Bowtie Configuration Requirements

Component Requirements

The Bowtie model consists of four components, which must all be present in your system:

• Risk
• Threat
• Consequence
• Control

If any of these components are not already present in this structure, they will need to be manually configured.

Configuration Mapping

In addition to requiring components in a specific structure, the Bowtie system requires a number of other fields, relationships, list views and lookup items to be in place – the requirements are detailed in the bowtie-mapping.txt file. If not already existing, these items must be manually configured.

Once all the required configuration is in place, the bowtie-mapping.txt file must be updated with the IDs of the configuration items, so that the Bowtie canvas can adapt to this specific configuration.

Customers starting from Standard Configuration v2019.2 will not need to perform any mapping, because the default configuration items will all already be in place.

The configuration mapping is performed in the file bowtie-mapping.txt, which typically is located under the folder <Drive>:\SAI360\config\.

Follow these steps:

1. Open the bowtie-mapping.txt file, which contains a complete list of all required attributes, including some explanatory comments.
2. In the SAI360 system, identify the Components, Fields, Relationships and Forms that should be remapped to the items listed in the bowtie-mapping.txt file.
3. Find the UniqueIDs, and if applicable the BMS_IDs in the destination database. This is typically done through the "Rocket Surgery" area in the Designer menu.

   NOTE:
   Mapping the "Bowtie Image" relationship is done slightly differently to most other configuration mapping.

   To identify the correct UniqueId, locate the Bowtie Image "Reference Data Field" in Rocket Surgery.

   To identify the correct BMS_ID, from the Bowtie Image "Reference Data Field" in Rocket Surgery, in the "Uses" section, open the [DBFileType] link. The ID to use is identified in the "FieldId" field at the bottom of the form.

4. In the bowtie-mapping.txt file, ONLY update the corresponding UniqueIDs and BMS_IDs to the RIGHT of the arrow: ->.
   All other values must remain unchanged.
5. Once done, save the file, and restart Tomcat.
6. During publish, and the initial use of the Bowtie keep an eye on the log files to identify any potential mapping errors.

Auto-save Image of Bowtie as File Attachment

One of the required fields is an image field on the "Risk" component. The system will auto-save an image of the Bowtie every time changes are made to a Risk record (i.e. this image will always be up-to-date) so that the image can be used in BI Reports for example.

Adding Subtitles to the Header of the Bowtie Canvas

Out of the box, the Bowtie canvas shows the mapped Risk Description field as the Header Line (along with the form’s Auto-Number). However, if more information is required, up to 3 additional subtitles can be added

This can be achieved by adding UniqueIds and BMS_IDs of the required fields to the RHS in the optional lines of the bowtie-mapping.txt

Configuring a List View to open Risks directly in the Bowtie Canvas

Any Risk can be viewed in a Bowtie canvas by opening the record in the normal Risk form and selecting "Bowtie" from the Wrench menu. However, to be able to create new Risks directly from the Bowtie canvas or open Risk records on the Bowtie canvas directly from a list view, a Risk List View, (based on your mapped Risk component) must be configured to have its "Detail Form" Field set to the "Bowtie Canvas".

1. Open the List View Designer
2. Filter to only show the List Views for the Risk Register (or the Component you mapped to Risk).
3. Select the view of your choice.
4. Update the Detail Form Field to Bowtie Canvas.
5. Save, Publish and restart Tomcat.