Any assessments you run in RiskVision involve various objects available on the Configuration menu. You should carefully examine each object and configure only the options required to meet the needs of your assessment because you may want to choose a different strategy for each assessment. The following objects should be configured before launching an assessment:
- Workflows: If you don't want to use the default workflow, you can choose a different one using the assessment and policy creation wizards. If you want an exception, ticket, or finding to follow a different workflow pattern from the default workflows, you must configure the selection criteria within those workflows. For more information on workflows, see the following topics:
- Escalations: Used to notify the requester, owner, and manager, that a ticket is overdue. For more information, see Creating an Escalation Configuration and Managing Escalation Configurations.
- Email Templates: Used for stakeholder notifications. Several default email templates are available for selection or are already in place to handle notifications. If your organization prefers to follow a specific procedure for its internal communications, you can design an email template. For more information, see Configuring E-mail Templates.
- Filters: Contain a set of conditions used to match records in reports, limit membership to dynamic groups, and more. Examples of filter types include Assessment, Dynamic Group, Entity, Exception Request, Incident, Program, Response, and Risk. For more information, see About Filters.
- Ownership Types: Link workflow stage stakeholders to system users assigned to an entity or policy. This allows processes such as programs, tickets, and policy pack approvals to run automatically. You can restrict which user can be assigned as a type of owner based on the user's role assignment. For more information, see About Ownership Types.
- Assessment Configuration, Entity Configuration, Findings Configuration, Vulnerability Risk Configuration, and Incident Configuration: Depending on the RiskVision application, a common threshold range criteria can be established for assessment, finding, vulnerability, risk and incident objects. When assessments are run, the risk, vulnerability and incident scores are derived according to the default range. Before you run any assessment, ensure that the threshold range is configured according to the assessment objective and meets auditing guidelines and policies. For more information, see Configuring a Threshold Range for Risk, Vulnerability and Incident Scores.
- Questionnaire Presentation Options: Instead of provisioning too many options in the questionnaire UI, you may want to consider creating a new questionnaire presentation option that allows responders to submit the questionnaire without completing all questions. For more information, see Setting Questionnaire Presentation Options.
- Ticket Management Preferences: Usually, notifications are sent when a ticket is overdue. Ticket Management Preferences allow you to add a disposition to avoid sending the escalation. For more information on setting the ticket preferences, see About Ticket Management Preferences.