Security Objectives ~~~~~~~~~~~~~~~~~~~~~~~ The security objectives module is a self-assessment tool used to evaluate security objectives and provide evidence of the security measures in place. In this chapter, you will learn which functionalities are available for a **Regulator Admin** to configure the system, enabling **SERIMA** users to use this functionality on the platform. Domains ^^^^^^^^^^^^^^^^^^^^^ Click the **Domains** link to go to the **Select Domain to change** screen. On this screen, you can check what kind of domains have been set up. You can add new domains either by clicking the **Add** link in the **Security Objectives** section on the left, or by using the **Add Domain** button in the top right-hand corner. .. figure:: ../_static/regulator_admin_images/Reg_Admin_45.png :alt: Select Domain to change :target: /_static/regulator_admin_images/Reg_Admin_45.png The domains are displayed in a table with the following columns: **Position, Label**, and **Creator**. You can delete or export selected domains by using the Actions dropdown menu and choosing the relevant option. You can also use the Import and Export buttons in the top right-hand corner of the screen. You can view existing domains by clicking the corresponding number in the **Position** column. In the **View Domain** screen, you can see the **Position** and **Label** of the selected domain and review its history, if available. .. figure:: ../_static/regulator_admin_images/Reg_Admin_46.png :alt: View Domain :target: /_static/regulator_admin_images/Reg_Admin_46.png Email templates ^^^^^^^^^^^^^^^^^^^^^ Click the **Email templates** link to go to the **Select Email template to change** screen. On this screen, you can check what kind of email templates have been set up. You can add new email templates either by clicking the **Add** link in the Security Objectives section on the left or by using the **Add Email template** button in the top right-hand corner. .. figure:: ../_static/regulator_admin_images/Reg_Admin_47.png :alt: Select Email template to change :target: /_static/regulator_admin_images/Reg_Admin_47.png The email templates are displayed in a table with the following columns: **Name, Subject, Content**, and **Creator**. You can delete or export selected email templates by using the **Actions** dropdown menu and choosing the relevant option. You can view existing email templates by clicking the relevant name of the template in the **Name** column. In the **Change Email template** screen, you can see the details of the email template: its **Name, Subject**, and **Content**. .. figure:: ../_static/regulator_admin_images/Reg_Admin_48.png :alt: Change Email template :target: /_static/regulator_admin_images/Reg_Admin_48.png When creating a new email template, you can **Save, Save and add another, Delete**, and **review*/ the template’s history, if available. Maturity levels ^^^^^^^^^^^^^^^^^^^^^ Click the **Maturity levels** link to go to the **Select Maturity level to change** screen. On this screen, you can check what kind of maturity levels have been set up. You can add new maturity levels either by clicking the **Add** link in the **Security Objectives** section on the left or by using the **Add Maturity Level** button in the top right-hand corner. .. figure:: ../_static/regulator_admin_images/Reg_Admin_49.png :alt: Select Maturity level to change :target: /_static/regulator_admin_images/Reg_Admin_49.png The maturity levels are displayed in a table with the following columns: **Level, Label**, and **Creator**. You can delete or export selected maturity levels by using the **Actions** dropdown menu and choosing the relevant option. You can also use the **Import** and **Export** buttons in the top right-hand corner of the screen. You can view existing maturity levels by clicking the corresponding number in the **Level** column. In the **View Maturity level** screen, you can see the **Level** and **Label** of the selected maturity level and review its history, if available. .. figure:: ../_static/regulator_admin_images/Reg_Admin_50.png :alt: View Maturity level :target: /_static/regulator_admin_images/Reg_Admin_50.png When creating a new maturity level, you can **Save, Save and add another**, or **Save and continue editing** the selected maturity level. .. figure:: ../_static/regulator_admin_images/Reg_Admin_51.png :alt: Add Maturity level :target: /_static/regulator_admin_images/Reg_Admin_51.png Security Measures ^^^^^^^^^^^^^^^^^^^^^ Click the **Security Measures** link to go to the **Select Security Measure to change** screen. On this screen, you can check what kind of security measures have been set up. You can add new security measures either by clicking the **Add** link in the **Security Objectives** section on the left or by using the **Add Security Measure** button in the top right-hand corner. The security measures are displayed in a table with the following columns: **Security Objective, Position, Description**, and **Creator**. You can delete or export selected security measures by using the **Actions** dropdown menu and choosing the relevant option. You can also use the Import and Export buttons in the top right-hand corner of the screen. .. figure:: ../_static/regulator_admin_images/Reg_Admin_54.png :alt: Select Security Measure to change :target: /_static/regulator_admin_images/Reg_Admin_54.png You can view existing security measures by clicking the corresponding link in the **Security Objective** column. In the **View Security Measure** screen, you can see the form number and description of the **Security objective**, the **Maturity Level**, and the **Position**, where the measure is assigned to: .. figure:: ../_static/regulator_admin_images/Reg_Admin_54.png :alt: View Security Measure :target: /_static/regulator_admin_images/Reg_Admin_54.png On the Security Objectives forms, you can set the **Maturity Levels** and their corresponding **Security Measures**. For example, on the first form (named **NIS_D_SO01**), you configure the following security objectives with positions ranging from 0 to 5: .. figure:: ../_static/regulator_admin_images/Reg_Admin_52.png :alt: Select Security Measure to change :target: /_static/regulator_admin_images/Reg_Admin_52.png These security measures appear on the user interface (in the **Security Objectives module**) on the first form with the corresponding maturity levels and descriptions (circled in red): .. figure:: ../_static/regulator_admin_images/Reg_Admin_53.png :alt: Select Security Measure to change :target: /_static/regulator_admin_images/Reg_Admin_53.png As a **Regulator Admin**, you can create as many security objectives and security measures as needed. The **SERIMA** platform provides the flexibility to design workflows and their content according to your needs. Security Objectives ^^^^^^^^^^^^^^^^^^^^^ Click the **Security Objectives** link to go to the **Select Security Objective to change** screen. On this screen, you can check what kind of security objectives have been set up. You can add new security objectives either by clicking the **Add** link in the **Security Objectives** section on the left or by using the **Add Security Objective** button in the top right-hand corner. The security objectives are displayed in a table with the following columns: **Unique Code, Objective, Description, Domain**, and **Creator**. You can delete or export selected security objectives by using the **Action** dropdown menu and choosing the relevant option. You can also use the **Import** and **Export** buttons in the top right-hand corner of the screen. .. figure:: ../_static/regulator_admin_images/Reg_Admin_57.png :alt: View Security Objective :target: /_static/regulator_admin_images/Reg_Admin_57.png When a user creates a **Security Objective** entry, they must complete a series of questions spread across multiple forms. The first form requires the name of the evaluation framework, followed by the question identifier, which consists of **NIS**, the abbreviation **SO** (Security Objectives), and a two-digit question number (for example, **01**). Combined, this results in an identifier such as **NIS_D_SO01**. Beneath that, you can read the description of the objective (highlighted in yellow in the screenshot below). .. figure:: ../_static/regulator_admin_images/Reg_Admin_58.png :alt: View Security Objective :target: /_static/regulator_admin_images/Reg_Admin_58.png The same information can be seen in the **Select Security Objective to change** screen if you log in as a Regulator Admin: .. figure:: ../_static/regulator_admin_images/Reg_Admin_59.png :alt: Select Security Objective to change :target: /_static/regulator_admin_images/Reg_Admin_59.png You, as a **Regulator Admin**, can build as many questions as needed to set up your security objective questionnaire in the **SERIMA** system. Standards ^^^^^^^^^^^^^^^^^^^^^ Click the **Standards** link to go to the **Select Standard to change** screen. On this screen, you can check what kind of standards have been set up. You can add new standards either by clicking the **Add** link in the **Security Objectives** section on the left or by using the **Add Standard** button in the top right-hand corner. The standards are displayed in a table with the following columns: **Label, Description**, and **Regulator**. You can delete or export selected standards by using the **Action** dropdown menu and choosing the relevant option. You can also use the **Import** and **Export** buttons in the top right-hand corner of the screen. .. figure:: ../_static/regulator_admin_images/Reg_Admin_60.png :alt: Select Standard to change :target: /_static/regulator_admin_images/Reg_Admin_60.png You can view existing standards by clicking the corresponding link in the **Label** column. On the **View Standard** screen, the standard’s details are displayed, with general information shown at the top and the associated security objectives listed at the bottom. .. figure:: ../_static/regulator_admin_images/Reg_Admin_61.png :alt: View Standard :target: /_static/regulator_admin_images/Reg_Admin_61.png