# Creating your first risk assessment

1. Firstly, we need to import some external objects before starting our risk assessment: a **matrix**, **threats** and **reference controls**.
2. We can create the **risk assessment**, and let's take a look inside.
3. We find three parts: details about the assessment, the list of associated risk scenarios and the risk matrix view.
4. Let's add the first **scenario** and do the current assessment of it.

{% hint style="warning" %}
You can see that I didn't find the threat I was looking for in the imported library, so I decided to create my custom threat.
{% endhint %}

1. From now on, you won't necessarily follow the same steps depending on your needs. In this example I choose to mitigate the scenario by creating an **applied control** for it.
2. We go back in the scenario edit view, add the freshly created applied control, do the **residual assessment** and choose a strength of knowledge level.

{% hint style="info" %}
As you can see, back in the risk assessment view, the current and residual scenario were added in matrix views with a diamond to indicate the strength of knowledge. To find out more about this concept, take a look at the [Risk analysis introduction](https://www.sra.org/risk-analysis-introduction/) from the [Society of Risk Analysis](https://www.sra.org/).
{% endhint %}

Congratulation! 🎉 If you followed the three last pages, you have just created your first assessments on CISO Assistant! The following section will show you how to use our management tools 🔎

[<br>](https://intuitem.gitbook.io/ciso-assistant/guide/creating-your-first-audit)

<br>