Creating and Managing Security Surveys
To create a Security Survey user user has to create a new Requirement in Requirements page of the Security tab.
By choosing the Responsibility for Affected BB (3) , and Affected BB (2), user defines whom should surveys be sent.
Once the requirement Requirement is saved , and in Active Status, the new Security Survey will be created, and shown for the predefined user on their start tab.
After requirement Requirement is created user can observe in Risk Identifications table the owners of the Affected BB and therefore a participants of the newly created Security Survey.
Security Survey list is a basically a requirement Requirement list with the active status
User is able to activate or deactivate requirementRequirement. Based on the requirement Requirement status, security survey Security Survey will be shown or not shown for the end user.
Responding to Security Survey
When the security survey Security Survey is created, user with corresponding permissions is able to pass the survey
To complete the security surveySecurity Survey, user has to complete all the Risk Identification Object,an close all Risk Rating.
To complete Risk Identification object Object (1), field Assessment (4) must be filled, in case if assessment equals to "Does Not Apply" or "Exception", field Comment must be also non empty. Afterwards Risk Identification may be completed.
Once Risk Identification Object is completed user can't make any changes to it anymore.
In Case if Risk identification object Identification Object (Building Block) is completed with "Does Not Apply" or "Exception" assessment, Risk Rating Object (2) is created.
- Probability column
- Business impact column
- Actions column (complete button)
To complete Risk Rating fields Probability(1) and Business Impact(2) must be non empty.
After that user is able to complete Risk rating Rating (3). Once all of the Risk Ratings objects and Risk Identification object is completed Security Survey is solved, and system automatically redirects user to start page.