New risks are more meaningful if they are associated with threats, vulnerabilities, and controls. When your user role has Risk View and Risk Author permissions, you automatically obtain the access rights to update a risk so that threats and vulnerabilities can be associated, related controls can be added or removed, and fields in the Exposure tab can be updated.
To add threats or vulnerabilities to a risk:
In the RiskVision Application application, go to Content > Risks.
- Find the desired risk in the tree on the left, open it, and click Edit.
- To associate a threat with this risk, choose it from the Threat drop-down list. Likewise, to associate a vulnerability
with this risk, make a selection from the Vulnerability drop-down list.
Click Save.
To relate controls and subcontrols to the new risk:
- In the RiskVision Application application, go to Content > Risks.
- Find the desired risk in the tree on the left, open it, and click Edit.
- Under Related Controls and Subcontrols, click Add to bring up the Control Selection dialogue box. Find the desired control or subcontrol, select it, and click OK.
- In the Risk General Tab, click Save.