A high-level overview of the general workflow process.
RiskSense provides managers and group managers with the tools to monitor remediation efforts and evaluate the progress and overall impact on the organization’s security and risk. Using RiskSense's workflows, managers and group managers can assign specific vulnerabilities to one or more users, and users can see their current assignments, analyze vulnerabilities, and plan and track the necessary remediation or mitigation actions.
The RiskSense platform follows specific naming conventions to identify the current workflow type and progress on specific vulnerability actions. The following diagram provides a high-level, graphical representation of the remediation workflow.
All vulnerabilities start in the Unassigned category until a manager assigns them to a user for remediation. Managers and users can use the Assign To Users option in the More drop-down menu to change this status and assign to users. Please note that users can also assign vulnerabilities to themselves.
As a vulnerability moves through the workflow, it reflects a different status for each step in the process. There are three workflow action types applied to findings:
- False Positive (FP): While vulnerability scanners can reliably identify flaws, misconfigurations, weaknesses, and missing patches, they are not infallible. For cases where a scanner identifies a vulnerability that is confirmed to not be present upon manual investigation, the RiskSense platform provides an option to mark that finding as a False Positive.
- Risk Acceptance (RA): The risk acceptance workflow serves as acknowledgment that after evaluating a vulnerability, the cost to remediate the vulnerability is larger than the risk posed by the vulnerability itself. For cases where an organization accepts a vulnerability’s risk, the RiskSense platform provides an option to mark that finding as a Risk Acceptance.
- Remediation (RM): The remediation workflow serves as an acknowledgement that the vulnerability has been fixed or removed. For cases where an organization remediates a vulnerability, the RiskSense platform provides an option to mark that finding as a Remediation.
Please note that when you submit a request using one of the above workflows, you will not be able to start a new one on the same vulnerability until the initial request is rejected.
The Severity Update (SU) workflow is used to update the severity level of a finding due to an increased risk within the specific environment. This workflow operates like the other three workflows; however, this workflow may run concurrently with one of the three workflows above.
There are NO technical verifications as part of this administrative review process other than running another scan and uploading the results into RiskSense for comparison by using the Update Remediation by Assessment (URbA) feature.