Operational Entities

1. Introduction

Every organization is a complex web of interrelated processes, systems, and departments. RiskStudio's 'Operational Entities' feature provides a structured way to represent, manage, and understand these components within the context of risk management.

An Operational Entity within an organization refers to a collaborative unit consisting of people, technology, and external companies that work together seamlessly. It can take the form of a department, project team, information system, process, or any other group where these elements come together to achieve common goals.

2. Functionalities

To access Operational Entities, select 'Operational Entities' under 'Identify' in the main menu. This brings you to the main page of Operational Entities, where you can manage and analyze various aspects of your organization.

2.1 Entities main page

The main page has two main tabs: 'Active Entities' and 'Archived Entities'.

In 'Active Entities', you'll see a list of all created entities. Here, you can add new entities, switch views between 'Card View' and 'List View', and apply filters, such as entity type, involved companies, and participants.

2.1.1 Pin or archive an entity

Use the 'three dots' icon to pin or unpin an entity in the overview or to archive an entity. Archived entities are accessible under the 'Archived Entities' tab.

2.1.2 Archived Companies

Find archived Entities under the ‘Archived Entities' tab. Archived Entities no longer have an active role, however, therefore they do not consume elements, on the other hand they are still part of ongoing risk and reporting processes. In particular, this archiving function is intended to provide a clear and up-to-date view of companies with which to work. It is not possible to restore archived items to the active list.

2.2 Adding an Entity

To begin adding an entity: hit the “Add Entity button “ in the main screen.
On the next screen, enter the following details:

Full Name: Enter the complete name of the entity.
Short Name: Provide a concise version of the entity's name.
Purpose: Describe the primary purpose or function of the entity.
Type: Select the type of Operational Entity, such as Team/Group, Crown Jewel, Process, Information System, etc. After filling in these details, you have two options:
Configure Operational Entity: Opt to further configure the entity for more detailed management.
Save: Choose to save the information as it is and configure the entity at a later moment.

2.3 Configuring Operational Entities

2.3.1 Adding Companies

Click on the 'Change Companies' button to link companies from your Cyber Chain to the entity.

The 'Adding Companies' functionality in RiskStudio allows you to integrate specific companies from your Cyber Chain into a particular operational entity. By clicking the 'Change Companies' button, you can select and link various companies to an entity, such as a project or department.

Why linking Companies is important

This feature is crucial for creating a comprehensive overview of how different companies within your Cyber Chain interact with or impact the selected operational entity. It aids in understanding the relationships and dependencies between your entity and these companies, offering insights into areas like risk exposure, collaboration, and resource allocation.

2.3.2 Involved Participants

The Involved Participants' function is designed to manage the human aspect of your operational entities.

By using the 'Change Involved Participants' button, you can either add existing or new participants.

Assigning a 'Primary Participant' is vital for establishing clear responsibility and leadership within the entity. This role typically oversees the activities related to the entity and acts as a central point of communication.

Why managing participants is key

Managing participants effectively is key to ensuring smooth operation and efficient handling of the entity's tasks. By keeping this information up-to-date, RiskStudio helps maintain clarity in roles and responsibilities, facilitating better coordination and communication among team members.

2.3.3. Entity summary

The summary page offers a graphical overview of the entity. Click on various elements in the summary for direct access to specific screens where you can view more details and make adjustments if needed.

3. Maximizing the potential of ‘Operational Entities’

Optimize your use of Operational Entities in RiskStudio to efficiently manage key business components. Regularly update and configure entities to align with ongoing projects and organizational changes, ensuring accurate and effective risk management strategies.
Participants can be assigned to specific entities, fostering collaboration and ensuring that each entity is adequately monitored and managed.
By knowing each entity's role and function, you can tailor risk management strategies to address specific vulnerabilities or challenges.

4. Frequently Asked Quesiton (FAQs)

Q: Can an Operational Entity belong to multiple risks ?
A: Yes, depending on its relevance, an entity can be linked to several risk programs to reflect its multifaceted role within the organization.

Q: How detailed should my entity descriptions be?
A: It's beneficial to be as detailed as possible to provide clarity. However, ensure the description remains concise and understandable for all participants.

Q: Can I modify an entity's type after creation?
A: While you can edit details of an entity, changing its fundamental type might require a new entity creation to maintain data integrity.

Contribution to cybersecurity and Risk Management

Operational Entities play a crucial role in RiskStudio by providing a structured approach to managing and analyzing different aspects of your organization, thus contributing significantly to both cybersecurity and overall risk management.

Requirements

To effectively utilize Operational Entities in RiskStudio, ensure you have a clear understanding of your organization's structure, including its various departments, processes, and systems. Familiarity with the overall business objectives and cybersecurity goals is also essential.