Skip to content
This repository has been archived by the owner on Sep 4, 2021. It is now read-only.
Abder edited this page Nov 23, 2020 · 5 revisions

About ASF Risk Manager

ASF Risk Manager is part of intuitem global approach to agile cyber security management through a simple, agile and structured approach. It relies on multiple pillars and tooling is one of them.

During our job as auditors and interactions with customers, we noticed how fragmented risk analysis is done when relying on spreadsheet across multiple auditors and teams, which end up not being used. We start then working on this web app to structure risk analysis with structured scaling, reporting and analysis. Since then, and thanks to our users, who are mainly cyber security experts, we were able to add extra features and take the integration even further with the team with jira support. A lot is still to come and we would appreciate your feedback to take ASF RM to the next level.

If you just started your demo, make sure that you got the access to the support portal.

Organisation

Overview

Before you start, here is how ASF Risk Manager is structured. The portal is organised into two sections:

  • Back office: where you input your data and manage the settings
  • Front: where the data are rendered and analysed

ASF Risk Manager helps you organize your risk analysis across the objects described below.

Objects

  • User: local account to ASF Risk Manager to access the front or back office according to the attributed scope
  • Project: the scope of your analysis
  • Auditor: an attribute to the project indicating who is managing the risk analysis. An auditor can be assigned to multiple projects. The auditor is not linked to the user.
  • Project group: help structure your projects for an easier access management
  • Project authorisation: affects the front module and is managed per user to give access to one or multiple project groups.
  • Risk: generic and global risk that you define. Risk are usually general and do not have a lifecycle.
  • Risk instance: the most frequent object and the actual projection of a risk on your project. It is attached to one Risk and to one project.
  • Solution (coming soon): not available yet, generic solution definition to reduce your risk instance.
  • Mitigation: a process or technical solution to reduce your risk instance. Each risk instance can have one or multiple mitigations.
  • Derogation: simple object to track security exception. Currently not linked to other objects.
Clone this wiki locally