Identify Controls

Overview

Controls can be a combination of people, processes, and tools that are put in place to prevent, detect, or correct issues caused by unwanted events. Controls can also be referred to as Treatments, or as specified from the Workgroup Wording.

In Riskion, all controls that are identified are referred to as Potential Controls.

Controls to be in effect can either be selected manually or by optimization.

A Potential Control can be applied to one or more applications below:

Likelihood Of Sources
Vulnerabilities of Events From Sources
Consequences of Events To Objectives

You can view and identify the potential controls on the CONTROLS > Identify > All Controls > Details page. You can also manage controls from the "Bow-Time Diagram with Controls" page.

Note: There are also separate pages where you can identify (and assign) controls specific to their applications. You can be redirected to these specific pages when clicking the "No application" or the number (of applications) link under the "Applications" column.

Add Controls

Click the 'Add a control...' button.

Here you can specify the Control Name, Cost, and categories.

The Control name is required, once you enter the control name the OK button will be enabled.

Control Applications

The created control will be displayed as a new row on the Controls grid as shown below:

Clicking "No applications" will open a dialog:

Depending on the control application, click the "Apply this control to.... " link, this will redirect you to one of the following pages:

From our example, clicking the "Apply this control to sources" redirects us to the "Controls for Sources" page where we can select the Sources the control can be applied to.

After selecting the Sources where the control can be applied as demonstrated above: (1) Disregarding or Not Following Proper Policies, Processes, or Procedures (2) Engineers Failure to Properly Install Equipment, the number of control applications changed to 2.

Clicking "2" will open the same dialog box, now listing the control application details:

After identifying all the potential controls, controls are to be evaluated to measure their effectiveness. And measuring, controls to be in effect are to be selected either manually or using optimization.

You can click the Effectiveness (0.0000) which will redirect you to the controls evaluation page to evaluate the effectiveness of the control given the source. From above, the effectiveness is 0 since the controls are just added and not yet evaluated.

You can still add more applications by clicking the "Apply this control..." links.

You can define if control is a Must or Must Not. This setting is used on Controls Optimization.

Must - the control must be selected or funded
Must not - the control must not be selected or funded

Controls can also be enabled/disabled by checking/unchecking the checkbox on the "Disabled" column.

You can change the Cost from the Costs column.

You can change the "Cost" for multiple rows at once by selecting the controls using the checkboxes at the left of their names, and then changing the setting from one of the selected rows.

Edit Controls

You can edit the controls by clicking the hamburger icon under the Action column:

Edit ControlName - open a dialog where you can edit the name, cost, categories of the control
Edit control description - open the rich text editor where you can edit the control description. If a control has a description, you will see a magnifying glass icon under the actions column.
Delete control