After identifying and measuring the controls, the Controls Effectiveness for groups and participants can be viewed on the Combined Effectiveness pages.
Depending on the control application, the %effectiveness can be viewed by:
- Controls for Threats/Sources - (this page)
- Controls for Event Vulnerabilities (by Event)
- Controls for Event Vulnerabilities (by Control)
- Controls for Event Consequences (by Event)
- Controls for Event Consequences (by Control)
The Combined Effectiveness for the Controls for Sources of the "All Participants" group is displayed below.
The "All Participants" group is the average of the %effectiveness of all the participants who made the evaluation.
Note: You can also manually add or edit the %effectivess for the "All Participants" group, which will override the calculated average, if any.
The Controls for Threats/Sources are listed as rows under the "Control Name" column, and the succeeding column headings to the right are the threats/sources. The intersecting cell of the controls (row) and the sources (column) displays the %Effectiveness of the selected group or participant.
You can view the %Effectiveness for another group or individual participant by selecting from the pull-down menu:
Note: The %Effectiveness is only available for the controls that are previously identified and measured (evaluated) for the Sources. The control identification is done from the Controls > Identify > Controls for Threats/Sources page. Those un-assigned controls to a given Source have disabled or greyed cells.
From our example, the control "Monthly Performance Review" is a potential control for "Disregarding Not Following Proper Policies...", thus the %effectinesss is displayed: