Assets

  • How are assets correlated between sources?
    • RiskVision provides very flexible reconciliation methods that will accommodate virtually any deployment scenario, including those where an organization is using DHCP and IoT devices. In DHCP environments where the IP address is always changing, our customers typically reconcile by MAC address.
  • Criticality/impact: where and how is this determined?
    • Business Criticality is set at the entity level by setting the Confidentiality, Integrity and Availability ratings. There is also an entity import template that allows you to import your pre-defined criticality data. This is a low amount of effort to do.
    • To create an exception in RiskVision, you select a vulnerability and some or all of the assets associated with it and create a due date and owner of the exception. You can also create an exception on a single asset and the associated vulnerabilities on that asset. Those are just two approaches, but there are other approaches, all of which are standard out of the box configuration.Using the Classification Label settings to set the Business Criticality.