information risk assessment methodology 2 (iram2)

Related Topics

• Application Security
• Cybersecurity Careers
• Cloud Security
• Cyberattacks & Data Breaches
• Cybersecurity Analytics
• Cybersecurity Operations
• Data Privacy
• Endpoint Security
• ICS/OT Security
• Identity & Access Mgmt Security
• Insider Threats
• Mobile Security
• Physical Security
• Remote Workforce
• Threat Intelligence
• Vulnerabilities & Threats
• Middle East & Africa
• Upcoming Events
• Newsletters
• Whitepapers
• Partner Perspectives:
• > Microsoft

Information Security Forum Updates Information Risk Assessment Methodology Information Security Forum Updates Information Risk Assessment Methodology

Methodology Helps Businesses Identify, Analyze and Treat Information Risk throughout the Organization.

August 24, 2017

PRESS RELEASE

NEW YORK – The Information Security Forum (ISF), the world's leading, independent authority on cyber security and information risk management, continues to strengthen its global leadership in providing business-based information risk tools with the announcement of significant updates to the Information Risk Assessment Methodology version 2 (IRAM2). IRAM2 is a practical, rigorous risk assessment methodology that helps businesses to identify, analyze and treat information risk throughout the organization.

Threats, threat events, vulnerabilities and potential impacts are dynamic in any organization, requiring security practitioners and key stakeholders to review risks on a regular basis, particularly when significant change occurs. As information risks and cyber security threats increase, and as Boards take on a greater interest in security and risk, organizations need to move away from reacting to incidents, toward predicting and preventing them. IRAM2 allows key business and technology stakeholders to determine risk versus reward and obtain a clear picture of where to focus resources, to address information risks based on their significant to the organization

"Developing a robust mechanism to assess and treat information risk throughout your organization is essential," said Steve Durbin, Managing Director, Information Security Forum. "Risk assessment is all about balance and IRAM2 allows for teams to assess risk in a realistic manner. IRAM2 focuses on simplicity and practicality, while embedding reliability and steadfastness throughout the assessment process. This enables consistent results and a depth of analysis that improves decision making."

IRAM2 provides organizations with the ability to tailor their threat tables to reflect an organization’s overall risk appetite. IRAM2 works by evaluating and assessing a variety of information risk factors that comprise each information risk equation. Its supporting tool, the IRAM2 Assistant, have undergone significant updates and enhancements based on ISF research and member feedback to produce an enhanced suite of IRAM2 products. IRAM2 has the ability to help teams focus on the vulnerabilities as they relate to specific business risks and the Assistant tool takes this one step further. Key updates and enhancements include:

Threat Profiling : Research findings from Protecting the Crown Jewels: How to protect mission-critical information assets and Threat Intelligence: React and prepare have been incorporated into the supporting information used during this phase, including the common threat list (CTL) and the threat event catalogue (TEC).

Vulnerability Assessment : The approach for determining control strength now includes the extent of ‘relevance’ and ‘implementation’ of environmental controls. This enhanced approach is supported with the introduction of control relevance tables (CRT) to provide objectivity and repeatability. The previous IRAM2 control library, consisting of 29 controls, has been replaced with a more comprehensive set of 167 controls based on The Standard of Good Practice for Information Security and the Security Healthcheck .

IRAM2 Assistants

The single, Excel-based supporting tool, has been split into four integrated modules collectively referred to as the IRAM2 Assistants. Each module supports one or more phases of the methodology. The IRAM2 Assistants provide improved:

Efficiency: by automating parts of the methodology that would otherwise require a greater amount of manual effort

Accuracy: by enabling in-depth analysis to enhance business decision making

Consistency: by delivering specific templates that can be applied for enterprise-wide information risk assessments

Methods of communication: by leveraging report templates to convey the key risks to stakeholders.

Each IRAM2 Assistant is accompanied by a practitioner guide providing step-by-step instructions on how to use the methodology.

"Managing information risk fundamentally relates to effectively balancing risk against reward," continued Durbin. "IRAM2 empowers information risk practitioners to engage with key business, risk and technology stakeholders in an organized and enterprise-aware manner. With this foundation, they can work more effectively across the organization to assess appropriate risk profiles and provide input to the business to address – or not"

Once defined at an organizational level, risk appetite can be communicated and presented differently throughout an organization. If an organization does not have a defined risk appetite, the decisions regarding the treatment for each risk will have to be made by the key stakeholders on a risk-by-risk basis. The practitioner should make the key stakeholders aware that the lack of a defined risk appetite could result in inconsistent decisions regarding the amount of risk the organization accepts. For more information, please visit the ISF website .

You May Also Like

CISO Perspectives: How to make AI an Accelerator, Not a Blocker

Your guide to the great SIEM migration

How to Find and Fix Application Vulnerabilities

Securing Your Cloud Assets

Determining Exposure and Risk In The Event of a Breach

Black Hat Europe - December 9-12 - Learn More

SecTor - Canada's IT Security Conference Oct 22-24 - Learn More

Editor's Choice

State of Enterprise Cloud Security

Managing Third-Party Risk Through Situational Awareness

2024 InformationWeek US IT Salary Report

2021 Data Breach Investigations Report (DBIR)

The Infoblox Q1 2021 Cyberthreat Intelligence Report

Purple AI Datasheet

Ten Elements of Insider Risk in Highly Regulated Industries

A Year in Review of Zero-Days Exploited In-the-Wild in 2023

Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights

ISF Updates Risk Assessment Tools

US/North America News Reporter , Infosecurity Magazine

The Information Security Forum (ISF) has updated its risk assessment methodology to address better threat profiling and vulnerability assessment, among other things.

The ISF’s Information Risk Assessment Methodology version 2 (IRAM2) is a practical methodology that helps businesses to identify, analyze and treat information risk throughout the organization. In the updated version, “react and prepare” have been incorporated into the supporting information used during the threat profiling phase, including the common threat list (CTL) and the threat event catalogue (TEC).

Also, on the vulnerability front, the previous IRAM2 control library, consisting of 29 controls, has been replaced with a more comprehensive set of 167 controls based on The Standard of Good Practice for Information Security and the Security Healthcheck. The approach for determining control strength also now includes the extent of ‘relevance’ and ‘implementation’ of environmental controls. This enhanced approach is supported with the introduction of control relevance tables (CRT) to provide objectivity and repeatability.

Its supporting tool, the IRAM2 Assistant, was previously a single, Excel-based supporting tool. It has now been split into four integrated modules collectively referred to as the IRAM2 Assistants. Each module supports one or more phases of the methodology. The IRAM2 Assistants automate parts of the methodology that would otherwise require a greater amount of manual effort and offer in-depth analysis to enhance business decision making. They also deliver specific templates that can be applied for enterprise-wide information risk assessments, and use report templates to convey the key risks to stakeholders. Each IRAM2 Assistant is accompanied by a practitioner guide providing step-by-step instructions on how to use the methodology.

“Developing a robust mechanism to assess and treat information risk throughout your organization is essential,” said Steve Durbin, managing director at the ISF . “Risk assessment is all about balance, and IRAM2 allows for teams to assess risk in a realistic manner. IRAM2 focuses on simplicity and practicality, while embedding reliability and steadfastness throughout the assessment process. This enables consistent results and a depth of analysis that improves decision-making.”

IRAM2 provides organizations with the ability to tailor their threat tables to reflect an organization’s overall risk appetite. IRAM2 works by evaluating and assessing a variety of information risk factors that comprise each information risk equation. Once defined at an organizational level, risk appetite can be communicated and presented differently throughout an organization. If an organization does not have a defined risk appetite, the decisions regarding the treatment for each risk will have to be made by the key stakeholders on a risk-by-risk basis. The practitioner should make the key stakeholders aware that the lack of a defined risk appetite could result in inconsistent decisions regarding the amount of risk the organization accepts.

“Managing information risk fundamentally relates to effectively balancing risk against reward,” continued Durbin. “IRAM2 empowers information risk practitioners to engage with key business, risk and technology stakeholders in an organized and enterprise-aware manner. With this foundation, they can work more effectively across the organization to assess appropriate risk profiles and provide input to the business to address – or not.”

You may also like

Isf launches info-risk assessment methodology, isf issues major update on standard of good practice for it security professionals, ncsc offers seven-question guidance on cyber insurance, new year, new operating system, how forgotten legacy systems could be your downfall, what’s hot on infosecurity magazine.

• Editor's Choice

Russia's FSB Behind Massive Phishing Espionage Campaign

Geopolitical tensions drive explosion in ddos attacks, new phishing attack uses sophisticated infostealer malware, nigerian 'yahoo boys' behind social media sextortion surge in the us, cyber-criminals exploited paris olympics with fake domains, research uncovers new microsoft outlook vulnerability, un adopts controversial cybercrime treaty, south korea warns pyongyang has stolen spy plane details, vulnerability in windows driver leads to system crashes, solarwinds urges upgrade after revealing critical rce bug, manufacturing firm loses $60m in bec scam, #bhusa: crowdstrike outage serves as dress rehearsal for china-led cyber-attacks, the future of fraud: defending against advanced account attacks, how to secure industrial ip with data loss protection strategies, how to optimize third-party risk management programs through nist csf 2.0, how to proactively remediate rising web application threats, supercharge your security with intelligence-driven threat hunting, experiencing a ddos simulation to enhance defenses, cisa's jack cable discusses us push for more secure software, how to respond effectively during a ransomware attack, crowdstrike windows outage: what we can learn, infosecurity magazine autumn online summit 2024: day one, infosecurity magazine autumn online summit 2024: day two.

• MAGIC QUADRANT
• WHITE PAPER
• SANS INSTITUTE
• Indeed - one search. all jobs

Newsletter FR

Newsletter EN

Vulnérabilités

Information Security Forum Updates Information Risk Assessment Methodology

August 2017 by Information Security Forum

The Information Security Forum (ISF), independent authority on cyber security and information risk management, continues to strengthen its global leadership in providing business-based information risk tools with the announcement of significant updates to the Information Risk Assessment Methodology version 2 (IRAM2). IRAM2 is a practical, rigorous risk assessment methodology that helps businesses to identify, analyze and treat information risk throughout the organization.

Threats, threat events, vulnerabilities and potential impacts are dynamic in any organization, requiring security practitioners and key stakeholders to review risks on a regular basis, particularly when significant change occurs. As information risks and cyber security threats increase, and as Boards take on a greater interest in security and risk, organizations need to move away from reacting to incidents, toward predicting and preventing them. IRAM2 allows key business and technology stakeholders to determine risk versus reward and obtain a clear picture of where to focus resources, to address information risks based on their signi?cant to the organization

“Developing a robust mechanism to assess and treat information risk throughout your organization is essential,” said Steve Durbin, Managing Director, Information Security Forum. “Risk assessment is all about balance and IRAM2 allows for teams to assess risk in a realistic manner. IRAM2 focuses on simplicity and practicality, while embedding reliability and steadfastness throughout the assessment process. This enables consistent results and a depth of analysis that improves decision making.”

IRAM2 provides organizations with the ability to tailor their threat tables to reflect an organization’s overall risk appetite. IRAM2 works by evaluating and assessing a variety of information risk factors that comprise each information risk equation. Its supporting tool, the IRAM2 Assistant, have undergone significant updates and enhancements based on ISF research and member feedback to produce an enhanced suite of IRAM2 products. IRAM2 has the ability to help teams focus on the vulnerabilities as they relate to specific business risks and the Assistant tool takes this one step further. Key updates and enhancements include:

Threat Profiling: Research findings from Protecting the Crown Jewels: How to protect mission-critical information assets and Threat Intelligence: React and prepare have been incorporated into the supporting information used during this phase, including the common threat list (CTL) and the threat event catalogue (TEC).

Vulnerability Assessment: The approach for determining control strength now includes the extent of ‘relevance’ and ‘implementation’ of environmental controls. This enhanced approach is supported with the introduction of control relevance tables (CRT) to provide objectivity and repeatability. The previous IRAM2 control library, consisting of 29 controls, has been replaced with a more comprehensive set of 167 controls based on The Standard of Good Practice for Information Security and the Security Healthcheck.

IRAM2 Assistants

The single, Excel-based supporting tool, has been split into four integrated modules collectively referred to as the IRAM2 Assistants. Each module supports one or more phases of the methodology. The IRAM2 Assistants provide improved:

• Efficiency: by automating parts of the methodology that would otherwise require a greater amount of manual effort • Accuracy: by enabling in-depth analysis to enhance business decision making • Consistency: by delivering specific templates that can be applied for enterprise-wide information risk assessments • Methods of communication: by leveraging report templates to convey the key risks to stakeholders.

Each IRAM2 Assistant is accompanied by a practitioner guide providing step-by-step instructions on how to use the methodology.

“Managing information risk fundamentally relates to effectively balancing risk against reward,” continued Durbin. “IRAM2 empowers information risk practitioners to engage with key business, risk and technology stakeholders in an organized and enterprise-aware manner. With this foundation, they can work more effectively across the organization to assess appropriate risk profiles and provide input to the business to address – or not”

Once de?ned at an organizational level, risk appetite can be communicated and presented differently throughout an organization. If an organization does not have a de?ned risk appetite, the decisions regarding the treatment for each risk will have to be made by the key stakeholders on a risk-by-risk basis. The practitioner should make the key stakeholders aware that the lack of a de?ned risk appetite could result in inconsistent decisions regarding the amount of risk the organization accepts.

• Vigilance Vulnerability Alerts - TYPO3 Aimeos (...)
• Vigilance Vulnerability Alerts - TYPO3 Events (...)
• Vigilance Vulnerability Alerts - Authlib: (...)
• Vigilance Vulnerability Alerts - Linux (...)
• Vigilance Vulnerability Alerts - Roundcube: (...)
• Vigilance Vulnerability Alerts - Python ssl: (...)
• Vigilance Vulnerability Alerts - Python (...)
• Vigilance Vulnerability Alerts - PyMongo: (...)
• Vigilance Vulnerability Alerts - CA Single (...)
• Vigilance Vulnerability Alerts - IBM i: (...)
• Vigilance Alertes Vulnérabilités - TYPO3 Aimeos (...)
• Vigilance Alertes Vulnérabilités - TYPO3 Events (...)
• Vigilance Alertes Vulnérabilités - Authlib : (...)
• Vigilance Alertes Vulnérabilités - Noyau Linux (...)
• Vigilance Alertes Vulnérabilités - Roundcube : (...)
• Vigilance Alertes Vulnérabilités - Python ssl : (...)
• Vigilance Alertes Vulnérabilités - Python (...)
• Vigilance Alertes Vulnérabilités - PyMongo : (...)
• Vigilance Alertes Vulnérabilités - CA Single (...)
• Vigilance Alertes Vulnérabilités - IBM i : (...)
• Den größten Nutzen aus der vorhandenen (...)
• Sophos X-Ops gibt 10 wichtige Tipps für mehr (...)
• Betrugsmaschen am Telefon: Eine wachsende (...)
• Whitepaper: Verbesserung der Cybersicherheit (...)
• Technology Live! war zu Gast in Paris mit (...)
• Oneflow erhåller ISO-certifieringar
• Portus Data Centers ernennt Marco Kain zum (...)
• Schritt-für-Schritt-Anleitung zur Erkennung (...)
• IBM Studie: Kosten von Datenlecks erreichen (...)
• Google wirft den Handschuh: Entrust-Zertifikate

New, you can have your Podcast here. Contact us for more information ask: Marc Brami Phone: +33 1 40 92 05 55 Mail: [email protected]

• Gartner client? Log in for personalized search results.

Gartner Research

An examination of the information risk analysis methodology (iram) from the information security forum (isf).

Published: 11 May 2010

Accompanied by historical research, a number of supporting documents, and an organization with a membership of several hundred enterprises (the Information Security Forum [ISF]), the Information Risk Analysis Methodology (IRAM) provides a strong building block for IT-related risk assessment. In this assessment, Principal Analyst Trent Henry considers the three major phases of IRAM, its strengths and weaknesses, and how clients can get the most value from its risk assessment advice.

Included in Full Research

• Risk Assessment

Trent Henry

Access Research

Already a gartner client, to view this research and much more, become a client..

By clicking the "Continue" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

Contact Information

All fields are required.

Please provide the consent below

I have read, understood and accepted Gartner Separate Consent Letter , whereby I agree (1) to provide Gartner with my personal information, and understand that information will be transferred outside of mainland China and processed by Gartner group companies and other legitimate processing parties and (2) to be contacted by Gartner group companies via internet, mobile/telephone and email, for the purposes of sales, marketing and research.

By clicking the "Submit" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

By clicking the "" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

Gartner research: Trusted insight for executives and their teams

What is gartner research.

Gartner research, which includes in-depth proprietary studies, peer and industry best practices, trend analysis and quantitative modeling, enables us to offer innovative approaches that can help you drive stronger, more sustainable business performance.

Gartner research is unique, thanks to:

Independence and objectivity

Our independence as a research firm enables our experts to provide unbiased advice you can trust.

Actionable insights

Not only is Gartner research unbiased, it also contains key take-aways and recommendations for impactful next steps.

Proprietary methodologies

Our research practices and procedures distill large volumes of data into clear, precise recommendations.

Gartner research is just one of our many offerings.

We provide actionable, objective insight to help organizations make smarter, faster decisions to stay ahead of disruption and accelerate growth.

Tap into our experts

We offer one-on-one guidance tailored to your mission-critical priorities.

Pick the right tools and providers

We work with you to select the best-fit providers and tools, so you avoid the costly repercussions of a poor decision.

Create a network

Connect directly with peers to discuss common issues and initiatives and accelerate, validate and solidify your strategy.

Complementary related insights

Gartner clients can  log in  to access the full library.

How Executives Turn Plans Into Actions

Cloud erp: strategies for successful implementation, evolving insights: minimize disruptions from the crowdstrike outage, ciso foundations: cybersecurity talent strategies for cisos, technology adoption roadmap for data and analytics functions for 2024, top 5 legal priorities of 2024, how do you get the most out of vendor management for midsize enterprises, cios, scale ai initiatives to mitigate risk and seize new opportunities, experience information technology conferences.

Join your peers for the unveiling of the latest insights at Gartner conferences.

©2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy . Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

You are now being redirected to google.com....

HCL IRAM2-Aligned Risk Assessment

With ever-growing digitalization of services and products, information risk and cyber security events are on the rise. Organizations need to move away from being in an ever-responsive state of reacting to incidents and creating corrective controls to building a predictive and preventing mechanism. The IRAM2 framework by the Information Security Forum (ISF) helps develop this robust mechanism to assess and treat information risk throughout the organization as a business essential.

The HCL IRAM2-Aligned Risk Assessment app-pack developed provides a systematic and automated way to perform risk assessment based on the Information Risk Assessment Methodology v2 (IRAM2) as developed by the ISF.

On this page

Release history

Key features and benefits, prerequisites (oda and app-pack requirements), compatible use cases and applications, related applications, hcl iram2-aligned risk assessment app-pack components, architecture diagram, swim lane diagram, applications, personas and access roles, installing hcl iram2-aligned risk assessment app-pack, installation overview, task 1: prepare for the installation, task 2: install the package, task 3: setup data feeds, task 4: test the installation, task 5: manual changes, installing the package, task 1: back up your database, task 2: import the package, task 3: map objects in the package, task 4: install the package, task 5: review the package installation log, manual changes, task 1: manual fields creation, task 2: images for gvl, task 3: modify display fields for information asset cross reference in iram, setting up data feeds, task 1: import a data feed, task 2: schedule a data feed.

Last updated: September 2018

The app-pack provides a project-based risk assessment methodology that allows the risk analyst to

Scope: Develop an environment profile and define the scope of assessment.

Business Impact Assessment: Identify information assets in the environment and assess the business impact.

Threat Profiling: Identify and prioritize the relevant threats to the environment being assessed.

Vulnerability Assessment: Identify the degree to which the information assets in the environment being assessed are vulnerable to each in-scope threat event.

Risk Evaluation: Evaluation of likelihood of success, residual likelihood, and residual business impact rating and the derivation of the residual risk rating for each risk.

Risk Treatment: Determining a risk treatment approach for each identified risk.

Risk Reporting: Advanced analytics on how risks affect the information assets and organization.

Key benefits include:

Comprehensive risk coverage with readily available threat and scenario library, reducing the change that significant risk as overlooked.

Develop a Risk profile that reflects a view of information risk in business terms.

Manage complete risk assessment cycle.

Gain insight of highest rated threats and scenarios and reduce risk across the organization.

The HCL IRAM2-Aligned Risk Assessment app-pack contains 3 applications: IRAM Assessment, Threat Library, and Threat Event Catalogue. Two questionnaires are also available: Threat and Threat Event. The app-pack also requires two data feeds to create an on-demand threat from the threat library as well to create an on-demand threat event from threat event catalogue.

IRAM Assessment as 6 phases as listed below:

The following diagram shows the general workflow of the use case.

The phases of IRAM can be directly mapped to applications and questionnaires used in IRAM2 App Pack:

The following table describes the functions that make up the application’s organization roles. Depending on the organization of your company, these functions and responsibilities may vary.

Out-of-the-box roles and groups can be extended to the IRAM Risk Assessment application and related applications to ensure that your 1st line of defense and Risk Management has appropriate access to the app-pack.

Furthermore, appropriate references can also be established  between the HCL IRAM2-Aligned Risk Assessment app-pack and your Risk and Compliance Use cases to leverage the assessment results, threat scenarios and remediation plans.

Ensure that your Archer system meets the following requirements:

Archer version 6.3 P2 and above

Contact HCL to obtain the installation package.

Read and understand the "Packaging Data" section of Archer Help.

Installing a package requires that you import the package file, map the objects in the package to objects in the target instance, and then install the package. See Installing the Application Package for complete information.

You must import and schedule each use case data feed that you want to use. See Setting Up Data Feeds for complete information.

Test the application according to your company standards and procedures, to ensure that the use case works with your existing processes.

Perform the manual changes in Information Asset Application.

Perform manual changes in Information Asset Cross Reference field, in Threat Event and IRAM Assessment Applications.

There is no Undo function for a package installation. Packaging is a powerful feature that can make significant changes to an instance. Archer strongly recommends backing up the instance database before installing a package. This process enables a full restoration if necessary.

An alternate method for undoing a package installation is to create a package of the affected objects in the target instance before installing the new package. This package provides a snapshot of the instance before the new package is installed, which can be used to help undo the changes made by the package installation. New objects created by the package installation must be manually deleted.

Go to the Install Packages page.

Under Application Builder, click Install Packages.

In the Available Packages section, click Import.

Click Add New, then locate and select the package file that you want to import.

Click OK. The package file is displayed in the Available Packages section and is ready for installation.

This step is required only if you are upgrading to a later version of IRAM Assessment.

In the Available Packages section, select the package you want to map.

The analyzer runs and examines the information in the package. The analyzer automatically matches the system IDs of the objects in the package with the objects in the target instances and identifies objects from the package that are successfully mapped to objects in the target instance, objects that are new or exist but are not mapped, and objects that do not exist (the object is in the target but not in the source).

Note: This process can take several minutes or more, especially if the package is large, and may time out after 60 minutes. This time-out setting temporarily overrides any IIS time-out settings set to less than 60 minutes.

When the analyzer is complete, the Advanced Package Mapping page lists the objects in the package file and corresponding objects in the target instance. The objects are divided into tabs, depending on whether they are found within Applications, Solutions, Access Roles, Groups, Sub- forms, or Questionnaires.

On each tab of the Advanced Mapping Page, review the icons that are displayed next to each object name to determine which objects require you to map them manually.

For each object that requires remediation, do one of the following:

To map each item individually, on the Target column, select the object in the target instance to which you want to map the source object. If an object is new or if you do not want to map an object, select Do Not Map from the drop-down list.

Important: Ensure that you map all objects to their lowest level. When objects have child or related objects, a drill-down link is provided on the parent object. Child objects must be mapped before parent objects are mapped. For more details, see "Mapping Parent/Child Objects" in the Archer Online Documentation.

To automatically map all objects in a tab that have different system IDs but the same object name as an object in the target instance, do the following:

In the toolbar, click Auto Map.

Select an option for mapping objects by name.

Click OK. The Confirmation dialog box opens with the total number of mappings performed. These mappings have not been committed to the database yet and can be modified in the Advanced Package Mapping page.

To set all objects in the tab to Do Not Map, in the toolbar, click Do Not Map.

Verify that all other objects are mapped correctly.

(Optional) To save your mapping settings so that you can resume working later, see "Exporting and Importing Mapping Settings" in the Archer Help.

Select I understand the implications of performing this operation and click OK.

The Advanced Package Mapping process updates the system IDs of the objects in the target instance as defined on the Advanced Package Mapping page. When the mapping is complete, the Import and Install Packages page is displayed.

Important: Advanced Package Mapping modifies the system IDs in the target instance. Any Data Feeds and Web Service APIs that use these objects will need to be updated with the new system IDs.

All objects from the source instance are installed in the target instance unless the object cannot be found or is flagged to not be installed in the target instance. A list of conditions that may cause objects not to be installed is provided in the Log Messages section. A log entry is displayed in the Package Installation Log section.

In the Available Packages section, locate the package file that you want to install, and click Install.

In the Configuration section, select the components of the package that you want to install.

To select all components, select the top-level checkbox.

To install only specific global reports in an already installed application, select the checkbox associated with each report that you want to install.

Note: Items in the package that do not match an existing item in the target instance are selected by default.

In the Configuration section, under Install Method, select an option for each selected component. To use the same Install Method for all selected components, select a method from the top-level drop-down list.

Note: If you have any existing components that you do not want to modify, select Create New Only. You may have to modify those components after installing the package to use the changes made by the package.

In the Configuration section, under Install Option, select an option for each selected component. To use the same Install Option for all selected components, select an option from the top-level drop-down list.

Note: If you have any custom fields or formatting in a component that you do not want to lose, select Do not Override Layout. You may have to modify the layout after installing the package to use the changes made by the package.

To deactivate target fields and data-driven events that are not in the package, in the Post-Install Actions section, select the Deactivate target fields and data-driven events that are not in the package checkbox. To rename the deactivated target fields and data-driven events with a user-defined prefix, select the Apply a prefix to all deactivated objects checkbox, and enter  a prefix. This can help you identify any fields or data-driven events that you may want to review for cleanup post-install.

Click Install.

Go to the Package Installation Log tab of the Install Packages page.

Click the Package Installation Log tab.

Click the package that you want to view.

In the Package Installation Log page, in the Object Details section, click View All Warnings. Note: Ignore All Warnings

Create the following fields in Information Asset application.

Place them on layout as a new section in Assessments or as per your business requirements.

Place the following images against appropriate values in GVL: IRAM Risk Rating for Negligible Value, for Low Value, for Moderate Value and for High Value.

Add the following fields to field lookup and display configuration for Information Asset Cross Reference field in IRAM Assessment and Threat Event Application.

Import the data feeds in the following order:

IRAM2: Threat Library to Threat V1

IRAM2: TEC to Threat Event V1

Go to the Manage Data Feeds page.

Under Integration, click Data Feeds.

In the Manage Data Feeds section, click Import.

Locate and select the .dfx5 file for the data feed.

From the General tab in the General Information section, in the Status field, select Active.

Click the Transport tab. Complete the fields in the Transport Configuration section as follows:

In the URL field, type: YourServerName/VirtualDirectoryName/ws/search.asmx

In the User Name and Password fields, type the username and password of a Platform user that has API access and access to all of the records on the Platform instance (from which the data feed is coming).

In the Instance field, type the name of the Platform instance from which the data feed is coming (this is the instance name as you enter it on the Login window).

Verify that key field values are not missing from the data feed setup window.

Click Save.

Important: A data feed must be active and valid to successfully run.

As you schedule your data feed, the Data Feed Manager validates the information. If any information is invalid, an error message is displayed. You can save the data feed and correct the errors later; but the data feed does not process until you make corrections.

Go to the Schedule tab of the data feed that you want to modify.

Select the data feed.

Click the Schedule tab.

Go to the Recurrences section and complete frequency (2 minutes), start and stop times, and time zone.

(Optional) To override the data feed schedule and immediately run your data feed, in the Run Data Feed Now section, click Start.

Note: If the feed is not updating data as intended, re-load the source fields and remap them. Reach out to HCL for further details.

Archer is a leading provider of enterprise risk management solutions , which include third party risk management , IT risk management , operational risk management , and more. Contact us now to learn more about integrated risk management solutions from Archer .

You are now being redirected to mayfile.online....

You are now being redirected to bestq.info....

Managing Risk the ISF Way

Information risk assessments enable organisations to select controls or other treatment options that are commensurate with risk in order to reduce the frequency and impact of information security incidents.

ISF materials, including the SOGP , have been developed to support the risk assessment process of identifying business impacts, assessing key threats and vulnerabilities, in addition to treating information risks. These materials complement organisational approaches to information risk assessment and, when used in conjunction with ISF Risk methodologies such as IRAM2 or QIRA , enables an organisation to keep information risk within acceptable limits.

Join Gareth Haken , Principal Analyst at the ISF, for our final webinar in the ISF Cyber Security Showcase Week, where he considered all these different materials, and presented how they can be combined and used to effectively manage risk.

If you have any questions about this event, please get in touch.

Gareth Haken

Principal Analyst

Cyber Security Showcase Week 17-21 October 2022

This webinar is part of our Cyber Security Showcase Week: a week of webinars covering the hottest topics in information security. Make sure you don’t miss any of our other thought-provoking sessions by exploring and registering now.

SUPPORTING CONTENT

Cyber awareness: think before you click.

Download tried and tested ISF resources to help you raise awareness and improve your security best practice.

Information Risk Assessment Methodology 2 (IRAM2)

A simple, practical, yet rigorous approach to risk assessments, enabling organisations to speak a common language with key stakeholders.

Risk Assessment and Review

Jump-start your organisation’s benefit from risk assessments to engage stakeholders and prioritise action effectively.

Information

• Author Services

Initiatives

You are accessing a machine-readable page. In order to be human-readable, please install an RSS reader.

All articles published by MDPI are made immediately available worldwide under an open access license. No special permission is required to reuse all or part of the article published by MDPI, including figures and tables. For articles published under an open access Creative Common CC BY license, any part of the article may be reused without permission provided that the original article is clearly cited. For more information, please refer to https://www.mdpi.com/openaccess .

Feature papers represent the most advanced research with significant potential for high impact in the field. A Feature Paper should be a substantial original Article that involves several techniques or approaches, provides an outlook for future research directions and describes possible research applications.

Feature papers are submitted upon individual invitation or recommendation by the scientific editors and must receive positive feedback from the reviewers.

Editor’s Choice articles are based on recommendations by the scientific editors of MDPI journals from around the world. Editors select a small number of articles recently published in the journal that they believe will be particularly interesting to readers, or important in the respective research area. The aim is to provide a snapshot of some of the most exciting work published in the various research areas of the journal.

Original Submission Date Received: .

• Active Journals
• Find a Journal
• Proceedings Series
• For Authors
• For Reviewers
• For Editors
• For Librarians
• For Publishers
• For Societies
• For Conference Organizers
• Open Access Policy
• Institutional Open Access Program
• Special Issues Guidelines
• Editorial Process
• Research and Publication Ethics
• Article Processing Charges
• Testimonials
• Preprints.org
• SciProfiles
• Encyclopedia

Article Menu

• Subscribe SciFeed
• Recommended Articles
• Google Scholar
• on Google Scholar
• Table of Contents

Find support for a specific problem in the support section of our website.

Please let us know what you think of our products and services.

Visit our dedicated information section to learn more about MDPI.

JSmol Viewer

Risk assessment and distribution estimation for uav operations with accurate ground feature extraction based on a multi-layer method in urban areas.

1. Introduction

2. problem description, 3. methodology for generating map layers, 3.1. classification of the satellite image.

3.2. Modeling of a Population Density Layer

3.2.1. data acquisition and preprocessing, 3.2.2. estimation of ground population density, 3.3. modeling of a sheltering factor layer, 3.4. modeling of a ground obstacle layer, 4. risk assessment and distribution estimation, 4.1. fatality risk cost model, 4.1.1. risk assessment for ground pedestrians, 4.1.2. risk assessment for ground vehicles, 4.2. property damage risk cost model, 4.3. integrated risk cost model, 4.4. estimation of risk distributions, 5. simulations and verifications, 5.1. scenario description, 5.2. classification results of the satellite image, 5.3. generation of a population density layer, 5.4. generation of a sheltering factor layer, 5.5. generation of a a ground obstacle layer, 5.6. generation of a risk map based on multiple layers, 6. conclusions, author contributions, data availability statement, conflicts of interest.

• Denney, E.; Pai, G. Architecting a Safety Case for UAS Flight Operations. In Proceedings of the 34th International System Safety Conference (ISSC 2016), Orlando, FL, USA, 8–12 August 2016. [ Google Scholar ]
• Swanson, D. A Simulation-Based Process Model for Managing Drone Deployment to Minimize Total Delivery Time. IEEE Eng. Manag. Rev. 2019 , 47 , 154–167. [ Google Scholar ] [ CrossRef ]
• Nishira, M.; Ito, S.; Nishikawa, H.; Kong, X.; Tomiyama, H. An ILP-based Approach to Delivery Drone Routing under Load-dependent Flight Speed. In Proceedings of the 2022 International Conference on Electronics, Information, and Communication (ICEIC), Jeju, Repulic of Korea, 6–9 February 2022; pp. 1–4. [ Google Scholar ]
• Su, X.Y.; Tao, L.F.; Liu, H.M.; Wang, L.Z.; Suo, M.L. Real-time hierarchical risk assessment for UAVs based on recurrent fusion autoencoder and dynamic FCE: A hybrid framework. Appl. Soft. Comput. 2021 , 106 , 22. [ Google Scholar ] [ CrossRef ]
• JARUS. JARUS Guidelines on Specific Operations Risk Assessment (SORA) ; JARUS: Pittsburgh, PA, USA, 2019. [ Google Scholar ]
• Mitici, M.; Blom, H.A.P. Mathematical Models for Air Traffic Conflict and Collision Probability Estimation. IEEE Trans. Intell. Transp. Syst. 2019 , 20 , 1052–1068. [ Google Scholar ] [ CrossRef ]
• Kaya, U.C.; Dogan, A.; Huber, M. A Probabilistic Risk Assessment Framework for the Path Planning of Safe Task-Aware UAS Operations. In Proceedings of the AIAA Scitech 2019 Forum, San Diego, CA, USA, 7–11 January 2019. [ Google Scholar ]
• Shelley, A.V. Ground Risk for Large Multirotor UAVs ; ACADEMIA: San Francisco, CA, USA, 2021; Volume 3, pp. 154–196. [ Google Scholar ]
• la Cour-Harbo, A. Quantifying Risk of Ground Impact Fatalities for Small Unmanned Aircraft. J. Intell. Robot. Syst. 2018 , 93 , 367–384. [ Google Scholar ] [ CrossRef ]
• Liu, Y.; Zhang, X.; Wang, Z.; Gao, Z.; Liu, C.; Teodoro, A.C. Ground Risk Assessment of UAV Operations Based on Horizontal Distance Estimation under Uncertain Conditions. Math. Probl. Eng. 2021 , 2021 , 384870. [ Google Scholar ] [ CrossRef ]
• Primatesta, S.; Rizzo, A.; la Cour-Harbo, A. Ground Risk Map for Unmanned Aircraft in Urban Environments. J. Intell. Robot. Syst. 2019 , 97 , 489–509. [ Google Scholar ] [ CrossRef ]
• Primatesta, S.; Scanavino, M.; Guglieri, G.; Rizzo, A. A Risk-based Path Planning Strategy to Compute Optimum Risk Path for Unmanned Aircraft Systems over Populated Areas. In Proceedings of the 2020 International Conference on Unmanned Aircraft Systems (ICUAS), Athens, Greece, 1–4 September 2020; pp. 641–650. [ Google Scholar ]
• Pang, B.; Hu, X.; Dai, W.; Low, K.H. UAV path optimization with an integrated cost assessment model considering third-party risks in metropolitan environments. Reliab. Eng. Syst. Saf. 2022 , 222 , 108399. [ Google Scholar ] [ CrossRef ]
• Hu, X.; Pang, B.; Dai, F.; Low, K.H. Risk Assessment Model for UAV Cost-Effective Path Planning in Urban Environments. IEEE Access 2020 , 8 , 150162–150173. [ Google Scholar ] [ CrossRef ]
• Su, Y.; Xu, Y. Risk-based flight planning and management for urban air mobility. In Proceedings of the AIAA Aviation 2022 Forum, Chicago, IL, USA, 27 June–1 July 2022. [ Google Scholar ]
• Schopferer, S.; Benders, S. Minimum-Risk Path Planning for Long-Range and Low-Altitude Flights of Autonomous Unmanned Aircraft. In Proceedings of the AIAA Scitech 2020 Forum, Orlando, FL, USA, 6–10 January 2020. [ Google Scholar ]
• Pilko, A.; Sóbester, A.; Scanlan, J.P.; Ferraro, M. Spatiotemporal Ground Risk Mapping for Uncrewed Aircraft Systems Operations. J. Aerosp. Inf. Syst. 2023 , 20 , 126–139. [ Google Scholar ] [ CrossRef ]
• Sivakumar, A.K.; Che Man, M.H.; Low, K.H. Spatiotemporal Population Movement for Ground Risk of Unmanned Aerial Vehicles (UAVs) in Urbanized Environments using Public Transportation Data. In Proceedings of the AIAA Aviation 2022 Forum, Chicago, IL, USA, 27 June–1 July 2022. [ Google Scholar ]
• Zhang, J.; Zheng, Y.; Qi, D.; Li, R.; Yi, X.; Li, T. Predicting citywide crowd flows using deep spatio-temporal residual networks. Artif. Intell. 2018 , 259 , 147–166. [ Google Scholar ] [ CrossRef ]
• Zhang, J.; Zheng, Y.; Qi, D. Deep spatio-temporal residual networks for citywide crowd flows prediction. In Proceedings of the AAAI Conference on Artificial Intelligence, San Francisco, CA, USA, 4–9 February 2017. [ Google Scholar ]
• Jiao, Q.; Liu, Y.; Zheng, Z.; Sun, L.; Bai, Y.; Zhang, Z.; Sun, L.; Ren, G.; Zhou, G.; Chen, X.; et al. Ground Risk Assessment for Unmanned Aircraft Systems Based on Dynamic Model. Drones 2022 , 6 , 324. [ Google Scholar ] [ CrossRef ]
• Ghasri, M.; Maghrebi, M. Factors affecting unmanned aerial vehicles’ safety: A post-occurrence exploratory data analysis of drones’ accidents and incidents in Australia. Saf. Sci. 2021 , 139 , 105273. [ Google Scholar ] [ CrossRef ]
• Sinaga, K.P.; Yang, M.S. Unsupervised K-Means Clustering Algorithm. IEEE Access 2020 , 8 , 80716–80727. [ Google Scholar ] [ CrossRef ]
• WorldPop. Global High Resolution Population Denominators Project—Funded by The Bill and Melinda Gates Foundation (OPP1134076). 2018. [ CrossRef ]
• Dalamagkidis, K.; Valavanis, K.P.; Piegl, L.A. On Integrating Unmanned Aircraft Systems into the National Airspace System: Issues, Challenges, Operational Restrictions, Certification, and Recommendations ; Springer: Berlin/Heidelberg, Germany, 2009. [ Google Scholar ]
• Wu, W.-B.; Ma, J.; Banzhaf, E.; Meadows, M.E.; Yu, Z.-W.; Guo, F.-X.; Sengupta, D.; Cai, X.-X.; Zhao, B. A first Chinese building height estimate at 10 m resolution (CNBH-10 m) using multi-source earth observations and machine learning. Remote Sens. Environ. 2023 , 291 , 113578. [ Google Scholar ] [ CrossRef ]
• Petritoli, E.; Leccese, F.; Ciani, L. Reliability and Maintenance Analysis of Unmanned Aerial Vehicles. Sensors 2018 , 18 , 3171. [ Google Scholar ] [ CrossRef ] [ PubMed ]
• Dalamagkidis, K.; Valavanis, K.P.; Piegl, L.A. Evaluating the risk of unmanned aircraft ground impacts. In Proceedings of the 2008 16th Mediterranean Conference on Control and Automation, Ajaccio, France, 25–27 June 2008; pp. 709–716. [ Google Scholar ]

Click here to enlarge figure

Share and Cite

Zhou, S.; Liu, Y.; Zhang, X.; Dong, H.; Zhang, W.; Wu, H.; Li, H. Risk Assessment and Distribution Estimation for UAV Operations with Accurate Ground Feature Extraction Based on a Multi-Layer Method in Urban Areas. Drones 2024 , 8 , 399. https://doi.org/10.3390/drones8080399

Zhou S, Liu Y, Zhang X, Dong H, Zhang W, Wu H, Li H. Risk Assessment and Distribution Estimation for UAV Operations with Accurate Ground Feature Extraction Based on a Multi-Layer Method in Urban Areas. Drones . 2024; 8(8):399. https://doi.org/10.3390/drones8080399

Zhou, Suyu, Yang Liu, Xuejun Zhang, Hailong Dong, Weizheng Zhang, Hua Wu, and Hao Li. 2024. "Risk Assessment and Distribution Estimation for UAV Operations with Accurate Ground Feature Extraction Based on a Multi-Layer Method in Urban Areas" Drones 8, no. 8: 399. https://doi.org/10.3390/drones8080399

Article Metrics

Article access statistics, further information, mdpi initiatives, follow mdpi.

Subscribe to receive issue release notifications and newsletters from MDPI journals