[{"type":"PcLinkWrapper","customClasses":"","content":{"fields":{"href":"","innerClass":""},"children":[{"type":"PcWrapper","customClasses":"my-4","content":{"fields":{"color":"","innerClass":"d-flex justify-center"},"children":[{"type":"PcIcon","customClasses":"","content":{"fields":{"type":"book","iconColor":"#ffffff","iconSize":"90","avatarColor":"#D4D7D9FF","avatarSize":"130"}}}]}},{"type":"PcTitle","customClasses":"text-center","content":{"fields":{"size":"div","text":"Glossary","titleColor":"#052426FF","titleClasses":"font-weight-bold text-h4 text-sm-h3"}}},{"type":"PcFreeHtml","customClasses":"my-6 text-center","content":{"fields":{"html":"

Here you will find explanations for terms related to CRISAM® - categorized into the areas of \"Information Security Management\" and \"Integrated Risk Management\".

","script":""}}},{"type":"PcHero","customClasses":"","content":{"fields":{"textColor":"#FFFFFF","bgColor":"#245459FF","bgMinHeight":"100vh","bgSize":"100%, cover","bgbRadius":"","bgUrl":"https://d2pegsiopsb8d9.cloudfront.net/cms/img/1-cms_pic-1689688267.jpeg"},"children":[{"type":"PcTitle","customClasses":"headline text-center","content":{"fields":{"size":"div","text":"Information Security Management & Data Protection Management ","titleColor":"#FFFFFFFF","titleClasses":"font-weight-bold text-h4 text-sm-h3"}}},{"type":"PcExpansionPanels","customClasses":"py-6","content":{"fields":{"innerClass":"col-12"},"children":[{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Component

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

Components are used to build your model tree (also called fault tree), meaning they serve for structuring (\"containers\"). Additionally, other components can be used which include additional control objectives.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Scope

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

The scope is referred to as Phase 2 in the CRISAM® methodology. In this stage, the extent of risk management is defined, and a threat analysis (Business Impact Analysis) is conducted for the identified objects.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Scope object

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

An object that is considered within the \"scope\" phase and thus is encompassed by risk management. Typical scope objects include companies or organizations, business processes, parts of business processes, or organizational units.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

ISMS

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

Information Security Management System

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Catalog

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

A catalog is a component of a Knowledge Pack and consists of components that include control objectives.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Knowledge Pack

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

A Knowledge Pack represents the \"content component\" of CRISAM® and feeds it with specific topics. A Knowledge Pack can have various components, either one or more catalogs, additional reports, specific customizations in the interface, or purely compliance assessments.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Control objectives

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

Control objectives in CRISAM® are questions embedded in components. With these questions, you can assess the quality of specific topics (such as the implementation of policies or processes). Control objectives cannot be edited in CRISAM® and are delivered with predefined answer guidelines. These answer guidelines are for implementation within the organization in stages A to F (A = Optimal Fulfillment, F = Not Fulfilled, B = State of the Art). Additionally, descriptions may be provided. In the background, criteria and sources are assigned to control objectives, as well as a weighting and a yes/no criterion.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Criteria

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

Criteria in CRISAM® are used to classify the relationship between objects (BIA, PIA, etc.), to adjust the visibility of control objectives, and sometimes for calculations. Some criteria refer to security objectives, such as in information security, where criteria like availability, confidentiality, integrity, or in data protection, supplemented by unlinkability, transparency, and intervenability, are used. In the area of BCM (Business Continuity Management), criteria such as RTO (Recovery Time Objective) and RPO (Recovery Point Objective) are also applied.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Mappings

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

Mapping refers to the assignment or referencing of a control objective to a specific source chapter or criterion. A control objective can be assigned to multiple source chapters and criteria. The mapping is done in the background within the catalog and cannot be changed in the interface.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Model Tree or Fault Tree

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

The model tree or fault tree represents the graphical depiction of your organization for various topics (such as information security, data protection, etc.) and is constructed from components (modeling).

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Project

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

In a CRISAM® project, you build your ISMS or Data Protection Management System (DPMS). In a project, an entire conglomerate with many companies or only individual organizations can be depicted. Additionally, multiple topics are usually found within a project, such as the joint establishment of an ISMS and DPMS, supplemented by other topics such as SCADA, BCM, etc.

It always makes sense to use a common project for different topic areas when you also want direct access to all content - that is, across topics. If you desire a strict separation between the topics, you can create any number of additional projects in CRISAM®. In practice, typically only one CRISAM® project is used.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Sources

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

Sources refer to standards, laws, regulations, etc. Sources consist of individual chapters to which control objectives are assigned.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

RPO

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

The Recovery Point Objective (RPO) is the maximum allowable period of time during which data or transactions may be lost between the last backup and the occurrence of a system failure.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

RTO

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

The Recovery Time Objective (RTO) is the duration between the occurrence of the incident and the restoration of the business process or application.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Wizard

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

The wizard (also referred to as assistant) guides you step-by-step through various topics (such as risk assessment, asset inventory, capturing processing activities, etc.). You can enter the information in a predefined sequence and simultaneously read more detailed information on the help page.

","script":""}}}]}}]}}]}},{"type":"PcHero","customClasses":"mt-12","content":{"fields":{"textColor":"#FFFFFF","bgColor":"#245459FF","bgMinHeight":"100vh","bgSize":"100%, cover","bgbRadius":"","bgUrl":"https://d2pegsiopsb8d9.cloudfront.net/cms/img/1-cms_pic-1689683897.jpeg"},"children":[{"type":"PcTitle","customClasses":"headline text-center","content":{"fields":{"size":"div","text":"Integrated Risk Management","titleColor":"#FFFFFFFF","titleClasses":"font-weight-bold text-h4 text-sm-h3"}}},{"type":"PcExpansionPanels","customClasses":"py-6","content":{"fields":{"innerClass":"col-12"},"children":[{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Scope

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

A scope is an organizational unit through which permissions can be granted.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Dashboard

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

The CRISAM® Dashboard is a view within the CRISAM® Web interface where central risk managers/risk focal points/risk responsible individuals visualize the risk view in a prepared format.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Expected Loss

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

The \"Expected Loss\" is a deterministic calculation of the expected value in CRISAM® Web Access. It does not necessarily need to match exactly with the simulated expected value since it theoretically calculates from the distribution functions for frequency and impact.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Expected Value

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

The expected value is the value that is taken on average over a period of consideration (e.g., one year). Synonyms: arithmetic mean, average, mean.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Form

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

A form is a page in CRISAM® Web Access where data (e.g., related to a risk) can be entered.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Model tree

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

The model tree represents the risk landscape of a company. Depending on the maturity level of risk management, this can range from an inventory list to a profit and loss statement.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Power List

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

The Power List, also known as the Extended List, is a list view in CRISAM® Web Access where columns can be configured differently for each object type (risk, measure, task, controls, etc.).

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Project

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

In a CRISAM® project, you establish your risk management. Within a project, you can depict an entire conglomerate with many companies or only individual organizations. You can also cover multiple topic areas in one project, such as risk management, internal control system, or ESG (Environmental, Social, and Governance).

It always makes sense to use a common project for different topic areas when you want direct access to all content - thus, cross-topic access. If you prefer a strict separation between topics, you can create any number of additional projects in CRISAM® - for example, one project for risk management and another for IKS. In practice, typically only one CRISAM® project is used.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Risk type

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

Different assessment scenarios can be defined for each risk type. Examples of risk types include: event risk, volatility risk, compliance risk, etc.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

RMS

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

Risk Management System

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

User Interface

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Unexpected loss

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

The \"Unexpected Loss\" is a deterministic calculation of the Value at Risk 99% in CRISAM® Web Access. This value does not need to exactly match the simulated Value at Risk, as it theoretically calculates from the distribution functions for frequency and impact.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Value at Risk

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

The \"Value at Risk\" (VaR) is the value that is not expected to be exceeded with a certain probability (e.g., 95% for VaR95).

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Wizard

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

The wizard, also known as an assistant, guides you step-by-step through various topics (such as risk assessment, asset inventory, capturing processing activities, etc.) in a predefined order. You can enter the information following this order and can simultaneously access detailed information on the help page.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Workflow

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

Using a CRISAM® Workflow, the risk assessment can be initiated. The risk focal point is notified via email. Furthermore, automatic CRISAM® emails can be generated with each status change. The recipient and the content of the email can be customized in CRISAM® Web Access.

","script":""}}}]}},{"type":"PcPanel","customClasses":"","content":{"fields":{"innerClass":"","header":"

Zeitscheiben

","expandible":false},"children":[{"type":"PcFreeHtml","customClasses":"text-left","content":{"fields":{"html":"

Time slices are a project setting in CRISAM® used to define the query time points of a risk assessment. Time slices also control which time points are available in CRISAM® Web Access and which are not. Additionally, it can be configured which time slices are relevant for reporting and dashboards.

","script":""}}}]}}]}}]}}]}}]