Assets for Risk Assessment Product Application

User Guide: Assets for Risk Assessment Product Application

Welcome to the Assets of our Risk Assessment application! This feature allows users to create, edit and delete the Assets. This guide will walk you through the functionality and capabilities of the Assets in detail.

1. Overview of Assets in Risk Assessment Product:

In a risk assessment product, Assets refer to anything of value that an organization aims to protect from threats and vulnerabilities. These can be physical, digital, human, or informational. The Asset module is a core part of the system, as it forms the foundation for identifying, assessing, and managing risks.

1. What are Assets in risk register sub module in risk assessment product?

In the Risk Register sub-module of a risk assessment product, Assets refer to the specific business or technical items that are exposed to risks. These are the elements you're trying to protect — and they are directly associated with identified risks, threats, and vulnerabilities.

1. Threats Questionnaires:
2. How to open Assets sub module in risk register module?

• The Assets sub-module within the Risk Register lets you view and manage the assets that are associated with specific risks. Accessing this section is typically straightforward in most risk assessment products.
• Step-by-Step Navigation:
• Log in to the Risk Assessment application using valid credentials.
• From the Main Menu, go to the Risk Register module.
• Locate and select a specific risk from the list to view its details.
• Inside the Risk Register module page, navigate to the Assets tab or section.

1. How to create New Assets in Risk Register sub module in Risk Assessment Product?

• Creating new Assets in the Risk Register sub-module allows you to link valuable items (systems, data, infrastructure, etc.) to specific risks so you can assess their exposure and manage them effectively.
• Step-by-Step Guide to Create a New Assets:
• Navigate to the Main Menu and select the Risk Register module.
• Click on Threats sub module link.
• Click on + icon.
• Fill in the required fields in the vulnerability creation form:
• Asset Name: The Asset Name field is a mandatory identifier used to specify the unique name or label of the asset being added or linked to a risk in the Risk Register. It helps clearly define what is at risk and serves as a reference point throughout the risk management process.
• Asset Category: The Asset Category field is used to classify the type of asset you are adding to the Risk Register. It helps group similar assets together and is essential for risk classification, reporting, filtering, and prioritization in a risk assessment product.
• Criticality: The Criticality field in the Add Asset form of a Risk Register module represents the business importance or impact level of the asset. It helps determine how vital the asset is to your organization’s operations, security, or compliance — and influences how risks related to that asset should be prioritized.
• Status Type: In the Assets section of the Risk Assessment product, the Status Type (Active/Inactive) is used to indicate the operational state of a vulnerability record—whether it is currently relevant and in use, or not.
• Asset Replacement Cost: The Asset Replacement Cost field represents the estimated monetary value required to replace or recover the asset if it is lost, damaged, destroyed, or becomes inoperable due to a risk event (e.g., cyber attack, system failure, natural disaster).
• Annual Cost: The Annual Cost field represents the yearly expense associated with owning, maintaining, or supporting the asset. This includes all operational costs related to keeping the asset functional and secure over a year.
• Cost per Hour Of unavailability: The “Cost per Hour of Unavailability” field captures the estimated financial loss an organization incurs for every hour the asset is unavailable due to an incident, failure, or security breach. This field is crucial for assessing the business impact of downtime and supporting quantitative risk analysis.
• Confidential Cost: The “Confidential Cost” field refers to the estimated financial impact or loss that an organization would face if confidential data or information related to an asset is exposed, leaked, or stolen. This field is used to assess the sensitivity of data and its associated risk cost in terms of confidentiality breaches.
• Potential Cost: The “Potential Cost” field represents the total estimated financial loss your organization could incur if a specific risk materializes. It provides a quantified view of risk impact and helps decision-makers prioritize mitigation based on the possible worst-case scenario.
• % of Mission Dependent on This Asset: The “% of Mission Dependent on This Asset” field indicates the proportion of a business mission, function, or process that relies on a specific asset. It reflects how critical the asset is to achieving key objectives, helping organizations prioritize asset-related risks based on business impact.

1. How to Add Assets using Bulk upload in risk assessment product?

• Bulk uploading assets is a fast and efficient way to import multiple asset records into the Risk Register without entering them manually one by one. Most risk assessment platforms provide a template-based upload process using formats like Excel or CSV.
• Steps for Bulk Upload of Threats:
• Step 1: Prepare the Bulk Upload File
• Usually, the system requires a CSV, Excel, or similar format.
• The file should contain columns matching the fields in the Asset module, such as:
• Asset Name
• Asset Category
• Criticality
• Status Type
• Description
• Asset Replacement cost
• Annual Cost
• Cost Per Hour of Unavailability
• Confidential Cost
• Potential Cost
• % of Mission Dependent on This Asset
• Step 2: Access the Bulk Upload Feature
• Log into the risk assessment product.
• Navigate to the Risk Register Module.
• Open the Assets sub-module or management page.
• Look for an option like:
• “Bulk Upload”
• “Import Threats”
• “Upload CSV/Excel”
• Step 3: Upload the File
• Click Upload or Import.
• Select the prepared file.
• The system may provide a mapping interface where you match your file columns to the system fields.
• Confirm the mappings.
• Step 4: Validate and Confirm
• The system may run a validation to check for:
• Missing required fields
• Invalid values (e.g., unrecognized Likelihood ratings)
• Duplicate entries
• Fix any errors flagged.
• Step 5: Complete the Upload
• Submit the file for import.
• The system will add the threats in bulk to the Risk Register.
• Step 6: Review and Verify
• After upload, verify the imported Assets in the Asset list.
• Check if any data requires manual adjustment.

1. How to edit Assets in risk register in risk assessment product?

• Editing Assets in the Risk Register module allows you to update details like the threat name, category, likelihood, impact, or threat rating. This is important for maintaining accurate and current risk data as the threat landscape evolves.
• Step-by-Step Guide to Edit a Threats:
• Open the Asset screen.
• Go to the Action column.
• Click the Edit icon to update the vulnerability details in the following fields:
• Asset Name
• Asset Category
• Criticality
• Status Type
• Description Text
• Asset Replacement cost
• Annual Cost
• Cost Per Hour of Unavailability
• Confidential Cost
• Potential Cost
• % of Mission Dependent on This Asset
• Click the ‘Save’ button.
• After editing, the updated Assets should be reflected in vulnerability home page.

1. How to delete the Asset in risk register in risk assessment product?

• Deleting an asset from the Risk Register is typically restricted to users with the right permissions and is done with caution, since it can affect linked risks, threats, and assessments.
• Step-by-Step Guide to Delete a Vulnerability:
• Open the Asset screen.
• Go to the Action column.
• Click on the Delete icon.
• a confirmation message should be displayed.
• Check whether when user click on “Yes” button selected Threats should be deleted. And when user click on “No” button it should be on the same page.

1. Can we Search records on the Asset screen?

• Yes, in most risk assessment products, the Asset screen within the Risk Register module includes search and filtering features that allow users to easily find and manage asset records.
• You can search by keywords related to:
• Asset Name
• Asset Category
• Description Text
• Criticality
• Status Type
• As you type, the system dynamically filters and displays matching results.
• Steps to Use the Search Function:
• Go to the Asset section under the Risk Register.
• Locate the Search field above the list/table.
• Enter a keyword (e.g., "Firewall", "High", "John Doe").
• The list wills auto-update based on your input.
• If no matching records are found, a message like "No records found" will appear.

1. How to download excel export in Asset?

• Most risk assessment platforms allow you to export asset data to Excel for reporting, analysis, or backup. This feature is typically found on the Asset screen within the Risk Register module.
• Step-by-Step Guide to Download Excel Export:
• Go to the Main Menu → Select Risk Register.
• Click on the specific risk record if vulnerabilities are scoped per risk. Or access the Asset screen directly if available as a main tab.
• Look for a button labeled “Export”, “Download Excel”, or a download icon in the top-right corner of the vulnerabilities table.
• This button may sometimes be named “Excel Export”.
• Clicking the button will generate and download an Excel file (.xlsx) containing the vulnerability data.

1. Can we hide/seek Threat screen columns?

• Yes — most modern risk assessment products allow you to customize the visibility of columns on the Asset screen in the Risk Register module. This helps users focus on relevant data and streamline their view based on their role or use case.
• Step By Step guide to Hide/Show Columns:
• Click on "View/Hide Columns" or "Column Settings"
• Look for an option such as:
• "Click here to view/hide details"
• Column settings icon (⚙️) or a dropdown menu above the vulnerability table.
• Select/Deselect Columns:
• A popup or panel will appear listing all available columns.
• Uncheck the boxes next to the columns you want to hide.
• Check the boxes for the columns you want to display.
• Apply Changes:
• The table will update immediately based on your selection.
• Some systems may have a “Save” or “Apply” button.

1. What are events in Asset settings module?

• In the Asset Settings module of a risk assessment product, "Events" typically refer to predefined or configurable scenarios that can impact assets — such as failures, incidents, or conditions that trigger risk assessments or controls. The Events section should include the following features:
• Search Field:
• When the user enters text in the Events search field, matching records should be displayed on the page.
• If no matching data is found, the message "No records found" should be displayed.
• Excel Export:
• When the user clicks on the Excel Export link, an Excel sheet containing the General Settings events should be downloaded successfully.

III. Click Here to View/Hide Details

• When the user clicks on the View/Hide Columns icon, a popup should appear showing a list of columns.
• If the user unchecks any column, that column should be hidden from the page.
• Checked columns should remain visible on the page.

IV. View Details

• When an admin user clicks on the View Details icon, an Audit Details popup should be displayed on the page.