3 - The Problem Risk Assessment

3 - The Problem Risk Assessment

What is the Problem Risk Assessment?

Put plainly, the Problem Risk Assessment (PRA) is a simplified risk assessment with lower documentation requirements when compared to IT system assessments. The PRA is an option for risk assessing problems that are not bound to specific systems or the organizational risk assessment. This problem analysis approach is tailored for cases such as the Log4j vulnerability. One quickly needs to get an overview of the situation, map out implications, and implement countermeasures.

Results from the PRA will be juxtapositioned with risks from other risk assessments in Diri. You can sort on risk assessment type in both the Risk assessment overview and the Risk registry.

Why the PRA?

The PRA was primarily added to ease the access the Diri's risk analysis features. Not all risk assessments fit the IT systems approach or are a part of the strategic overall risk assessment. Sometimes, one just needs to quickly assess a specific problem and figure out how to deal with it. The PRA offers quick access to a simplified risk assessment with fewer documentation requirements.

When and how to use the PRA

We can not predict all situations where the PRA will be an appropriate choice. But the PRA should, for example, be used in cases where a novel problem occurs that spans widely in the organization, and we need to quickly assess the problem and delegate countermeasures.
The registration step only asks to register the name, description, delimitations, and participants for the assessment. The assessment allows you to choose implicated existing systems, if any, and promptly access the Diri risk analysis.

    • Related Articles

    • Copy and re-use risk assessments

      Copying whole risk assessments The copy button is available on all risk assessment objects Are you delighted with one or more of your assessments? Or is the same IT system in use multiple places? Existing risk assessments can be copied and re-used in ...
    • Published Risk Assessments

      Diri AS have made risk assessment templates for copying to ease your way into cyber risk management. The templates are available through the "Published Assessments"-feature on the risk assessment overview. The library will contain templates for ...
    • Add risks from template

      Create a set of baseline risks for all assessments Currently, the beta version of this functionality in production only allows for copying the template to one risk assessment at a time. The functionality does not copy risk treatments to prevent the ...
    • 1 - Overall Risk Assessment

      What is the Overall Risk Assessment? The Overall risk assessment (ORA) provides the easiest way to get started with risk assessments in Diri. The Diri ORA asks you to briefly describe the parts of your organization that impact cybersecurity, such as ...
    • 2 - The ICT System Risk Assessment

      What is an ICT system? ICT (information, communication, and technology) systems are the most basic type of risk assessments in Diri: An ICT system is a set-up consisting of hardware, software, data and the people who use them. It commonly includes ...