Migration to new frontend

Thank you for being so patient! This has been a long stretch of work, but we are thrilled to announce that we have started migrating customer data to our new front end: https://app.dir.ai.

The entire Diri application has undergone updates, bringing significant changes: IT Systems and Vendors now play a pivotal role in risk assessment, while customisable lists and managed tables offer enhanced flexibility. Improvements in risk assessment tools streamline workflows and visualisation, alongside enhancements in speed, security, and Google Single Sign-On (SSO) support.

The new version introduces an improved risk assessment work surface with visualising the bowtie risk analysis and a risk register view of all the risks.

IT systems and vendors are central in the new privacy functionality of the tool, where you can register your data processing activities, determine if you need a data privacy impact analysis (DPIA) using our pre-DPIA, and conduct the DPIA itself.

Furthermore, we have introduced improved security through our role-based access control, which, together with the managed tables lets you manage large amounts of users with ease.

The SmartDiri prototyping project funded by the EU’s Horizon 2020 fund will soon be finished. We are happy to report that we, together with our partners in Homesourcing AS, have a functioning prototype of the AI. So, expect to see the SmartDiri icon pop up in the bottom right corner over the summer.

There are still many things to develop and improve, but we are thrilled that we finally can offer you a new front end! Click on the feedback button in the app and let us know what you think!

Important Information for existing customers

·       Once you're migrated we will set the old production environment as read-only for your company to prevent integrity issues.

·       The app comes with default owner (admin) and contributor (user) roles. If you have custom roles from before, these should be created anew; we will assist you with this process.

·       We are unable to retain some data, such as:
- Risk assessment participants for the registration step in each risk assessment.
- Custom fields on users, treatments, and systems in the settings.

·       We have launched a new API, which requires an update of existing integrations.

·       The Diri helper will disappear for now and has been replaced with forms and upcoming tooltips in several places. We are working to reintroduce the Diri helper as a smart adviser further down the line with more dynamic advice.

Summary of Changes

This is a bullet-point summary of the changes we have made. Several of them are described in greater detail further down in the document.

New Wiki Coming Soon

One key change: https://hjelp.diri.no has been taken offline, and the technical help and documentation are currently being moved to our new self-hosted wiki. Once up and running, the link in our app will be updated and directed to https://helpdesk.diri.ai

Feedback Button and Voting Page

The Feedback button for Diri is available inside the app to the right. You can also visit our feedback page directly at https://diri.sleekplan.app/  Here you can register feature requests and bugs, and contribute to prioritising our development process.

Generic Features

·       New main menu items: IT Systems and Vendors

·       Customisable lists and advanced tables with editing capabilities

·       Risk Assessment Updates

Updated risk assessment workflow and GUI

·       New ways to start a risk assessment

·       New risk assessment type: "Asset"

·       Asset evaluation improvements

·       Multiple effects per treatment

·       Comment field on treatments

·       Table view for risk assessments

·       GDPR Functionality

Privacy features

·       Register Data processing activity

·       Data Privacy Impact Assessment

·       Pre-DPIA / Threshold analysis

·       Improvements

Layout and GUI standardisation

·       Improved speed and performance

·       Easier onboarding

·       Support for Google SSO

·       Improved Role-based Access Control (RBAC)

·       Latest events log

·       API upgrade

·       Diri control matrix with aggregated data for the main dashboard

·       Search and filtering of all lists

SmartDiri being introduced

Our EU-funded SmartDiri project is coming to an end and the prototype ChatBot will appear down in the right corner of the app. The bot is currently based on Azure OpenAI and is planned to generate items for our users through dialogue.

Risk Assessment Updates

Delivering a great risk assessment tool is our number one priority. We are retaining most of the current functionality and adding the following new features and updates to the risk assessment process:

·       Update risk assessment workflow and GUI

·       New risk assessment type: "Asset"

·       Asset evaluation improvements

·       Visualisation of the bowtie

·       Updated risk assessment GUI

·       Multiple effects per treatment

·       Comment field on treatments and tasks

·       Table view for risk assessments (BETA version)

·       New ways to start a risk assessment (Coming soon)

Generic Features

New main menu items: IT Systems and Vendors

IT systems and Vendors are crucial in cybersecurity and are now the main menu items in Diri. Maintaining an IT system overview is crucial in cybersecurity to understand digital risks. These IT systems have suppliers, and a comprehensive vendor overview ensures a clear understanding of third-party software or services used. This represents a first step in assessing vendor and supply chain risks, which we will add as part of our NIS2 compliance package. In the first version, you can choose from the IT systems when you conduct a risk assessment.

Improvement of list functionality

"Deliver a flexible application" has been the feedback from many of our customers and other stakeholders. This is why we are introducing managed tables throughout the application, meaning that you can decide which data to show in each column. You can now add, edit, and remove directly into the list. This functionality is implemented throughout the application.

Diri control matrix with aggregated data

The Diri control matrix is now available in your main dashboard to summarise all treatments available in your organisation. A great tool for auditing the current security posture! This will be improved even more in our upcoming dashboard overhaul.

Notification bell for tasks and treatments (BETA)

The bell has been added in the top right corner to help you find tasks and treatments that generate notifications. This feature will likely be inactive in the first release.

Improvements

Improved speed and performance

We have finally solved our technical bottleneck, which caused performance issues, especially when browsing long lists. The root cause of the problem was the previous RBAC, which has been exchanged with updated components.

Easier onboarding

The self-onboarding process has been improved for both new and existing customers. The application now supports both professional/organisational and private accounts.

Support for Google SSO

The application now supports Google SSO as well as Microsoft SSO for enabling multifactor authentication.

Improved Role-based Access Control (RBAC)

The existing RBAC is exchanged in its entirety, making it more robust, flexible, and secure. However, this means that we will not be able to migrate custom roles from today's production environment. We at Diri will do our best to mitigate this problem for our customers.

Latest events log

The latest events blog has been updated and has a high level of integrity. The application is also quicker, allowing faster searching and browsing in the list.

API upgrade

The app is even more integratable with most variables available through our API. Most of the data in the application can now be reached via the API. A link to the updated documentation will be available both in the app and in the new technical documentation.

Under Development and Roadmap

Building a great web app is a continuous process. Several features are finished, some are under development, and others are upcoming. We are continuously working on app quality and bug fixes.

Table risk assessment (risk register view). The below picture shows a screenshot of the risk register. You can work in this table (adding and updating) in the upcoming version, both in the risk assessment and in the risk register. (Estimated end of June)

Risk assessment work surface is being improved to clarify relationships between items. (Estimated end of June)

Dashboard overhaul with new tiles and appearance, together with drill down functionality. (Estimated end of June)

Update the risk matrix to ease reporting. Diri now tags each risk with an ID for reporting, and this can be tracked in the risk matrix and the dashboard. (Estimated end of June)

Customisable Report generator integrated into both the main dashboard and risk assessments. The designer is planned to allow for headlines, text, and re-use of dashboard cards to design and save reports. (Estimated end of August)

Copy and re-use functionality, together with improved template functionality. The plan is to offer ready templates for you to start from. (Estimated end of July)

Archiving of objects. For objects, such as risk assessments, processing activities, and treatments, that are no longer in use, which you wish to archive. (Estimated end of July)

Files repository. Diri will allow for file upload on different objects, together with a file archive. (Estimated end of July)

Tasks are being changed into a plan disc and Kanban approach to facilitate repetitive tasks. This functionality will allow you to schedule regular security tasks, such as awareness training, risk assessment updates, security policy revisions, etc… into a yearly plan disc.

Additional functionality is the survey

·       Survey is being improved

·       Table export

Tags:
Company
Diri
Cyber Security
The tool
Published: 
7.6.2024