February Diri software update

February Diri software update

We are planning to update the Diri application on the 14. February. The changes will be minor and will focus on the usability of Diri. Summarized: 
  • It is now possible to translate the Diri libraries.
  • Workflow progression and tracking will be improved. 
  • We are exchanging one and adding another variable for the ICT system description.
  • It is now possible to quickly create elements directly in the treatments list. 
  • Added import of spreadsheet data in a standardized format.

Translating and editing the Diri libraries

One of our significant technical challenges has been finding a way for users to add new fields in their language and deal with the translations. We are happy to report that we have solved this problem. The whole application will be more language dynamic from the middle of February. All libraries in the app will be available in English, including events, threats, consequences, and vulnerabilities. You can also edit your libraries via the Settings GUI. However, event types in use can not be deleted.

Important changes to workflow

Workflow progression and tracking

We are replacing the automatic progress checkmarks in the Risk assessment dashboard because they are no longer a dependent workflow tracker. The new way to mark a progression in the risk assessment is that the users themselves manually check the step as completed. Step 5 - Complete and Confirm will still be completed by signing the risk assessment and accepting risk. No changes will be made to the existing progression marks for existing risk assessments in Diri. 

Clicking the checkmark will now mark the step as complete. In the main dashboard, we retain the old progress Piechart. Still, we are also introducing a histogram overview of risk assessments which shows the distribution of risk assessments having completed each step. The histogram facilitates more flexibility regarding progress tracking of risk assessments where users want to follow a non-standard process. The histogram also tracks risk assessments that need revision

The Diri five-step process now requires the user to mark a step as completed. The new dashboard card for progress tracking to the right.

Changes to system registrations

We are replacing one and adding another variable to the first page of registration on the system risk assessment:

  1. Replacing the System nickname variable with tags: You can now tag your system with properties instead of giving a nickname. Suppose you are actively using the System nickname field. In that case, the text already present in the field will be retained and converted to the tag format.

  2. New System criticality-variable: This option lets you quickly prioritize your system and strategically plan for risk assessments. The option enables you to categorize your systems within a five-point importance Likert-scale and visualise the rankings in a new dashboard card.

Add global risk treatments from the treatment list

Creating a global treatment from the menu Treatment option is now possible. The prerequisite is that the treatment must be connected to an organizational risk assessment. Click the "Add global treatment" button on the top of the page to quickly create a new treatment.

The new add global treatment feature in the Treatment list

Import of spreadsheets of existing system portofolio

While our API is up and running, we are also building a standardized import function to ease the transition into Diri. The import is for those who have already created a system portfolio and wants to import it in Diri. The spreadsheet import has standardized fields that map to the Diri app's registration fields and is limited to creating the assessment and filing information in the system registration step.

Minor changes and fixes

  • The Diri helper is now available on the Risk assessment dashboard
  • More fields use auto complete for filling organization names and user’s names
  • Customer marking in organization tree where customer information is stored
  • Treatment with several connected systems shows orgname for system if system name is ID or empty
  • Security fix: Added Http Strict Transport Security to mitigate issue: "Strict transport security not enforced"
  • Copying system adds time of copying as default creation date, but allows for copying original creation date