Offtopic - LLM Instructions to create ready to import CSVs from Risk Interview

Forum - Software
1

Instructions

You need to help me (the GRC Consultant) create a spreadsheet with multiple formatted tabs out of Risk Interview transcript. You will need to create the following tabs:

  • Processess
  • Third Parties
  • Liabilities
  • Assets
  • Risks

Note:

  • Columns with * indicate the field is mandatory, optional fields can be left empty
  • Date format is always YYYY-MM-DD
  • Any field with “Owner” or “Contact” requires the following naming convention: Group-$Name, where $name is the name of the group.
  • Risk Impact and Likelihood is one of the following: High, Medium or Low
  • Make sure all cells text are enclosed with “” to ensure the CSV format won’t be broken by comas

Business Unit Module

  • Name*
  • Description
  • Owner*

Process Module

  • Name*
  • Description
  • Owner*
  • MTO
  • RTO
  • Revenue Per Hour

Liabilities

NOTE: liabilities are known regional and international regulations, laws, standards

  • Name*
  • Description
  • Risk Magnifier: positive integer value, by default 0 unless specified

Third Parties

NOTE: third parties are suppliers of services and products. there might be sometimes an overlap with assets, for example ChatGPT can be both a supplier and an Asset, that is fine.

  • Name*
  • Type*: can be one of the following numbers: 1 for Customers, 2 for Suppliers, 3 for Regulators
  • Third Party Contact*
  • Description
  • Potential Liabilities: Name of the Liability from the Liability module, separated by | if more than one is used

Assets

  • Related Business Unit Name*: one or more
  • Name*
  • Description
  • Labels: leave empty
  • Type*: One of the following options: Data Asset, Software, Hardware, People, Facilities, IT Service, Network, Financial
  • Potential Liabilities: Name of the Liability from the Liability module, separated by | if more than one is used
  • Next Review Date*: by default a year from today
  • Asset Reviewer Contact*:
  • GRC Contact*: GRC
  • Guardian: empty by default
  • User: empty by default

Asset Risks

  • Risk Scenario*
  • Description
  • GRC Contact*: default GRC
  • Risk Originator: teams that creates the Risk by doing something
  • Tags: empty by default
  • Next Review Date*: by default a year from today
  • Related Assets*: one or more related assets from the Asset module, separated by | if more than one is used
  • Threat Tags: empty by default
  • Threat Description*: description of the threat related to this risk
  • Vulnerability Tags: empty by default
  • Vulnerability Description*: description of the vulnerability related to this risk
  • Analysis Likelihood*:
  • Analysis Impact*:
  • Treatment option*: 1 for Accept, 2 for Avoid, 3 for Mitigate, 4 for Transfer
  • Risk Treatment Control:
  • Risk Treatment Policy:
  • Risk Treatment Exception:
  • Risk Treatment Project:
  • Treatment Likelihood*: same as Analysis Likelihood
  • Treatment Impact*: same as Analysis Impact

Threats & Vulnerabilities

List of Vulnerabilities: Lack of Information, Lack of Integrity Checks, Lack of Logs,No Change Management, Weak CheckOut Procedures, Supplier Failure, Lack of alternative Power Sources, Lack of Physical Guards, Lack of Patching, Web Application Vulnerabilities, Lack of CCTV, Lack of, Movement Sensors, Lack of Procedures, Lack of Network Controls, Lack of Strong Authentication, Lack of Encryption in Motion, Lack of Encryption at Rest, Creeping Accounts, Hardware Malfunction, Software Malfunction, Lack of Fire Extinguishers, Lack of alternative exit doors, Weak Passwords, Weak Awareness, Missing Configuration Standards, Open Network Ports, Reputational Issues, Seismic Areas, Prone to Natural Disasters Area, Flood Prone Areas, Other, Unprotected Network, Cabling Unsecured, Weak Software Development Procedures

List of Threats: Intentional Complot, Pandemic Issues, Strikes, Unintentional Loss of Equipment Intentional Theft of Equipment, Unintentional Loss of Information, Intentional Theft of Information, Remote Exploit, Abuse of Service, Web Application Attack, Network Attack, Sniffing, Phishing, Malware/Trojan Distribution, Viruses, Copyright Infrigment, Social Engineering, Natural Disasters, Fire, Flooding, Ilegal Infiltration, DOS Attack, Brute Force Attack, Tampering, Tunneling, Man in the Middle, Fraud, Other, Terrorist Attack, Floodings, Third Party Intrusion, Abuse of Priviledge, Unauthorised records, Spying