Hi,
Yes entities can be whatever you like. If i am going to perform risk assessment of this particular thing it needs to be an entity. This thing can be a database, server, process, organizational unit, Legal entity, applications, etc...
Jakob
Hi,
In my example i changed the name of two risks, both connected to a risk statement. One of the primary uses of using risk statements are that you create sevaral risks based on one risk statements, which means that you can look at aggregation / sta...
Hi.
You are right. The risk inherit risk statement information, such as description.
To explain why it is this way we need to look at how Risks are connencted to risk statements in terms of reporting, aggregation etc... For me this makes sense becaus...