Risk scenario: use applied controls in current risk

intuitem / ciso-assistant-community

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber, NCSC, ECC, SCF and so much more

https://intuitem.com

Other

1.19k stars 168 forks source link

Risk scenario: use applied controls in current risk #506

Open tovam opened 6 months ago

tovam commented 6 months ago

Currently the 'current risk' analysis only contains a text field, am I missing a reason not to also include an applied control selector field like for the residual risk section below, or is it an oversight?

ab-smith commented 5 months ago

Thanks @tovam that’s indeed a design choice we made previously to ease up the risk assessment and have less objects to create, but is probably outdated now with the rich client capabilities. we’ll discuss it for this summer improvements.