The Diri five step process
Why the five step process
Diri is developed to support companies that need to carry out risk assessments. Diri is designed to give your company an overview of risk together with risk reducing measures. Processes and methods are developed by Diri, but are based on recognized methods such as ISO/IEC 27005. By using Diri actively, your business will at all times have an updated risk picture.
When you carry out a risk assessment in Diri, you will be encouraged to follow a 5-step process. The process is designed to ensure high-quality results while being user-friendly and easy-to-follow. The process should be carried out in sequencial order and we encourage you to complete each step as much as possible to achieve the highest possible quality.
The five steps
Diri does not require you to fill in all the information to unlock the steps of the risk assessment process. The checkmarks asks the user to manually sign off that each step is completed. This adds more flexibility to the risk assessment process and allows the user to work on all the steps.
The five step process for risk assessments. Each box requires the user to mark as completed.
The Step 1 - Registration step lets you describe the object that is being evaluated. The Step 2 - Asset evaluation helps you map out key assets that are a part of the risk assessment scope, these will be visible in the asset register. The Step 3 - Risk assessment gives access to the risk analysis module in Diri. Results from this process will be found in the risk register and treatment overview. The Step 4 - Risk Treatment plan is in its essence a cost-benefit analysis of treatment efficiency compared to cost. Finally, step 5 is the risk acceptance where the risk assessment is given a formal approval.
Progression tracking in the main dashboard
You can track the workflow progession in the main dashboard using the follwing dashboard card:
Dashboard card: Progression overview for risk assessments
The above dashboard card is built on cumulative progression tracking and counts the number of risk assessments that have marked each step as completed. This means that a risk assessment that has marked the registration and asset evaluation steps as completed will be counted in both bars.
The "Needs to be revised" bar shows risk assessments that have passed the revision date and needs an update.
Related Articles
The Diri Risk Matrix
What is the Diri Risk Matrix? The Risk Matrix in Diri is a classic visualization matrix that illustrates risks on two axes, with probability on the Y-axis and consequence on the X-axis. In Diri, a risk is a combination of a cause, an event, and a ...Published Risk Assessments
Diri AS have made risk assessment templates for copying to ease your way into cyber risk management. The templates are available through the "Published Assessments"-feature on the risk assessment overview. The library will contain templates for ...The Diri Control Matrix
What is the Diri Control Matrix? The Diri control matrix (DCM) is an innovation unique to our software. In short, the DCM is a security control visualization tool that allows for in-depth analysis of how well the system security is managed. The DCM ...Step 1 - Registration
Registering your risk assessment All risk assessments in Diri have to be registered. It is important to register the necessary information for the risk assessment for auditing and traceability purposes. The information registered in this step will ...2 - The ICT System Risk Assessment
What is an ICT system? ICT (information, communication, and technology) systems are the most basic type of risk assessments in Diri: An ICT system is a set-up consisting of hardware, software, data and the people who use them. It commonly includes ...