Describe the security measures (or edit existing) defined in your organisation to support the systems in scope for this assessment.
Do this by creating Sections (Security areas) and underlying Measures (specific security controls) which will be filed for future usage and transferred to the end-report.
Create new sections (security areas)
To create a new Section click “+ section” and choose one of the existing ones from the drop down or add a new one by clicking the “+” button.
Write the name (Header) of the security areas e.g. “Access Control“.
You can further describe the section by adding something in the description field, e.g.
“The way the granting of access is handled is described in a policy document. The policy is part of our IT security policy.”
Create new measure
Add a new measure under the created Section by clicking on the “+Add measures button”. Choose from the existing drop down or create a new security measure by clicking on the “+” button. – Here write the name of the security measure e.g. “Periodical re-certification of access rights” and further describe the. measure in the description field e.g.: ” Periodically, i.e. once a year, we review the internal systems of the company including user profiles and access levels to ensure that the procedure related to the termination of employment is followed and that the customers’ data cannot be accessed by former employees of XX A/S.”
Edit existing Sections and Measures
You may have existing text to edit or build upon. Either you have existing text from previous assessments to review – or you may have existing text that represents examples or standard text that you can base your own descriptions of.
Click on the pencil button to edit existing Section or measure titles or their descriptions.
Drag and drop
You can drag and drop the created sections and measures to change the order as you prefer.