After identifying and measuring all the potential controls, you can now select which of these controls will be in effect either:
- manually, or
- by optimization
On this page, the controls are being selected manually.
Here you see a grid listing all the potential controls and their details such as the "Control for", Cost, Disabled, Application, Attributes. etc.
You can manually select a control to be in effect by checking the "Selected" checkbox of the control:
Selected controls have green background color as shown above.
Here we will discuss some of the details of the controls in the grid:
- Control for -- this is a control type which can be:
- "Likelihood Of Sources" - control to reduce the likelihood of the sources
- "Likelihood of Events" - control to reduce the Vulnerabilities of Events to Sources
- "Consequences" of Events to Objectives" - control to reduce the Consequences of Events to Objectives"
- Disabled - you can temporarily disable a control to not include them on the selection either manually or by optimizing.
- Cost - the costs of the control
- Applications - display the number of applications of the control. Clicking the number will open a model listing the applications, measurement type to evaluate, and the effectiveness of the control. You can click on the effectiveness (X.XXXX which will redirect you to the evaluation page of the specified control.
- Must - the control must be selected on the optimization. This setting is ignored when manually selecting a control.
- Must Not - the control must not be selected on the optimization. This setting is ignored when manually selecting a control.
- Categories and Control Attributes - additional information that is created on the Identify Controls page.
Additional information is also displayed at the top of the grid. The data are changing automatically whenever the selection of the controls is changed, as applicable
- Total Risk - the sum of all the risks without controls Σ(Likelihood*Impact)
- Risk With Selected Controls - Total risk when the selected controls are applied (delta = Total Risk - Risk with selected controls)
- Risk With All Controls - Total risk if All the Controls are applied, excluding the disabled control(s)
- Selected controls - Total number of the currently selected controls
- Cost Of Selected Controls - Sum of costs of the currently selected controls (Sum Costs of the unfunded controls)
- Total Cost of All Controls -- Total cost of all the controls, excluding the disabled control(s)