Overview of the Issue Management Module

Modified on Mon, 21 Mar 2022 at 10:23 PM

Issues are Findings that may derive from multiple testing sources that require prioritization for either monitoring or mitigation. Finding sources may include vulnerability scans, internal or external audits (corrective actions), internal or external/third party assessments or may simply be identified by employees during the normal course of business.

The 1Risk Platform enables findings to be associated with the impacted assets, workflows, policies, and controls, prioritized > low, medium, high and monitored for treatment > mitigation, avoidance, acceptance or transferral.

Finding response mitigation plans can be created and monitored on the 1Risk platform, tracked and archived to measure year over year progress in strengthening your security posture and or to shed light on weak or vulnerable systems in the organization, where risk is most likely to impact the organization and the level of impact pre- and post mitigation.

Issue Management in combination with effective Risk Management can help organization to make proactive decisions about managing risk and/or how to make strategic risk decisions that may benefit the organization.

Helpful Related Terminology

Risk, Cyber risk, or cybersecurity risk, is the potential exposure to loss or harm stemming from an organization’s people, process or technology. Cybersecurity risk severity is determined by the likelihood of exposure, critical asset impact or sensitive information loss.
Vulnerabilities are weak spots within your environment and your assets—weaknesses that open you up to potential threats and increased risk. This is where risk-based vulnerability prioritization plays a crucial role. By giving Security and IT teams the tools and insight to hone their remediation efforts on the vulnerabilities that are most likely to be exploited (and that pose the biggest risk to your business), you will not only save time, money and cycles, but you’ll improve collaboration and help lower the organization’s overall cyber risk. Aligning teams around risk means you’ll no longer be wasting resources patching vulnerabilities that don’t pose a real threat to the organization, and instead can dedicate time to more strategic activities.
Issues or Findings are existing Gaps or Events associated with your People, Process, or Technology that require evaluation, prioritization and mitigation. Where Risk is the “possibility of an event”, a Finding is the actuality, or the Gap that may cause the Risk to become an actuality. (see our Issue Management Training for more information on Findings and Mitigation).