On this page, you can define the measurement method to use when evaluating the Controls for Threats/Sources.
The Controls for Threats/Sources are listed as rows under the "Control Name" column, and the succeeding column headings to the right are the threats/sources. You can assign controls for covering and non-covering sources. The intersecting cell of the controls (row) and the sources (column) is where you can define the measurement method.
Note: You can only assign measurement methods for controls that are previously identified for the Sources. The control identification is done from the Controls > Identify > Controls for Threats/Sources page. Those un-assigned controls to a given Source have disabled or greyed cells.
From our example, the control "Monthly Performance Review" is a potential control for "Disregarding Not Following Proper Policies...", thus the measurement method selection is available:
You can select from four possible methods:
All the measurement methods except Direct have a measuring default scale which is already defined by Riskion.
