Creating an Asset
How to create items on the module
Introduction
Assets on their own do nothing in eramba, please remember that if you want to create assets is because you have already reviewed and understood the Risk or Data Protection modules courses. Only then you will have a full understanding of where Assets fit in the whole picture.
Business Units
You will need to provide one or more Business Units that will act as parent to the Asset. This is meant to give the Assets an owner from an organizational perspective.
Creating and Asset
To create an Asset using the web interface you can click on “Actions” and then "Add". CSV Imports can be used for importing multiple assets at once, please review the Import course to understand how that works.
A form will then appear. Most of the fields are pretty obvious, but some might not be straightforward, so we’ll cover them in more detail in this guide.
Asset Roles
Every Asset has three roles, “Owner”, “Guardian” and “User.” These must be assigned to an eramba user or group (System > Settings > User Management).
- GRC Contact: is the GRC person who has identified the asset as part of discussions with other departments in the company and has an interest in tracking the asset for GRC-related purposes (risk, data flows, etc).
- Asset Reviewer Contact: is typically the person who owns or relates to the asset, and is the person from which you would like to get feedback to review if the asset is still there or if something has changed.
Is very important you have a consistent approach to these roles because you will be using notifications and you want the right people to receive them. We also typically advise using groups (as opposed to users, as shown in the screenshot above). Groups contain more than one user which ensures more chances of getting feedback.
Asset Classifications
As explained in the previous sections, you can optionally define a classification for your assets under the "Settings" menu. Classifications are only used when doing Asset Risk Management and only if the "Magerit" calculation is used (not recommended).
Asset Type
When adding a new asset you will need to provide the type of asset you are creating. Types are important because:
- When assigning Assets to Risks, eramba will automatically suggest Threats and Vulnerabilities that are applicable to that asset type.
- Only Assets of type “Data” will be shown on the Data Flow Module
You can create additional Asset Types under “Settings”.
Playlist
- Episode 1Introduction to the Asset Module10 mins left
- Episode 2Typical Asset Questions4 mins left
- Episode 3Introduction to the Business Unit Module1 min left
- Episode 4Business Unit Module Tabs1 min left
- Episode 5Creating a Business Unit1 min left
- Episode 6Creating a Processes0 mins left
- Episode 7Introduction to Liabilities1 min left
- Episode 8Introduction to Third Parties1 min left
- Episode 9Asset Module Tabs1 min left
- Episode 10Creating an Asset2 mins left
- Episode 11Reviewing Assets7 mins left