This topic explains how to create consolidated queries to indicators through the Organization module. These consolidated results always display the status of the queried objects according to the latest results from the risk projects in which they were analyzed.
1. Access the Organization module.
2. Select List Queries from the Queries section.
3. In the Organizational Queries section, click Create.
4. Select Risk Metrics and click the Consolidated By option.
The system displays a list containing the objects by which indicators can be consolidated (see figure below). Those whose results can be viewed through both tables and maps are indicated by the map icon to the left. However, this list does not indicate which queries can have their results displayed through the integrated overview, and the icon for this is shown only in the List of Queries. Keep in mind that the integrated overview can only be used for queries consolidated by asset, and only if it was the selected display mode when the query was last saved.
5. Select the object by which you want to consolidate the query from the drop-down list.
Note: The objects by which queries can be consolidated are:
•Asset: this option displays a list of consolidated risk indicators for all assets selected in the scope of the query.
•Asset Component: this option displays a list of consolidated risk indicators for all asset components related to the assets selected in the scope of the query.
•Business Component: this option displays a list of consolidated risk indicators for all business components related to the assets selected in the scope of the query.
•Control: this option displays a list of consolidated risk indicators for all controls related to the assets selected in the scope of the query.
•Grouping: this option displays a list of consolidated risk indicators for all control groupings related to the assets selected in the scope of the query.
•Knowledge Base: this option displays a list of consolidated risk indicators for all knowledge bases related to the assets selected in the scope of the query.
•Perimeter: this option displays a list of consolidated risk indicators for all perimeters related to the assets selected in the scope of the query.
•Threat: this option displays a list of consolidated risk indicators for all threats related to the assets selected in the scope of the query.
•Threat Source: this option displays a list of consolidated risk indicators for all threat sources associated with the assets selected in the scope of the query.
The system displays the Scope step in the wizard for creating queries, where the assets and perimeters from which risk indicators will be obtained for consolidation can be selected (see figure below).
6. Click Add to Scope to select the assets and perimeters to be included in the scope.
The system displays a list containing the objects registered in the Organization module.
7.
Click Expand (
) to view the full organizational
structure.
8. Select the objects you want to include in the scope by marking the checkboxes next to each and clicking Add to Scope (see figure below). If you want to quit the operation, click Cancel.
9. To remove an item from the scope, mark the checkbox next to it and click Remove from Scope.
10. When finished, click Proceed to continue creating the query. If you want to run the query, click Generate Query. If you want to quit the operation, click Cancel.
When Proceed is clicked, the system displays the Filters step in the wizard for creating the query, where the filters to be used can be selected, which will restrict the information used to consolidate the results (see figure below).
Note: Risk metrics are always consolidated based on the controls, since this is the most granular object that can be analyzed in a project. Selecting a filter means specifying the controls whose indicators you want to view in the consolidated results. If, for example, you choose to filter the query by asset component, only controls from the knowledge bases associated with the asset components selected in the filter will be used to generate the query results.
All consolidated queries can be filtered by strategic business components, tactical business components, knowledge bases, controls, asset components, threats, control groupings, and asset types.
11. Select the filter you want to use by clicking one of the filter options displayed on the left (see figure below).
12. Depending on the filter option selected, mark the checkboxes next to the objects to be added to the filter or click Add to Filter to select the objects that will be used to filter the scope of the query (see figure below). Note that the options available vary depending on the type of filter you choose.
13. Select the objects to be added to the filter in the window that appears and click Add Selected (see figure below). If you want to quit the operation, click Cancel.
The system displays the objects selected for the filter.
14. To remove an object added to the filter, mark the checkbox next to it and click Remove from Filter.
15. After selecting the filters, click Proceed to continue creating the query. If you want to generate the query, click Generate Query. If you want to cancel query creation, click Cancel. To return to the previous step at any point during this wizard, click Back.
When Proceed is clicked, the system displays the Columns step in the wizard for creating the query, where the columns to be displayed in the query results can be selected (see figure below).
16. Select the columns you want to include in the query results by marking the checkbox next to each option. By default, the system will show some pre-selected options that can be removed, while others are required columns. To remove non-required columns from the results of the query, unmark the checkbox next to each column name. To include more columns in the results, select the options that are not pre-selected by default.
17. Click Proceed to continue creating the query. If you want to generate the query, click Generate Query. If you want to cancel query creation, click Cancel. To return to the previous step at any point during this wizard, click Back.
When Proceed is clicked, the system displays the Audience step, where you can select which people and groups will be able to view the query in the Home module and in this module, if they have permission to access it (see figure below).
18. Click Add Audience and select People or Groups to add them.
19. If, for example, you selected People, select the people to be added and click Add People (see figure below). If you want to quit the operation, click Cancel.
The system displays the people selected.
20. To remove people or groups from the audience, mark the checkboxes next to their names and click Remove Audience.
The system requests confirmation to remove the people or groups from the audience (see figure below).
21. Click Remove Audience to confirm. If you want to quit the operation, click Cancel.
The system removes the people selected from the audience.
22. Click Proceed to continue creating the query. If you want to generate the query, click Generate Query. If you want to cancel query creation, click Cancel. To return to the previous step, click Back.
When Proceed is clicked, the system displays the Editors step, where you can select which people and groups will be able to edit the query, receiving the same permissions to it as the author (see figure below).
23. Click Add Editors and select People or Groups to add them to the list of editors.
24. If, for example, you selected People, select the people to be added and click Add People (see figure below).
The system displays the people selected.
25. To remove people or groups from the list of editors, mark the checkboxes next to their names and click Remove Editors.
The system requests confirmation to remove the people or groups from the list of editors (see figure below).
26. Click Remove Editors to confirm. If you want to quit the operation, click Cancel.
The system removes the people selected from the list of editors.
27. Click Proceed or Generate Query to run the query. If you want to cancel query creation, click Cancel. To return to the previous step, click Back.
When Proceed is clicked, the system displays the query results (see figure below).
Note: The results of queries consolidated by perimeter, asset, and asset component can be displayed on a map. However, for there to be results to display, at least one of the objects in the scope of the query must have had a location specified for it in the Organization module. An alert is displayed if no geographic locations were specified for the objects added to the scope. Note that the option to display maps must be enabled in the Display Options section of the Administration module. An internet connection is also required, otherwise an alert will appear and the map will not be displayed. The map provider must be preconfigured in the system configuration file (web.config). Keep in mind that some providers require a key or access code that is available only to those who purchase their license. It is the user’s responsibility to acquire it.
For queries consolidated by other objects, the results will be displayed on a table. Remember that only queries consolidated by asset can be displayed through the integrated overview.
The zoom level and position of each map can be saved in this step by defining how the map will be displayed when the query is executed after it is saved. By default, the zoom level will be set so that all elements of the scope are visible on the map and are displayed as close as possible.
The pin colors representing each risk metric can also be customized in the Scales section of the Administration module.
28. Select the Map option to view the results on a map (see figure below).
29. Click the pin representing the asset, asset component or perimeter to view the information contained in the columns selected when the query was created.
The system displays an info window containing information on the risk indices (see figure below).
30.
To close the window, click Close (
).
31. Select the Integrated Overview option to view the results of a query consolidated by asset through the integrated overview (see figure below).
The system displays the results of the query through the integrated overview (see figure below).
32. Click Save to save the query data. If you do not want to save the query, click Cancel. To return to the previous step, click Back.
Note: The system will save the query results to be viewed in the future through a table, map, or the integrated overview, depending on how they were displayed when the query was saved. If the query results were displayed on a map when it was saved, the query will load on a map when it is run. In addition, the zoom level and position of each map can be saved in this step, defining how the map will be displayed when the query is run.
When Save is clicked, the system displays a window where a name and description for the query can be entered (see figure below).
33. In the Name field, enter a name to identify the purpose and reach of the query.
34. In the Description field, enter the main characteristics of the query.
35. When finished, click Save Query. If you want to quit the operation, click Cancel.
The system displays a success message.