The tool
Diri has a groundbreaking methodology and software for risk management of cyber security.
Diri is the best tool on the market for risk analysis and controlling cyber security. The tool is research-based, and it has years of hands-on experience from risk analyses incorporated. Innovation in risk management tools has been low in the last years, and sheets in Excel are the most used. In several cases, companies have prepared the analysis in Excel and then brought it into the risk management tool. Diri will help you start at the right end and gather everything in one place.
Features

Risk dashboard
Get a complete overview of your aggregated risk picture with our customisable dashboard. Choose from over 20 dashboard cards with relevant statistics for your security management. Track your company risks, work progression, and much more.

Risk assessment
Our state-of-the-art risk assessment method provides a streamlined, easy-to-use, and high-quality approach to cybersecurity. The Diri risk assessment consists of five easy-to-follow steps and is a novel and user-friendly implementation of the Bow-Tie risk analysis.

Risk treatment plan
Use the novel Diri cost-benefit analysis to find your ICT systems’ most cost-efficient risk treatments. Delegate treatments and deadlines to users and track the implementation progress.

Risk reporting
Use Diri to print ready-to-deliver risk assessment reports. You can also tailor roles to access reports in Diri or simply use data from the app in your own reports.

Data export and import
Import your existing ICT system portfolio into Diri to get started quickly. Export data about your portfolio or specific risk assessments.

Risk, asset, and treatment registries
Are you wondering where your most crucial risks are located? Or where the personally identifiable information is stored? No worries, Diri provides comprehensive and searchable risk, asset, and treatment registries.

Collaborate on risk assessments
Risk assessments are teamwork! Collaborate in the workshop format or de-centralised using Diri to produce high-quality assessments. Add co-owners and invite others to help with your risk assessment simultaneously.

Survey
Tailor your surveys and gather data with the survey tool embedded in Diri. You can design your questionnaires or risk analysis approach using the survey tool.

Tasks
Need a specific task done? Use tasks to manage your security processes by creating and assigning responsibility for conducting tasks such as risk assessment, filling out a survey, or other activities.

Copy, re-use, and share
Diri is all about simplifying your work processes. You can copy whole existing risk assessments to new places and re-tailor them. The copy function allows you to configure which parts to copy such that sensitive information doesn’t go astray.

Diri control matrix
Conduct security audits like never before with the Diri control matrix! It is an innovation that lets you visualise your security controls for in-depth security analysis. The control matrix allows for drill-down and adds significant transparency to your security evaluation.

Rest API
Do you already have existing ticketing or business management system? No problem; Diri is built for data import and export and easily integrates into existing systems through Rest API.

The work process

Diri adds a streamlined and user-friendly process to accomplish the evaluation of risks. The process is based on best practice ISO27005 and research from NTNU is used to design the content of the tool.
Diri uses system mapping as the entrance to risk management but is not limited to this. You can assign ownership to systems and tasks in system mapping with automatic follow-up. The steps in each system are to:
- Registrate important details about the system
- Map and value the information in the system
- Risk assessment of the system
- Review and prioritisation of measures
- Sign and approve the risk assessment
The user can set the revision time on the completed assessments, and Diri will notify him when it’s time to update the assessment. The streamlined process makes it easier to merge the results for reporting.

Risk assessment in Diri

Have you ever had to repeat the same risk or cause several times because of different consequences? So have we. The Excel sheet gets far too long, and the same measures must be repeated for other risks. Or maybe you had to write a lengthy report based on the results from a workshop? We have solved these problems in an elegant matter!
Focusing on developing a tool that works on its own, in cooperation with others, and for analyses in a workshop gives a device with everything in one place and an easy way to create reports.
Risk assessment in Diri is based on Bowtie-analyses, which means you build a big and complex model with causes and consequences for an unwanted incident. But making one model after another will not be enough in a complex world as cyber security is, where an attack can lead to several events, and the measurements will affect both events and systems. Diri has, therefore, further developed the Bowtie method to the state-of-the-art by making it as user-friendly and time-saving as possible.
We are sure that the Diri risk assessment tool is the best in the market.

Dynamic cost-benefit analysis in Diri

The action plan is an essential part of the risk assessment work since it describes what needs to be done to achieve an acceptable level of risk.
Diri has used many resources to make a dynamic and straightforward action plan that summarises the measurements directly from the risk assessment. The action plan is based on evaluations of how much it will cost to implement a new treatment and the benefit of how it’s affecting the risk. This allows you to experiment with measurements to find the best solution possible, your budget considered.


Adhere to NSM Basic Principles with Diri

You can easily adhere to NSM Basic Principles of Safety Management (NSM Grunnprinsipper) with Diri! NSM (Norwegian National Security Authority) has published the Basic Principles for ICT Security. A framework that’s considered best practice for basic safety mechanisms that most Norwegian companies should have in place. They have also published several basic principles. We believe that the most important document among these is Basic Principles for Safety Management (GFS), as it forms the basis for all other safety work and sets the proper context for the business.
ISO27005 is the industry standard for risk management of information security, and the experienced security expert quickly sees that the activities in GFS are closely linked to the workflow in ISO27005. This suits us in Diri well with our ISO27005 support. We do not describe the requirements from NSM in detail, but we discuss how you can meet the needs by using Diri. We refer to NSM’s original document to see the requirements in full.
You can also read an article about this in our community (in Norwegian).

Diri security

Diri provides Software as a Service (SaaS) products to our users to solve their business problems. Security is a key component in our offerings and reflects our people, process, and products. Read more about how we offer security to our customers.
Video of the tool

Take a look at the features in Diri in this video.

Get the best tool
Diri has a groundbreaking methodology and software for risk management of cyber security. Get the best tool in the market – try Diri.