This help file is intended to give you some basic hints as to how to use the interface. If you are completely unfamiliar with the program, you may want to watch the video demo first. Read Getting Started to learn more about using the toolkit for Risk Assessment.
The screen is divided into two main sections, a structural tree view on the left hand side, and a reporting / data entry view on the right.
The divider between these two sections can be dragged with the mouse to allocate a greater proportion of the screen to either one of these areas.
In the structural tree view on the left, you will create, organize, and find things. Items on this side with a + or - in a box next to them can be expanded for greater depth or collapsed to hide detail. Right clicking on any item on the left will display a context menu which will allow you to create additional items, delete items, or rename them.
You can also drag and drop items on the left hand tree view to re-organize them or associate them. For example, you can drag an Activity to associate it with a different part of the organization, or a different location. You can also drag a Threat to move it with a different Threat Category, or to associate it with a Location, Activity or Resource it threatens.
On the right hand side you can view reports and enter additional information about the item that is selected in the left hand tree view.
Treat the right hand side as you would a web page: links on the page allow you to add or edit data, or will navigate to a different item.
If some text is shown in red, then it indicates that either some necessary information is missing or that there is an inconsistency in the information provided.
Selected data may have an Copy to Clipboard button below it. This allows you to copy the table to the Windows Clipboard for insertion in other documents.
On the very right of the screen are a series of buttons which allow you to print or print preview the page currently being displayed, or to access the Getting Started guide, the Help Index, or help on the currently displayed page. As this help information is constantly being updated and improved, this information is kept online and you will need an Internet connection to access the help files. The help information will be displayed in your default web browser.
After reading this, you may wish to read Getting Started if you haven't done so already.
Once an organization has identified a risk, it needs to decide what (if anything) it is going to do about it. This is called its Risk Strategy. The extent to which an organization is prepared to accept a risk is its Risk Tolerance.
The common options are as follows:
In the Risk Assessment Toolkit, the risk strategy is recorded with each Threat to [Item], and displayed in the Risk Register. Management should check the risk strategies identified in the Risk Register to ensure that they match the organization's Risk Tolerance.