Controls Methodology
This section allows you to establish different methodologies on which you can evaluate several controls or systems implemented in the organization for mitigating the risks.
This option allows the user to parameterize the calculation of the company controsl. GlobalSUITE allows you to carry out the following initial options:
Add: It allows you to select one of the created methodologies. For this task, you select the methodology in the dropdown and click on the button 'Add'.
New: You can insert a new entry in the table.
Remove: It offers the possibility of removing one methodology from the list. For this task you have to select the row and click on the button 'Remove'.
When you click on one of the methodologies, GlobalSUITE shows the following options for parameterizing the methodology.
Configuration Dimensions of the Methodology
Name: It identifies the methdology name. This name appears on the methodologies list.
Type of Methodology: It reports about the methodology type which are being managed.
Dimensions: It allows the configuration of the dimensions to valuate in the risk analysis for each one of the risk of the implemented controls. You can create and remove dimensions, and you can also configure the order of the table with the bottons 'Move up Dimension' and 'Move down dimension'.
This is the information which the table shows:
Nickname : This name is generated automatically by the platform.
Name: It shows the dimension name. Clicking twice on the cell it allows you to change the name.
Order: It identifies the order on which the dimension will appear in the risk analysis.
Show color: It allows you to define the dimension with a color.
Minimum value: This field identifies the minimun number on which it's calculated the formula of the selected dimension.
Type: It identifies whether the dimension is Text type or not.
Visible: It identifies whether the dimension will be visible in:
Tables: In the table of Controls Management, Risk Analysis, etc.
Control ticket: In the control ticket itself.
All: Both in the tables, as in the control ticket.
Editable: It identifies whether the dimension will be editable in:
Tables: In the table of Controls Management, Risk Analysis, etc.
Control ticket: In the control ticket itself.
All: Both in the tables, as in the control ticket.
Dimension Type: It offers the possibility of establishing the calculation methodology of the dimensions, you can select the calculation among the following ones:
Quantitative: It allows you to define that the calculation of the dimension, which you have selected, will be quantitative and selecting a numerical value in the dimension.
Qualitative: It allows you to define that the calculation of the dimension, which you have selected, will be qualitative and you can establish an specific range of values (E.g: High, Medium, Low).
Value: It allows how we want to carry out the calculation (Manually or automatically) of the dimension you have selected on the previous table.
Type of Calculation: In case you have selected the automatic option, GlobalSUITE offers the following options:
Cartesian product: It allows you to establish the calculation of the dimension based on a two-dimensional matrix which has been defined in the option ‘Dimensions’. For this task you have to select a dimension in the ‘X axis’ and other dimension in the ‘Y axis’ and give values according to the levels established.
NOTE:: The Cartesian product cannot be generated according to the dimension whose calculation is quantitative.
Formula: The option allows you to define how it will be obtained the calculation of the dimension based on a mathematical formula. For this task, GlobalSUITE shows the following option:
Conditional Formula: This option allows you to determine a conditional calculation among different dimensions established in the methodology.
For setup this section you have to click on the button 'Configure' and you will accede to the following screen:
The configuration of the conditional formula is established by the operators. The operator 1 and 2 serve for determining the condition and it's necessary to fix that on the dropdown. These are the options that the table allows:
==: Equal to
!=: Different to
<: Lesser than
>: Greater than
<=: Lesser or equal than
>=: Greater or equal than
Once you established the condition formula, it's necessary to fix the results that you want to obtain. In case it complies the condition, the results corresponds with the operator 3, and in the contrary it will correspond with the operator 4.
The user can select among the different dimensions and calculation options for generating the formula on which it will be obtained the result of the dimension selected.
Note: It’s necessary to validate the formula clicking on the button ‘Validate Formula’ before you save.
Result: It enables to define the values of the calculation option selected in the previous point (Cartesian product or Formula).
Dimension Levels: It allows you to define the valuation levels of the dimension selected. As well as the other options, you could create or remove levels, and you also put them in ascending or descending order with the 'Move up' button and 'Move down'. To conclude, you could parameter the color for the levels you want to stand out. You have to select the level and click on the button ‘Change color’.
Note: If the levels are defined for a qualitative dimension, GlobalSUITE allows the following options: to define the calculation range of the selected level and the value on which you will calculate the dimension. If the levels are defined for a quantitative dimension, GlobalSUITE allows you to define the color on which you will stand out the numerical values of the assets inventory.
Type of Controls Assessment: It allows you to establish the control evaluation, you can select a Global Calculation or by Threats.
Select Maturity Control Dimension: It allows you to define according the dimensions (previously defined in the previous section) on which you want to obtain the maturity controls in the organization.