IBM OpenPages IT Governance with RiskLens

IBM OpenPages® IT Governance includes an integration with the cyber risk quantification analysis platform RiskLens.

Within the RiskLens platform, users record the assets and threats to include in scenarios, and then populate these objects in accordance with the FAIR (Factor Analysis of Information Risk) method by using data helpers that are provided in RiskLens for guidance.

In OpenPages, users specify the risks to send to RiskLens for inclusion within a risk assessment in RiskLens. An OpenPages object can be associated to one or more scenarios within RiskLens.

In RiskLens, Monte Carlo simulations are performed on the risks and results are generated.

When the scheduled job in OpenPages runs, the loss exposure metrics that were generated by the Monte Carlo simulations are pulled into OpenPages for use throughout the application.

The scheduled job in OpenPages also pulls updated data from RiskLens when risk assessments are modified in RiskLens.

Prerequisites

To use the connector, you must meet the following prerequisites:

You must have a RiskLens subscription. Work with RiskLens to set up access. For more information, contact RiskLens.
You must install the RiskLens connector. For more information, contact IBM® OpenPages Support.

Setting up the integration with RiskLens

To set up the integration, you need to do the following tasks:

Import an SSL certificate. See Importing a certificate for RiskLens into the local truststore.
In RiskLens, create Assets, Threats, and Scenarios by using data helpers.
Configure the integration. See Configuring the RiskLens connector.

When the RiskLens job runs, it does the following tasks:

Identifies risk objects in OpenPages that have the Perform Risk Analysis field set to Yes and sends them to RiskLens.
If a risk assessment does not exist in RiskLens for the risk, the job creates one.
- The Assessment Name in RiskLens is populated with the Risk Name and the Resource ID of the Risk.
- The Assessment Purpose field in RiskLens is populated with the Description field from the Risk object.
- The Risk Status field on the risk object is set to Awaiting Analysis.
For risk assessments that are associated with scenarios in RiskLens where a Monte Carlo simulation has been run and the status of the risk assessment is Current, the RiskLens job does the following steps:
- Retrieves the loss exposure metrics that were generated from the simulation and stores them in fields within the OPSS-RiskLens field group.
- The Request State is changed to Assessment Received.
- The Analysis Last Run field is updated with the last date that the risk object was updated.
- The Scenarios field is populated with the names of the scenarios that were analyzed within RiskLens.
If risk assessment results are not yet available for a risk, the Request Status field on the risk object is Awaiting Analysis.

Notes

If you change the Description field of a risk in OpenPages, the Assessment Purpose field in RiskLens is not updated. But you can update the field by using the RiskLens web client.

Similarly, if you edit the Assessment Purpose field in RiskLens, the Description field in OpenPages is not updated automatically. But you can edit the Description in OpenPages.

If you delete either the risk object in OpenPages or the Risk Assessment in RiskLens, note the following points:

The job continues to run successfully. But the link between the risk and the risk assessment no longer exists. No data will be pushed or pulled for the risk or risk assessment.
No notifications are sent when a risk or risk assessment is dropped.

Using a different object type with RiskLens

By default, the integration is set up for the Risk object type. But you can use other object types.

Add the OPSS-RiskLens field group to the object.
Add that object to the Object Types field in the job configuration.
Reset the priority of the RiskLens views so that they take priority for the object type. Or, create new views that include the OPSS-RiskLens field group.