1. CYSM RISK ASSESSMENT TOOLKIT PROCEDURES I David Calduch Project Manager Port planning and Development Dept. VALENCIAPORT FOUNDATION

2. 1.CYSM RISK MANAGEMENT PROCEDURE. 2.ADMINISTRATIVE FUNCTIONS AND PROCEDURES. 3.MANAGEMENT FUNCTIONS AND PROCEDURES 4.RISK ASSESSMENT FUNCTIONS AND PROCEDURES

3. 1. CYSM RISK MANAGEMENT PROCEDURE

4. What is CYSM Platform? Users categories: Administrator Risk Assessment Administration General users. Type of users Information Security Officer Managers of Departments Employees of Departments 1. CYSM Risk Management Procedure

5. Risk Assessment Administration 1. CYSM Risk Management Procedure Administrator Organizational Calendar Management Configure Organization Structure Configure Risk Assessment Elements

6. 2. ADMINISTRATIVE FUNCTIONS AND PROCEDURES

7. Administrator Organizational Calendar Management Configure Organization Structure Configure Risk Assessment Elements 2. Administrative Functions and Procedures

8. 8 Organizational Calendar Management Main Options Add New Risk Assessment View Completed Risk Assessments Apply Standards Invite Involved Departments Define applied Sections (ISO27001) Define Level of appliance (ISPS) Define applied Subsections Next Slide 1 st Level Activities 2 nd Level Activities Statement of Applicability 2. Administrative Functions and Procedures

9. 9 Organizational Calendar Management Main Options Add New Risk Assessment View Completed Risk Assessments Apply Standards Invite Involved Departments Previous Slide Definition Departments / Third Parties (names) Applied Managers (names) Applied Employees (names) 1 st Level Activities 2 nd Level Activities Organizational CHART 2. Administrative Functions and Procedures

10. Administrator Organizational Calendar Management Configure Organization Structure Configure Risk Assessment Elements 2. Administrative Functions and Procedures

11. Configure Organizational Structure Main Options Configure Internal Departments Configure Third Trusted Parties Add / Edit / Delete Entities (Deps & TTPs) Entity Configuration Entity – (Sub)Section Relation Weight of Entity on (Sub)Section Add / Edit / Delete Entity Managers Add / Edit / Delete Entity Employees Weight of Personnel on (Sub)Section 1 st Level Activities 2 nd Level Activities View

12. Administrator Organizational Calendar Management Configure Organization Structure Configure Risk Assessment Elements 2. Administrative Functions and Procedures

13. Configure Risk Assessment Elements Main Options (Configure Assets)* Configure Vulnerabilities Configure AllView Map Assets to Assets’ Categories Map list of Vulnerabilities to Threats 1 st Level Activities 2 nd Level Activities Configure Threats Configure Countermeasures Configure Assets’ Categories Add / Edit / Delete Map Threats to Standard (Sub)Sections* Map Vulnerabilities to Standard (Sub)Sections* Map Countermeasures to Standard (Sub)Sections* Define a Scale of appliance on Countermeasure Map list of Threats to Assets’ Categories Map list of Countermeasures to Vulnerabilities

14. CYSM RISK ASSESSMENT TOOLKIT PROCEDURES I David Calduch Project Manager Port planning and Development Dept. VALENCIAPORT FOUNDATION