ComplyAssistant comes with 125 pre-populated Threats. Five of these Threats are based on the Health Industry Cybersecurity Practices (HICP) rule. You also have the option to add Threats specific to your organization.
To view the list of Threats and add your own, select Account Settings in the upper-right then scroll down to Threats in the left hand navigation.
On the right hand side, you’ll see the option to add a New Threat or Import one or more Threats to ComplyAssistant.
You can also hover over Account Settings and select Threat Library to navigate there.
Add a New Threat
To create a single Threat, select New Threat from the right hand side.
From New Threat, enter the Name and Description.
Provide a Threat Type to indicate who or what is threatened: Computer Systems, Network, Human, or Environmental.
Select one or more Threat Tags for easier filtering within the Risk Register. You can also create your own by typing directly in the box and pressing enter.
Finally, choose whether to add or remove a Default Inherent Risk. Think of Inherent Risk in terms of a Threat without a Control. Once you select Add Default Inherent Risk, you’ll have the option to adjust a scale for Impact and Likelihood.
If you do not select “add a default inherent risk,” this Threat will have no recorded impact or likelihood. Later, if you associate a Control to this Threat, the Control’s Likelihood Reduction value would then have no impact on Inherent Risk.
Select Submit at the bottom to create your custom Threat.
Import a New Threat
To create more than one Threat, select Threat Import on the right hand side of the Threat Library.
Follow the instructions on the screen to download the template, fill it in according to the headers provided, and import. You must fill in all fields except Default Impact and Likelihood.
At this time, there is no way to import registrations or associations between Threats and Controls.