Application Assessment (and HOWTO)

Owned by Laura McWilliams
Last updated: May 09, 2024
4 min read

Overview

The purpose of application assessment is to proactively identify and mitigate potential risks to the security, integrity, and availability of applications, thereby protecting your organization from financial losses, reputational damage, and legal liabilities associated with security breaches or operational failures. These applications may represent hardware and/or software systems running third-party software, custom products developed in-house, or any combination thereof.

Application assessment is one of the three assessment methodologies supported by Isora GRC. With application assessment, a single survey is created to allow you to answer questions about a specific system or application (already stored as an application object in Isora GRC’s inventory) as well as to update metadata for (ie, “enrich”) the application.

 

How to Assess an Application

This information is for superusers and assessment managers. Before you can assess an application, the application must already exist in Isora GRC’s inventory. As a superuser, you can add a new application from the Inventory page or from the Add Application button at the beginning of the New Application Assessment Wizard. As an assessment manager of the unit that owns an existing application, you can create a new assessment for that application.

See also: HOWTO Add an Application to Inventory

To assess an application, from the Assessments page:

  1. Click the New Assessment button (it doesn’t matter which assessment methodology is currently active).

    2024-03-19_13-28-52.png

  2. Choose application.

    2024-03-19_13-30-27.png

  3. At this point, you can select an existing application, or click the +Add Application button to add a new one.

  4. If you select an application which was previously assessed, you have the option to renew a previous assessment. If you choose to do this, the options for the rest of the wizard screens will be filled in automatically and you will just need to assign a new name and due date.

  5. Assign a name, choose an existing series, and due date. Then choose an existing Instructions template or create a new one. When all fields are complete, click the Next Step button.

    (See also: Working with Survey Instructions)

  6. On the next step, choose a questionnaire template from the drop-down, then click Next Step.

    ( See also: https://saltycloud.atlassian.net/wiki/spaces/TES/pages/2072346627 )

  7. The next step shows you the current metadata for the selected application. Currently, all application assessments include application enrichment. In the future, there will be additional options on this step. Click Next Step.

    (See also: https://saltycloud.atlassian.net/wiki/spaces/TES/pages/2072248330 )

  8. On the final step of the wizard, you have an opportunity to review everything and make changes if needed. You can also use the wizard navigation at the top to go back to any previous step. Click the Launch button to launch the survey now. If you instead click Publish, everything is saved and you or an assessment manager can launch it later, but no changes can be made once published or launched.

  9. On the Assessments page, you can navigate to Applications and expand the series to locate the new assessment you just created. Click on its name to access the survey itself.

    See also: Filling Survey Questionnaires