Entities represent the fundamental units within the system upon which risk assessments are conducted. By selecting entities, users can define the scope that will constitute a risk assessment project.
An entity refers to any object that is part of the information system. The main groups of entities include:
Locations
Hardware
Software (Applications)
Information/Data
People
Processes
Services
Third Parties
Servers
Personal Data Processing
Projects
Entities can be viewed, sorted, and searched from the entity list screen, accessible via the Entities page in the navigation.
By clicking Add Entity, a form opens for adding a new entity. Users can input the entity name, type, notes, source of information, whether a risk assessment is required for the entity (Yes/No), CIA parameter values (Confidentiality, Integrity, Availability), and assign an owner/custodian and administrator for the entity. The entry date is automatically set to the current date.
Entities can be deleted by selecting the item in the list and clicking the Delete button.
It is important to note that the owner/custodian of an entity can be entered as a user name of a person or an organizational role. This is particularly relevant if the application is used in a multi-user environment (see the chapter on Multi-user Functionality).
For each entity, it is possible to view the assessed risks, projects it is part of, and the groups it belongs to.
For example, by clicking on an entity and then selecting the Additional information button, you will see a list of additional info for certain types of entities (i.e., hardware, software, processes, services, information).
