially threatening, catastrophic magnitude (70-100% PNA edge weight).
Risk matrix
The risk matrix for each protection requirement class results from the combination of extent of damage (vertical) and probability of occurrence (horizontal). For this purpose, the respective risk factors are multiplied in order to obtain the risk ratio. The higher the risk or opportunity ratio (as in, the further away from zero), the more critical a risk is and the more urgent it must be dealt with in order to prevent serious consequences, and the greater an opportunity is and the sooner it should be taken advantage of to gain a benefit.
Administrators and experts can specify in which color a risk indicator is displayed in the dashboard and structural analysis (the more critical and urgent a risk is, the more alarming the color should be) under " Risk Management → Risk policy → Risk matrix". Furthermore, the risk indicator serves to rank the risks and opportunities on the dashboard.
For each classification of extent of damage and benefit there is a separate risk matrix that can be configured.
Example: risk matrix
Data classes
The data classification specifies how data is to be handled, depending on your classification. This depends on the confidentiality of the data and the corresponding desired level of protection.
The number of categories, the name of the data class and its description are freely definable. A new class can be created using the "Plus" button.
It is usually possible to derive an association so that the different protection needs for each data class can be explained by the extent of damage associated with the confidentiality risk. Mapping between data classes and damage severity classes is therefore possible.
If several damage extent classifications exist, it is necessary to select from which classification the damage extent originates.
Example: Class "Strictly confidential"
Example:
Data classes
! Damage extent class
Public
Very Low (Default)
Internal
Medium (default)
Confidential
Large (default)
Secret
Very Large (default)
Abilities to control
The abilities to control are used to evaluate the quality of the risk treatment measures and controls that have already been implemented for a risk. More about the context of their application can be found here.
The abilities to control available for that evaluation can be managed here.
A new ability to control can be created with the "plus" button. Existing ones can be deleted with the "trash can" button.
The following abilities to control are offered by default:
nicht relevant | not relevant - The ability to control the risk with the assigned set of measures and controls is not relevant.
initial | initial - The ability to control the risk with the assigned set of measures and controls is in an early state of development.
gemanagt | managed - The ability to control the risk with the assigned set of measures and controls can done successfully.
definiert | defined - The ability to control the risk with the assigned set of measures and controls is reproducible and can be handled with an adapted standard process.
gemessen | measured - The ability to control the risk with the assigned set of measures and controls is measurable with a statistical control.
optimiert | optimized - The ability to control the risk with the assigned set of measures and controls is measurable with a statistical control and can improve the modus operandi.
These classes are recommendations and can be edited by Expert users; they are only available in German in the tool.
Abilities to control
Categories of risks/opps and impacts
To be better able to manage and thus treat identified risks, opportunities, and impacts, categories can be defined under "Risk management → Risk policy → Categories of risks/opps and impacts".
New risk categories can be added with the "Plus" button. They can be renamed at any time. Categories that have not been selected for any risks/opps/impacts can also be deleted. The "Delete" button is deactivated for any categories that are currently in use.
Risk policy > Categories or risks/opps and impacts
Individual risks, opportunities, and impacts can be assigned to and grouped by one or more category.
Categories in the overview of risks
Criteria for impacts
An ilmpact can be of different natures. Therefore, HITGuard offers the possibility to freely configure criteria for impacts. These criteria can then be mapped to impacts.
Criteria for impacts can be defined under "Risk management → Risk policy → Criteria for impacts".
Example: criteria for impacts
Classifications for impacts
The impact classifications describe the scale, scope, and remedy (only for negative impacts) of an impact. The are used in the materiality analysis to evaluate positive and negative impacts on the organization from outside and outwards by the organization. Using criteria, additional details can be recorded for the individual impacts.
Impact classes can be defined for each of the three classifications.
Add criterion:
Here the criteria already created can be mapped to an impact class. Furthermore, in the context of the class it should be described what kind of circumstance must occur to fulfill a criterion.
Impact factor:
The impact ratio is calculated from the impact factors of the impact classes and the risk factor of the probability of occurrence. Like the risk ratio, it shows how big or small an impact is by a company on its environment.
