Skip to content

Configuration (assigning risks)

Purpose🔗

In the Configuration section you assign risks to the appropriate categories (e.g. Data, Service Providers, Hardware, Personnel). The domain relevance of a risk determines which modules it is displayed in.

This ensures that risks only appear where they are relevant — for example, only in the ISO 27001 context or across several modules simultaneously.

View Layout🔗

The view is divided into three areas:

  1. Selection of the Category (e.g. Data, Service Providers, Processes).
  2. List of available risks (center).
  3. List of risks assigned to the category (right).

Many standard risks are already predefined. You can adopt them or add your own.

Usage🔗

Assigning Threats🔗

  1. Open the Risk Management → Configuration section.
  2. Select the desired Category on the left (e.g. "Data").
  3. In the center list you can see all available risks.
  4. Drag existing threats via drag & drop to the right to the threats assigned to the category.
  5. Repeat the assignment until all relevant categories are appropriately populated.

This way you assign, for example, the risk "Data loss due to hardware defect" to all data assets.
In the risk analysis this risk will then be displayed for all data resources.

Creating New Threats🔗

If a threat is missing, you can create it directly in the configuration:

  1. Click + Add Risk in the risks area (or use the three-dot menu).
  2. Enter:
  3. Name
  4. Description
  5. optionally domain relevance (e.g. whether the risk should also be used in the ISMS or IT-Grundschutz)
  6. Save the risk.

Newly created risks are immediately available in the configuration and later in the risk analysis.

Mandatory fields

Red exclamation marks indicate mandatory fields. The risk cannot be saved without this information.

Domain Relevance🔗

Using domain relevance you can control which modules a risk is used in (e.g. ISO 27001, IT-Grundschutz, BCM).

Advantages:

  • You maintain risks only once in a central location.
  • The same risk catalog is available in other modules.
  • Evaluations and comparisons across modules become easier.

Notes & Best Practices🔗

  • Keep the number of risk categories manageable so that it remains easy for departments to get started.
  • When introducing new modules, first check whether existing risks can be reused instead of creating new duplicates.