Hi,
Will you consider factoring in the assets liabilities for the Magerit calculation pls?
Thanks,
David
at the moment there is no plan to change risk module, we might include later in the year custom calculations but not for the time being.
We need to allow “Classifications” as an optional (by default disabled) setting for inputs to all risk types, that is:
- Assets (already there)
- Liabilities
- Third Parties (missing)
- Business Units (missing)
- Processes (missing)
The risk module has also some type of classification defined by the user (in this case is mandatory).
On each risk module, the user will have a “Custom Calculation” setting under Settings / Calculation Method:
The idea is that the user can provide a custom arithmetic calculation formula that includes, as variables, all available classifications for that module (the third party module does not relate to the business module and therefore those classifications should not be shown).
-
Example: multiply impact and likelihood
-
Formula: asset-risk.impact*asset-risk.likelihood
-
Example: highest availability classification value of assets linked to the risk (this could be always one or more value) multiplied the multiplication of impact and likelihood.
-
Formula : highest(asset.availability)(asset-risk.impactasset-risk.likelihood)
-
Example: for each of the highest CIA values of all asset input, multiply them for whatever impact the users wishes to select. that value then multiply it for one likelihood.
-
Formula: imposible to do it with a formula alone, you need changes on the form.
I explored the idea of a UI to do this, but is very complicated because:
- there could be arithmetic operators but also functions such as uniq, sum, highest, avg, etc) so i think this will be custom coded for each customer.
- the UI on the risk form might require dynamic forms, for example for each “asset classification” set a risk classification “impact”. dynamically adjusting the edit risk form is insanely complicated with UI.
What is doable is:
- Keep offering more hard-coded risk classification options
1 Like
Are there already plans to implement this or parts of this? I would really like to see some more advanced risk calculation options. Particularly the second and third example are close to what we are currently using outside of Eramba in risk management. We would like to migrate our risk management process to Eramba but are hesitant because of the much simpler risk calculation. We do see the value in simple risk calculation but it just doesn’t work for us and nudging the current approach slightly even just by adding 2 custom fields that act as multipliers for a) the risk analysis calculation and b) the risk treatment calculation would help immensely.
there are of course technical challenges, but those can always be fixed. the problem lies in the market, we get very few requests of this, meaning that we would need to charge a large (relative to the cost enteprise pays today) premium for this. we are very doubtful people would pay, for example, twice what they pay today for this. perhaps you could share how much your organisation would be willing to add on the bill for this ! contact support@eramba.org if you prefer to keep this confidential.