In this article, find various tips for making the most out of the Tenacy solution.
Table of content
1. How to modify the coverage score of a measure?
2. How to interpret the differences between the initial measure and my measure
3. How to visualize anomalies within the measures of a perimeter?
4. The various ways to operate a measure
5.
1. How to modify the coverage score of a measure?
If the coverage score of a measure, proposed or in run, does not correspond to your need, you have the possibility to edit it in the solution.
1.1. "Policies" tab: modify the coverage score of the proposed measure
⚠️ To modify the coverage score of a measure in a policy, the policy must be private.
1️⃣Click on your policy
2️⃣"🖍️Edit policy"
3️⃣Click on the control of interest
4️⃣"Balance" or change the coverage percentage to your liking.
🔎 "Balancing" is applying the same coverage for all measures associated with the control.
To save the change, press Enter or click elsewhere on the page once the score is changed.
💡Modifying the coverage score of the proposed measures is equivalent to modifying the policy "template": the modification will not be effective on your already operated and under construction measures.
To make it effective, you will need to disassociate and reassociate the perimeters with the policy.
1.2. "Security bases" tab: modify the coverage score of a measure operated or under construction
1️⃣Select the perimeter
2️⃣Find the measure using the ID in the "Run" tab.
3️⃣Click the icon at the end of the line to edit the measure
4️⃣ "Controls" tab: change the coverage percentage to your liking.
To save the change, press Enter.
2. How to interpret the differences between the initial measure and my measure
2.1. What are the differences ?
The difference menu allows you to compare, view and process the differences between your measures in the security bases and measure in the catalog.
2.2. Where are the differences?
Security bases > on the right top > View differences
2.3. How does it work?
The reading base is the catalog.
- A "-" corresponds to an item that is not in the catalogue, but present on your measure.
- A "+" corresponds to the opposite: an item present in the catalog but no on the base.
Ex : In my perimeter "Corporate IT" my measure "Asset management" has 4 objects (in red) that my measure blueprint "Asset management" in my catalog does not have, but there is 5 objects (in green) present in the measure blueprint "Asset Management" in my catalog that my operated measure does not have.
The differences will concern:
- Links to policy security measures
- Links to risks
- Indicators, recurring tasks,
- Text elements: Title and descriptions
3. How to visualize anomalies within the measures of a perimeter?
An Analysis tab allows you to detect potential anomalies in your security basis.
What are these anomalies?
The analysis tab allows you to detect potential anomalies in your security basis for a given perimeter) and note :
- Measures that are consumed several times.
- Measures that are already consumed and also under construction.
- Measures that are under construction multiple times.
💡 Using this tab allows you to tidy up your security bases when you detect an anomaly.
To clean up your security base, we advise you to:
- Open 2 tabs: 1 for analysis and 1 with the security foundation opened on the operated measures.
- Pay close attention to whether there are objects linked to any of your measures or ongoing recurring actions/tasks.
- Ask yourself: "Do I already have this process/tool in place in my organization?"
--> If yes, keep the operated measure (to which an improvement action can be added).
--> If no, keep the construction action.
Where can I find the "Analysis" tab?
Left menu > Security bases > Choose your perimeter > Analysis
4. The different ways to operate a measure
You can operate a measure:
- Through the catalog
- Through your policy
- Through an evaluation
- Through the security bases
5. Offered Measure: How to collect an overall value for each perimeter?
When you operate an offered measure to which you associate indicators, you have 2 options to gather the metrics needed to calculate it: either you collect a single metric via the operator perimeter, or you collect a metric per perimeter. This choice is made when you operate the measure:
🔎 See Workshop 1 and the video on measures for more details on this step.
1. Modify which scope(s) collect the metrics
Go to the dashboard tab > Metrics > Click on the metric.
"Assignment and Delegations" tab > modify the collecting perimeter of the metric.
2. Ultimately, I want only one perimeter to collect the metric for all
Go to the security base > Modify the measure linked to the indicator (and consequently the metrics).
"Indicator" tab > Remove the association with the indicator > Existing indicator > link the indicator again. Once the indicator is linked, the solution offers you to collect a global value or a value per perimeter.