Cybersecurity and risk management processes in organisations are often fragmented. Information is spread across various tools and documents, leading to a scattered – or worse, invisible – view of the real situation. A key solution to the problem lies in the use of relations: structured links that connect all relevant elements into a cohesive whole.
Granite’s ability to build and utilise relations between different elements is far more than a technical feature. It represents a paradigm shift, a mindset of creating structured links that support comprehensive management. When requirements, risks, incidents, and continuity plans are not isolated but interlinked, the result is a dynamic and responsive risk management model.
“Relationships are not just a technical capability. They’re a way of thinking – a way to lead cybersecurity with information.”
Structures That Communicate
Granite’s platform allows for the creation of connections between all core elements. For example, a security risk can be linked to a specific NIS2 requirement, an incident, or an operational asset from the organisation’s asset inventory. This creates a shared context: when one element changes, the ripple effects are visible across the system.
In practice, if a new incident is logged, the tool prompts the user to assess whether it relates to an existing risk. If it doesn’t, a new risk may need to be identified. If it does, it opens the door to reviewing the adequacy of the current mitigation measures. This connected thinking fosters continuous learning and improvement.
“If there are numerous incidents related to something that isn’t on your risk list, you haven’t identified your risks thoroughly enough,” notes Teppo Kattilakoski, CEO of Granite.
Supporting Risk-Based Thinking
Laws such as the NIS2 Directive – and its national implementations like the Finnish Cybersecurity Act – introduce mandatory requirements. However, applying these in practice always depends on each organisation’s risk profile. That’s why building relations between data elements is so crucial. It helps determine which requirements are most critical and what controls are necessary for different risk levels.
Granite’s platform also enables the use of these relations in reporting and visualisation. Tools like risk matrices and compliance dashboards become significantly more powerful and informative when backed by a robust relations structure. Leadership can gain a clear and immediate overview of the situation – no manual compilation needed.
Cybersecurity as a Network, Not a Silo
These relations reshape how we view organisational structure. Cybersecurity is not an isolated domain – it connects with asset management, continuity planning, risk identification, and employee observations. When all of these can be linked together, an ecosystem emerges where data flows, evolves, and drives action.
This also helps direct resources where they’re needed most: on the most critical operations, where the greatest risks and most stringent requirements intersect. At the same time, it prevents unnecessary over-control in areas of lesser importance.
“Once you start seeing the links between risks, requirements, and incidents, interesting patterns start to emerge.”
From Transparency to Agility
A relation-based model provides more than transparency, it also enhances agility. When the situation changes, the organisation can quickly identify what’s affected: Which risks? Which controls? Which operations? This enables faster, more informed, and more consistent responses.
“Once you start seeing the links between risks, requirements, and incidents, interesting patterns start to emerge,” says Teppo Kattilakoski.
Are You Building Relationships Yet?
In Granite, creating relations is intuitive and visual. Link a risk to a requirement once, and it’s reflected in both contexts. Later, when a new incident is recorded, it can be immediately associated with that same risk and reporting is automatically updated.
Managing cybersecurity isn’t an isolated administrative task. It’s a continuous conversation between operations, risks, obligations, and people. Relations make this conversation possible – and productive.
See It in Action
Granite’s experts would be happy to show you how building relationships between data points can turn insight into impact. Get in touch to explore how your organisation can benefit from a connected approach to cybersecurity and risk management.
