Cyber GRC Ideas Portal
ADD A NEW IDEA

IT and Cyber Risk

Showing 47 of 141

Ability to map Vulnerability Record from QualysGuard to MetricStream Asset Library based on Composite Key not just IPV4 Address

In case Dynamic IP Address scenarios the assets in a customer network are reused and assigned Dynamically. Based on this scanners like QualysGuard when they capture the Vulnerability and later send it to MetricStream via the connector based integr...
Guest over 1 year ago in IT and Cyber Risk 0 Pending Roadmap Inclusion

Ability to reopen the completed assessment or a feature to copy the previous assessment result (including the controls and residual ratings)

Assuming a scenario where a specific assessable entity has 25 risks associated and the risk assessment is completed. After few days, the same assessable entity needs to be reassessed where in the 24 out of 25 risks is unchanged and only one risk h...
Guest over 7 years ago in IT and Cyber Risk 0 Pending Roadmap Inclusion

Risk Assessment Algorithm : There is no option to add a conditional statement in Risk Assessment Algorithm

Risk Assessment Algorithm : There is no option to add a conditional statement in Risk Assessment Algorithm Customer has multiple sub factors to calculate impact and Likelihood, and the formula for Impact and Likelihood has conditional statements t...
Guest about 2 years ago in IT and Cyber Risk 1 Need more information

Interaction between IT Risk and IT Compliance Module

In product's roadmap will there be interactions between IT Risk and IT Compliance Modules. For eg: Failure of a control and the creation of an issue in the IT compliance module does not change the Risk score in the IT Risk module. As this is suppo...
Guest about 2 years ago in IT and Cyber Risk 0 Pending Product Manager's Review

Make Vector for Threat optional

Very often customers have threat data they want to upload/use, but do not have a threat vector defined for them. Can we make this field optional, or perhaps add values of Other or TBD.
Guest about 2 years ago in IT and Cyber Risk 0 Pending Product Manager's Review

Define Metrics for Threats and Vulnerabilities

Want to be able to define and track KRIs for Threats and Vulnerabilities
Guest almost 5 years ago in IT and Cyber Risk 2 Need more information

Support for NIST SP 800-30 Risk Management Framework.

NIST SP 800-30 RMF is fast becoming a mandate for information security risk assessments for federal entities.
Deleted User almost 9 years ago in IT and Cyber Risk 0 Included in the Roadmap

IT Risk Assessment form: Ability to show Question name as response filed header for free text columns

If there are more number of questions in assessment secion, when assessor click on response then customer need to know for which question, they need to provide response.
Guest about 3 years ago in IT and Cyber Risk 0 Pending Product Manager's Review

[Siemens Energy] Ongoing Migration of Risk Assessments

Ask - Siemens Energy Cyber Risk Team uses MetricStream Qualitative Risk Assessment approach as of now. Use Case - While the Cyber Risk Team uses our tool to perform risk assessment, they want to migrate risk assessments of different teams/subsidia...
Guest about 3 years ago in IT and Cyber Risk 0 Pending Product Manager's Review

[Siemens Energy] Segregation of risks, corresponding risk assessment plans, risk assessments, issues/actions between Cyber Risk and Business Risk

Ask - Segregation of risks, corresponding risk assessment plans, risk assessments, issues/actions between Cyber Risk and Business Risk. In customer words - separate the data visibility between RIC and CYS. Use Case - There are two teams in Siemens...
Guest about 3 years ago in IT and Cyber Risk 0 Pending Product Manager's Review