Items, Risks and Controls Survey Model
General Survey Configuration
Name: It allows you to identify the survey name. This name will be displayed in the initial list of surveys.
Type: It allows you to view the typology of the survey.
Department: It makes it possible to identify the department responsible for managing the survey.
Creation Date: It identifies the creation date of the survey.
Survey state: This table allows you to define a set of states for the survey. These states may be assigned to employees when the survey is set up, so that they will be responsible for the survey depending on the state in which they are located. For each state it is allowed to define:
The name of the status.
Whether it is the Automatic state or not, so that if a state is automatic, the surveys will move to the next state once they are completed without the intervention of any user. If the status is not automatic, it will be necessary to change the status of a survey manually.
The order of the states through the "Move up" and "Move down" buttons.
If the state allows it to return to the previous state. By checking ‘Yes’, the person responsible for completing the survey can return it to the previous state.
Consolidate the last status: Enables the possibility of directly consolidating the survey data in the final analysis. That button will be available only in the last state of the flow.
Enabled: It allows you to indicate the survey is enabled for its use in GlobalSUITE.
Update automatic dimensions directly: If this field is activated, in surveys the automatic dimensions of the methodology will be calculated every time a manual dimension is modified. In case it is unchecked, a button will appear that will allow updating them when pressed.
It is possible to translate the fields of the survey model into the rest of the available languages, through the "Translate" button on the upper right. This button will allow us to select another language, and to be able to define the name of the configurable fields in that language. Currently, the survey states.
Survey Type
Items Survey: Selecting this option allows you to create new items for the Inventory, as well as perform the assessment of both the new items and the items already existing in the Inventory.
Risks Survey: Selecting this option it allows a survey based on the risks of the items defined in the Inventory.
Controls Survey: Selecting this option it allows you to create new controls for the global list of controls, as well as performing the assessment of both the new controls and the controls already in the global list.
Survey of Items/Risks: Selecting this option it allows you to create new items for the Inventory as well as creating new risks associated with the items added in the survey. Additionally, both the items and the risks existing in the survey can be assessed according to the methodology configured for each case.
Survey of Item-Controls (Methodology by Item): Selecting this option it allows you to create new items for the Inventory as well as creating new controls associated with the items added in the survey. Additionally, both the items and the controls existing in the survey can be assessed according to the methodology configured for each case.
Survey of Item-Controls (Global Methodology and By Risk): Selecting this option it allows you to create new items for the Inventory as well as creating new controls for the global list of controls and listing by risk. Additionally, both the items and the controls existing in the survey can be assessed according to the methodology configured for each case.
Survey of Risks-Controls: Selecting this option it allows you to create new risks for each items as well as creating new controls associated with the risks added in the survey. Additionally, both the risks and the existing controls in the survey can be assessed according to the methodology configured for each case.
Survey of Items-Risks-Controls: Selecting this option it allows you create new items for the Inventory, creating new risks for each items as well as creating new controls associated with the risks added in the survey. Additionally, the items, risks and controls existing in the survey can be assessed according to the methodology configured for each case.
If the survey model includes controls, an additional configuration section will appear where you can define the following:
Include Implanted Controls: Indicates whether the controls already implemented will be incorporated into the surveys.
Include Treatment Plans: When selecting this field, controls in the process of implementation or improvement will be included in the surveys.
Include Actions: Allows you to indicate if you want to include Actions to define a Treatment Plan for the survey controls.
Include Evidence: If you select this field, you will be able to attach files and reviews for each survey control.
If the selected survey model allows assessing risks, you can configure in the "Taxonomy" section if you want to include the Risk Type, either in read mode, or allowing to define them.
Items Survey
The information provided by the tool are the dimensions on the basis of which the survey and assessment of the items will be carried out, dimensions that have been configured in the section 'Administration/Analysis Methodologies/General Configuration'.
The table displays the following information:
Dimension: It identifies the dimension name that will be inserted in the survey.
Type: Report the type of the dimension, if its assessment is qualitative or quantitative.
Calculation: It offers the calculation information of the dimension, if it is calculated manually or automatically.
Visible: It allows you to define if the dimension will be included in the survey or not, by clicking on the cell.
Editable: It indicates whether the dimension can be modified in the survey, or will only be visible in query mode. This field can be set to "Yes" in the manual dimensions.
Mandatory: It allows you to mark a dimension as mandatory. This implies that this dimension must be valued for all the items, before saving or passing the survey state. This field can be set to "Yes" in the manual dimensions.
Question: It offers the possibility of setting the necessary question for the assessment of the dimension.
Update dimensions: It allows to update the list of dimensions on which to perform the assessment of the assets, in the case that the section of 'Administration/Methodologies Analysis/General Configuration' has been modified after the creation of the survey model
Move up: It offers the possibility of positioning a dimension, moving up it to the required position.
Move down: It offers the possibility of positioning a dimension, moving down it to the required position.
NOTE: This option is only displayed if the 'Item Survey' checkbox of the previous section has been selected.
Risk Survey
The information provided by the tool are the dimensions on the basis of which the survey will be conducted and the risk assessment of the items, dimensions that have been configured in the section 'Administration/Analysis Methodologies/Analysis Methodologies'
The table displays the following information:
Dimension: It identifies the dimension name that will be inserted in the survey.
Type: Report the type of the dimension, if its assessment is qualitative or quantitative.
Calculation: It offers the calculation information of the dimension, if it is calculated manually or automatically.
Visible: It allows you to define if the dimension will be included in the survey or not, by clicking on the cell.
Editable: It indicates whether the dimension can be modified in the survey, or will only be visible in query mode. This field can be set to "Yes" in the manual dimensions.
Mandatory: It allows you to mark a dimension as mandatory. This implies that this dimension must be valued for all the items, before saving or passing the survey state. This field can be set to "Yes" in the manual dimensions.
Question: It offers the possibility of setting the necessary question for the assessment of the dimension.
The actions that the tool allows to perform are the following:
Methodology: It offers the possibility of selecting the analysis methodology on which you want to carry out the survey. Depending on the selection, the following options will display the specific dimensions of the selected methodology.
Update Dimensions: It allows to update the list of dimensions on which to perform the risk assessment of the assets, in the case that the section of 'Administration/Methodologies Analysis/General Configuration' has been modified after the creation of the survey model
Move up: It offers the possibility of positioning a dimension, moving up it to the required position.
Move down: It offers the possibility of positioning a dimension, moving down it to the required position.
NOTE: This option is only displayed if the 'Risk Survey' checkbox of the previous section has been selected.
Controls survey
The control surveys will allow you to assess the controls in a different way depending on the type of survey that has been selected, and it will also show that they can be configured in two ways, depending on whether a global identification and assessment of the controls is required, or whether the Identified controls must be associated with the risks analyzed, or finally the controls will be directly associated with the assets.
To carry out an identification and assessment of general controls, the survey has to be configured with the "Controls Survey" type or with the type "Survey of Items-Controls (Global and Threat Methodology)". In this way, the configured survey serves to identify and/or assess controls in a general way, without associating these with organizational risks (the association of controls and risks can be carried out later). The only difference between both types of survey is that the second one allows you to identify and assess also items of the Inventory. For the surveys of type "Controls Surveys" it will be possible to select any control methodology, while for the "Survey of Items-Controls (Global Methodology and by Threat)" type you can only select control methodologies "Global" or "By Threat" To perform an identification and assessment of controls associated with risks, the survey has to be selected with one of the following types: "Survey of Risk-Controls" or "Survey of Items-Risks-Controls". In this way, risks are identified and/or assessed in the same survey, as well as the controls for each risk are identified and/or assessed. For surveys of these types you can only select analysis methodologies that have a "By threat" control methodology associated with them. To perform an identification and assessment of controls associated with assets, the survey has to be selected as type "Survey of Items-Controls (Asset Methodology)". This allows an association of controls to the items, and the identification and assessment of controls for each item. For surveys of this type you can only select "By Item" control methodologies.
The information provided by the tool are the dimensions on the basis of which the survey and assessment of the controls will be carried out, dimensions that have been configured in the section 'Administration/Analysis Methodologies/Controls Methodologies'.
The table displays the following information:
Dimension: It identifies the dimension name that will be inserted in the survey.
Type: Report the type of the dimension, if its assessment is qualitative or quantitative.
Calculation: It offers the calculation information of the dimension, if it is calculated manually or automatically.
Visible: It allows you to define if the dimension will be included in the survey or not, by clicking on the cell.
Editable: It indicates whether the dimension can be modified in the survey, or will only be visible in query mode. This field can be set to "Yes" in the manual dimensions.
Mandatory: It allows you to mark a dimension as mandatory. This implies that this dimension must be valued for all the items, before saving or passing the survey state. This field can be set to "Yes" in the manual dimensions.
Question: It offers the possibility of setting the necessary question for the assessment of the dimension.
The actions that the tool allows to perform are the following:
Metodology: It offers the possibility of selecting the controls methodology on which you want to carry out the survey. Depending on the selection, the following options will display the specific dimensions of the selected methodology.
Update Dimensions: It allows to update the list of dimensions on which to perform the risk assessment of the assets, in the case that the section of 'Administration/Analysis Methodologies/Controls Methodologies' has been modified after the creation of the survey model
Move up: It offers the possibility of positioning a dimension, moving up it to the required position.
Move down: It offers the possibility of positioning a dimension, moving down it to the required position.
NOTE: This option is only displayed if the 'Controls Survey' checkbox of the previous section has been selected.