Release 3.13.0
Published: October 15, 2021Last updated: March 25, 2024
- Updated Risk Module
- Use ESM as a global risk registry!
- Track original risk, mitigating activities and residual risk levels.
- Risks can be mitigated by free-text activities or existing security controls, scheduled internal controls, or processes.
- Configurable vulnerability- and threat-catalogs, including default associations of vulnerabilities and threats for automatic identification of suggested risks, when associating vulnerabilities (directly or indirectly via confirmed risks) with assets.
- New risk settings/framework. Definitions and number of levels can be configured for: Likelihood, Consequence, Risk levels, Risk level matrix, Allowed treatments (among Mitigate, Transfer, Avoid or Accept).
- Risk analyses are now tied to scheduled internal controls.
- There are now three levels of permissions for risks: read-only, register new & update risks, and change risk framework settings (not fully implemented).
- Updated browser support
- Chrome, Edge (newer versions), Firefox and Opera are now fully supported.
- Various updates
- It is now possible to change the number of levels of security goals (CIA,T)
- Part-of relations are shown in application diagrams.
- Improved automatic layout for type-of relations between information objects and part-of relations between applications.
- Parents in type-of and part-of relations can now be collapsed with an option in the context menu of information objects and applications.
- It is now possible to link to named documents in ESM.