This topic explains how to create a query to the status of controls through the Risk module. There are two types of queries that display this information. The Status of Controls query shows information on the controls, such as their PSR, their status, the analyst who answered a certain control, and more. The Controls by Threat Source shows the same information but groups the results by threat source and by threat. Keep in mind that querying the status of controls is different from creating a query that is consolidated by controls. In the first, the focus of the query is information on the controls, while the second focuses on consolidating indicators by controls.
1. Access the Risk module.
2. Select List Queries from the Queries section.
3. In the Project Queries section, click Create.
4. Click Risk Metrics and select the Control Status by Threat Source or Status of Controls option from the drop-down list that appears (see figure below).
The system displays the Scope step in the wizard for creating queries, where the projects from which information will be obtained can be selected (see figure below).
5. Click Add to Scope to select the projects to be included in the scope.
The system displays a list containing all the open or closed risk management projects registered in the system. Cancelled projects will not be listed (see figure below).
6. Select the projects you want to include in the scope by marking the checkboxes next to each and clicking Add to Scope. If you want to quit the operation, click Cancel.
7. To remove an item from the scope, mark the checkbox next to it and click Remove from Scope.
8. When finished, click Proceed to continue creating the query. If you want to run the query, click Generate Query. If you want to quit the operation, click Cancel.
When Proceed is clicked, the system displays the Filters step in the wizard for creating the query, where the filters to be used can be selected, which will reduce the information used to display the results (see figure below).
Note: Selecting a filter indicates that only the controls meeting the criteria set in the filters selected will be displayed in the query results. For example, if you filter the query by a certain knowledge base, only the controls related that knowledge base will be displayed in the results.
The filter options for this type of query include asset component, asset type, control grouping, controls, knowledge base, strategic business component, tactical business component, and threat.
9. Select the filter you want to use by clicking one of the filter options displayed on the left (see figure below).
10. Click Add to Filter to select the objects that will be used to filter the scope of the query (see figure below).
11. Select the objects to be added to the filter in the window that appears and click Add Selected (see figure below). If you want to quit the operation, click Cancel.
The system displays the objects selected for the filter.
12. To remove objects added to the filter, mark the checkboxes next to each you want to remove and click Remove from Filter.
13. After selecting the filters, click Proceed to continue creating the query. If you want to generate the query, click Generate Query. If you want to cancel query creation, click Cancel. To return to the previous step at any point during this wizard, click Back.
When Proceed is clicked, the system displays the Columns step in the wizard for creating the query, where the columns to be displayed in the query results can be selected (see figure below).
14. Select the columns you want to include in the query by marking the checkboxes next to each. By default, the system will show some pre-selected options that can be removed, while others are required columns. To include or remove optional columns in the results, simply mark or unmark the checkboxes next to their names.
15. Click Proceed to continue creating the query. If you want to generate the query, click Generate Query. If you want to cancel query creation, click Cancel. To return to the previous step at any point during this wizard, click Back.
When Proceed is clicked, the system displays the Audience step, where you can select which people and groups will be able to view the query in the Home module and in this module, if they have permission to access it (see figure below).
16. Click Add Audience and select People or Groups to add them.
17. If, for example, you selected People, select the people to be added and click Add People (see figure below). If you want to quit the operation, click Cancel.
The system displays the people selected.
18. To remove people or groups from the audience, mark the checkboxes next to their names and click Remove Audience.
The system requests confirmation to remove the people or groups from the audience (see figure below).
19. Click Remove Audience to confirm. If you want to quit the operation, click Cancel.
The system removes the people selected from the audience.
20. Click Proceed to continue creating the query. If you want to generate the query, click Generate Query. If you want to cancel query creation, click Cancel. To return to the previous step, click Back.
When Proceed is clicked, the system displays the Editors step, where you can select which people and groups will be able to edit the query, receiving the same permissions to it as the author (see figure below).
21. Click Add Editors and select People or Groups to add them to the list of editors.
22. If, for example, you selected People, select the people to be added and click Add People (see figure below).
The system displays the people selected.
23. To remove people or groups from the list of editors, mark the checkboxes next to their names and click Remove Editors.
The system requests confirmation to remove the people or groups from the list of editors (see figure below).
24. Click Remove Editors to confirm. If you want to quit the operation, click Cancel.
The system removes the people selected from the list of editors.
25. Click Proceed or Generate Query to run the query. If you want to cancel query creation, click Cancel. To return to the previous step, click Back.
When Proceed is clicked, the system displays the results of the query according to what was selected in the previous steps (see figure below).
26. Click Save to save the query data. If you do not want to save the query, click Cancel. To return to the previous step, click Back.
When Save is clicked, the system displays a window where a name and description for the query can be entered (see figure below).
27. In the Name field, enter a name to identify the purpose and reach of the query.
28. In the Description field, enter the main characteristics of the query.
29. When finished, click Save Query. If you want to quit the operation, click Cancel.
The system displays a success message.