Creating a case to remediate issues

After security issues are identified and the level of remediation requirement is assessed, organizations need to follow a remediation management process to address and manage the issues. You can create cases to remediate identified issues that are found on the assets.

Before you begin

  • Customize the Case Management application settings. For more information, see Customizing settings in Case Management.
  • In Case Management, complete the following steps before you assign a group to a case in Risk Manager and to view all the cases with Default role.
    1. On the home page, click the Menu icon.
    2. In the Application settings section, click Case Management > Permissions and access.
    3. Click the Roles tab.
    4. Click Default Role under Global roles.
    5. In the Administration and Customization Permissions section, select Groups and Ability to view and modify.
    6. In the Incident Permissions section, select View Incidents and Edit Incident.
    7. Click Save.

About this task

A case is an incident or event in which data or a system might be compromised. Application users or systems that are integrated with the application can create these cases. You can then act on the case and monitor its status from the start to the resolution.

Risk Manager is integrated with Case Management for creating cases to manage remediation action plans for the identified issues. Risk scores of assets are reflected based on the remediation actions that are implemented. The cases that you created are managed in the Case Management application to track them to closure.

Only the administrator can access and interact with all the cases. An administrator can define your role, which determines how you interact with cases.

Procedure

  1. On the home page, click the Menu icon.
  2. In the My applications section, click Risk Manager > Recommendations to view the list of recommendations and the associated details. You can apply filters to the recommendations list to focus on the content that you want.
  3. To view details of a specific recommendation and to implement actions, click the selected recommendation. For more information, see Analyzing recommendations for remediation.
  4. You can select multiple recommendations for remediation. Select your recommendations from the list.
  5. Click Remediate.
  6. On the Remediate assets risks page, click the View details icon to view the overview information of the affected assets, selected recommendations, risk areas that are associated with the recommendations and their risk score.
    You can ignore the recommendations. If you want to ignore the recommendations, complete the following steps.
    1. Click the Ignore Recommendation link.
      Note: You can ignore only those recommendations that suggest remediation actions for implementing security controls such as encryption or monitoring. When a recommendation is ignored, all the assets that are associated with it are not considered for future recommendations.
    2. Click Yes.
  7. Under Select assets, select your assets to include in the case that you are creating for implementing the suggested actions.

    You can select up to 30 assets.

  8. Click Select assets.
  9. You can add assets to an existing case or add them to a new case.
    To add assets to an existing case, complete the following steps.
    1. Select Add to an existing case.
    2. Select the case ID from the list.
    3. Click Select case.
    4. Review the case summary information.
    5. Click Add to case.
    To add assets to a new case, complete the following steps.
    1. Select New case.
    2. Set the following options.
      Field Description
      Case name Specify a name for the case.
      Case severity Specify a severity for the issue, for example, High, Medium, or Low.
      Description Provide the case description.
      Incident type Select an appropriate incident category type from the list.
      Assigned to Select the group to which you want to assign the case.

      Ensure that Groups is selected for Default Role in the Case Management application.
    3. Click Add case details.
    4. Review the case summary information.
    5. Click Add to case.
  10. A case ID is generated when the case is created. On the Recommendations page, click the case ID to view the case summary information and to open the Case Management application.

What to do next

Use the Case Management application to manage and track status of the case. You can edit status, phase, and owner name of a case in Case Management. To view the updated status in Risk Manager, complete the following steps:
  1. On the home page, click the Menu icon.
  2. In the Application settings section, click Risk Manager > Manage assets.
  3. On the Manage assets page, click the asset name for which a case is created.
  4. On the General information window, click View full details.
  5. Click the Cases tab to view the updated status.
  6. Click the arrow Arrow icon icon to view details in the Case Management application.