Cyber GRC Ideas Portal
ADD A NEW IDEA

IT and Cyber Risk

Showing 42 of 130

Ability to define multiple range of Rating Values in Profile form under formula section

Current Behavior - Currently in OOTB, we can define the rating range only in 2 dimension, ie., Low Bound and High Bound. But for First Citizen use case, FCB defines rating range in 3 dimensions, ie., Low, Mid and High. So as an OOTB if we have a p...
Guest about 3 years ago in IT and Cyber Risk 0 Pending Product Manager's Review

Modify the existing Risk assessment form to mark Factors as “Not Applicable”

Currently the scope of the Risk Assessment has to be well defined and does not have the flexibility to delete risks which are populated from the plan. Also Factors cannot be rated if new Riks are added during the assessment. there has to be a opti...
Guest about 7 years ago in IT and Cyber Risk 0 Already exists in the Product

Final IT Risk Assessment report not very informative

Current final IT Risk assessment report is not very informative. Typically Customers will use the Assessment report to circulate it to the respective teams/executive. In general Comments/justification entered is nowhere displayed. Inherent, Contro...
Guest about 7 years ago in IT and Cyber Risk 0 Included in the Roadmap

MetricStream excel template for uploading Risk Assessment data

We have received a request from customer - CBIC to upload offline Risk assessments in excel format into MS application so that the assessment data will reflect in all reports and dashboards Attached sample template with data shared by customer.
Guest over 3 years ago in IT and Cyber Risk 3 Cannot be considered in the Roadmap

Integration with Cherwell - Player in Mid Market segment competing with Service Now

Hi Team, We came across Cherwell ITSM, which is being acquired by Ivanti. Please review the press release here with more information and Ivanti is a well-known vendor in the market. A cost-effective alternative of ServiceNow and very well received...
Guest almost 4 years ago in IT and Cyber Risk 3 Pending Roadmap Inclusion

Threat Type value should be a multiselect in the Threat form.

Threat Type value should be a multiselect in the Threat form. A single threat like fire can be having multiple types such as Accidental, Deliberate or Environmental. But currently it is a single select field and should be made multi-select. Curren...
Guest about 4 years ago in IT and Cyber Risk 3 Pending Roadmap Inclusion

Vector value should be a multiselect in the Threat form.

Vector value should be a multiselect in the Threat form. There can be scenarios where a single threat can be realized through multiple vectors e.g. Hacking attack and loss of data can be done through multiple vectors. Hence, this field should be a...
Guest about 4 years ago in IT and Cyber Risk 0 Pending Roadmap Inclusion

Support for FAIR risk assessment methodology.

FAIR is a popular framework for IT risk assessments.
Deleted User over 8 years ago in IT and Cyber Risk 0 Release Candidate Available

Risk Register Visibility Rules should follow GRCf activities for viability of Risk Assessment reports

Risk Register Report Visibility Issue - - Cleanest option recommended by MetricStream product team. Trackr rasied : 289326 Risk Assessments will only appear when the appropriate activities are added to the user role. The logic will apply here:...
Guest over 7 years ago in IT and Cyber Risk 1 Cannot be considered in the Roadmap

Basic request form and report to Request or Certify a new IT Service

While we measure asset performance and IT Risk... we miss the common problem of evaluating the risk of a PROPOSED system, tracking the status (proposed, approved, sunsetting, etc) and supporting the SDLC lifecycle.
Guest over 7 years ago in IT and Cyber Risk 1 Cannot be considered in the Roadmap