ALVAO Asset Management Cybersecurity and Risk Management
The Cybersecurity and Risk Management module is a security package in ALVAO designed to help Security Managers visualize infrastructure risks. It introduces sophisticated automation for calculating the Risk level score, allowing you to identify specific threats and vulnerabilities that require immediate attention.
Technical requirements
- ALVAO Asset Management
- ALVAO Configuration Management module
Operation
The Cybersecurity Library
To simplify the initial setup, the system provides a pre-configured Cybersecurity (or Risk Management) folder within the object tree.
- Pre-defined Objects - This folder includes a library of the most common industry Threats and Vulnerabilities.
- Established Relations - Threats and vulnerabilities are already linked (e.g., Threat -> Vulnerability) to save time during configuration.
- Standardized Templates - Using these templates ensures all required properties for risk calculation are available immediately.
Setting Up Automatic Calculations
To activate the automated risk scoring, follow these implementation steps:
1. Assign Security Properties
Your assets (Primary, Aggregate, or Supporting) must have the following system properties assigned:
- Confidentiality, Integrity, and Availability - Numeric values on a scale of 1 to 4.
- Total Asset Value - A system-calculated property representing the asset's importance, derived as the average of the three parameters $(C + I + A) / 3$.
2. Link Assets to Vulnerabilities
As a user, you only need to connect your real-world assets to the vulnerabilities found in the security library:
- Create a relation - Vulnerability -> Asset (using the Exposes / Is exposed by relation type).
- Set the Probability of vulnerability being exploited custom field on this relation.
3. Automated Risk Assessment
Once these links are established, thehe system automatically performs the following:
- Creates a direct Threatens -> Is threatened by relation between the relevant Threat and the Asset.
- Calculates the Risk level custom field for that specific threat-asset relation.
- Updates the overall Risk level property on the Asset object based on the highest risk identified.
Guidance for Existing Customers
If you already have a defined infrastructure in ALVAO, you can leverage your current relations between primary and supporting assets for security calculations without recreating them.
How to reuse existing relations:
- Navigate to Administration – Asset Management – Object relation types.
- Edit the desired directional relation type (e.g., Is used by / Uses).
- Enable the setting - Determines parameters of cybersecurity.
Risk Level Reference
The Risk level is calculated as the product of threat occurrence likelihood, vulnerability exploitation probability, and the asset's total value:
Risk Level = Threat Likelihood * Vulnerability Exploitation Probability * Total Asset Value
The numeric result is mapped to the following categories:
| Score Range | Risk Level |
|---|---|
| 1.0 – 16.0 | Low |
| 16.1 – 31.0 | Medium |
| 31.1 – 47.0 | High |
| 47.1 – 64.0 | Critical |
All changes are logged in the Object Log as system updates, allowing you to distinguish between manual edits and automated risk adjustments.