Confusion about perimeters and assets, and lack of possibilities #3594
Unanswered
andresteint
asked this question in
Q&A
Replies: 1 comment
-
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi! I am currently evaluating Ciso Assistant if it is something that works for us. So far I've found many great features, but there are still some basic aspects I just cant figure out how it is supposed to work.
One thing is is that you can only do audits and risk assessment for perimeters, not for assets. And when I say assets I am generally thinking about different kind of IT-assets as this is how I interpret how it mainly will be used in Ciso Assistant, as there is metadata there such as Disaster Recovery Times etc. which are more related to those kind of assets. Here in Sweden the procedure is generally that you have to assign a formal System Owner for IT Systems. And that System Owner is then responsible to conduct a general audit and a risk assessment on that specific system. But in the Ciso Assistant this doesnt seem to be possible, audits/assessment can only be done on a higher level (perimeters), for example a business function using that particular asset. So I don't know how to solve this need. Any ideas?
I am also missing a connection from the supporting assets to the perimeters. I mean, if I am doing a risk assessment for lets say a function within HR that is responsible for hiring people (perimeter). And they are using several systems "assets" in their processes. I want to be able to understand which assets are connected to that specific perimeter, and to use the metadata on the asset level for security targets, dependencies to other assets, info about personal data etc. But I find no way to connect these.
To me if find it strange that an audit or risk assessment seems to be completely separated from the assets, and all important metadata that is in there.
Similarly I would also like to be able to click into an perimeter (thinking of a business function of some sort), and there directly seeing which assets are being used within that perimeter. But that doesnt seem to be possible. I can only get a list of assets on a domain level.
Please let me know if I am missing out on something obvious in the supposed workflow...! :-)
Beta Was this translation helpful? Give feedback.
All reactions