Question - Related vs Parent/Child Assets

There seems to be some inconsistency in the way asset relationships are defined across different screens. For example:

On the Asset Identification screen they are defined as “Related Assets”

But on the Asset Risk Management screen they’re defined as “Parent Assets”

The difference between “related” and “parent” is significant. Is this by design and I’m simply not understanding how these relationships vary depending on the context? Being somewhat new to GRC this is confusing. I would prefer they be defined consistently across all screens/contexts.

I don’t know the answer here, but from my limited testing it seems like inheritance of properties seem to (only) go one level. I might be mistaken, but that would mean that the things you say is related should actually contain the Legal Constraints (or other stuff) it makes sense to inherit - and not two layers down.

In my view tracking constraints of child items might not be that relevant - otherwise it would be better to assess the risk on that item instead. So if I have a IT system (ie. Eramba) deployed on a Platform (ie. AWS), I would like to inherit the AWS constraints. When assessing AWS, I wouldn’t normally have a scope that includes what is deployed on that platform (maybe that’s just me…).

Would love to have an discussion on this :smile:

no, is just a different name (typo) - there will be inheritance once we complete the new temlpate, perhaps is worth checking this post:

We basically follow that same path…we many times were asked that a risk that applies the top asset affects or includes in the risk all child but although we might include that it will be an optional flag while creating the risk. The asset module child/parent is going to be oriented to the vulnerabilities features we want to include on the system.