This module represents the heart of Risk In Deep because it must allow an adequate representation of the business context on which to apply the principles of Risk Management and the compliance objectives required by the various regulations and safety standards.
The module allows to represent the Corporate Entities that must be protected: the various assets (People, processes, applications, Data and premises...) are considered.
It is possible to create new types of corporate entities in order to faithfully represent the business context on which the tool will be able to apply the methodologies of risk assessment and identification of security controls suitable for containing these risks.
Entity Attributes
Each Entity is characterised by a series of attributes that can perform a descriptive function (text, lists) or can participate in the calculation of risks (numeric attributes). The attributes can be customised independently for both the descriptive function and the risk calculation.
Entity Chain
Entities can be related to each other in order to represent their mutual dependence. For example, within a process carried out by the Human Resources organisational unit, the elements that make the process "Recruitment Management" such a process must be represented. In this way it is possible to represent the link between the data, the tools used for their processing, any archives where they are stored and the location where the process/process is carried out.
