Here is an article summarizing what you need to remember after your training course.
Summary
Organization
Security perimeter: Complete functional model, subject to license
Suppliers and applications: Simple, unlimited functional model
Groupings / Trees :
- Consolidation elements (reporting)
- Unlimited
- Rights assignment
- No assignment of objects to these elements: policies / actions / measures
Users
- Root pilot : can create objects and users, enter objects, view all organization data. You can limit the objects accessible for the users.
- Local pilot : can create objects and users, enter objects, view data related to his scope of intervention.
- Contributor : Cannot create objects except for exemptions (request) and incidents (declaration), enter objects, access only the contribution menu and cockpit dashboard.
- Auditor : Read-only access to the solution. You can limit the objects he can access.
💡 If you wish to restrict access for a local driver or auditor:
⚙️ Wheel > Users > click on your user > Access tab
💡You can create user groups to assign objects to a team.
⚙️ Wheel > Groups
⚙️ Wheel
Catalog: The catalog contains public elements (proposed by Tenacy) and private elements (created or customized by you).
Authentication: Configure your organization's SSO
Scales :
- Indicator scales: to associate colors and icons with performance indicator values in dashboards
- Evaluation scales: to select answers for evaluation campaigns, and display the corresponding results
- Risk scales: to qualify the impact and probability of risks
- Application scales: used to qualify the criticality level of applications (in simple or DICP mode). This tab also contains the scales used to carry out PSI assessments.
- Priority scales: to specify the relative priority of controls in a security policy
- Weather scales: used to define icons and colors for weather displays in action logs.
Functions: functions are used to distribute the various controls in a security policy among different populations.
Labels: labels can be used to group objects transversally.
Internal metrics and indicators: Tenacy automatically manages (creates, feeds, calculates and deletes) internal metrics and indicators for most objects.
Logs: a complete audit trail of actions carried out in the application is available. Logs are organized by category and sub-category for easy filtering of activity types.
Preferences: preferences allow you to customize or configure elements of your context.
⚠️ Except for the password policy (Search by password keyword), call support if you wish to change a preference.
Licenses: view your license limitations
Connectors: consult your connectors set up on your account
Contacts: to facilitate communication with different scopes and stakeholders, in particular suppliers, it is now possible to create and associate contacts with scopes.
💡 Allows you to consult new features of the solution
🔔 Allows you to access your reviews, some objects require pilot validation.
Measures
Measures: software and/or processes and/or team to secure a perimeter.
🔎 In Tenacy all objects will revolve around the measures
Offered Measures: the offered measures are all the measures you'll find in the Tenacy catalog.
🔎 If you don't find a measure you can contact us in the chat to exchange on the subject. The Tenacy team regularly updates its device catalog.
Operated measures: the measures you have put in place in your organization. They make up your security base.
⚠️ A faulty measure is an operated measure, not a measure under construction.
Construction Measure: A measure that you don't have in your organization, but which you are going to implement in your organization.
Security base:- Set of measures that secure a perimeter.
- Composed of operated, offered and consumed measures
Policies
- Public policies are modeled by Tenacy teams
- Public policies can be found in the Tenacy catalog
- Depending on your license level, public policies are limited.
- Public policies can be modified by copying them
- Private policies are unlimited
Registers
- Unlimited for all objects
- An object can be present in several registers
- An object cannot be present more than once in the same register
- In actions, recurring tasks and gap registers, you can add groups for greater reporting granularity.
Risks
- You can manage the treatment of your risks, but risk analysis is an Add-On.
- You can find public risks modeled by the Tenacy team
Actions
- Building action: building actions enable you to build your measures under construction.
- Improvement action: Improvement actions enable you to improve your operated measures.
- Simple action: Simple actions are not linked to a measure.
- Actions have an end date
Recurring tasks
- Carrying out recurring tasks contributes to the performance of your measures.
- 2 types of recurring tasks: operational (e.g. updating the AD following departure/arrival) and control (e.g. checking that all active AD accounts correspond to active employees).
- Completion window: Allows you to define the task completion window (e.g.: 7-day completion window for a monthly task = must be completed between the 23rd and 30th of the month).
- You cannot modify the periodicity of a RT if there is a history.
Metrics
- A metric can be entered by one perimeter for another perimeter.
- To implement a metric history, use Excel import.
- A metric is to be filled in at the end of its periodicity (e.g.: metric for the month of January to be filled in from February 1st).
- A metric can be attached to a Recurring Task.
- Can be entered via API, connector, Excel or In-app by a user.
Indicators
- An activity indicator does not contribute to the performance of a measure.
- A percentage performance indicator is attached to a measure only if the objective is to be close to 100%. ( Ex : ❌ % of people having clicked the fishing link / ✅ % of people not having clicked the fishing link)
- The periodicity of an indicator can be different from that of the metrics linked to it.
Gaps / Exemptions / Incidents
- Deviations and Exemptions can be linked to policy controls.
- Actions enable you to close your exemptions, gaps and incidents.
- An exemption necessarily has an end date, a gap not necessarily.
Dashboards
- Unlimited number
- You can set up a cockpit dashboard for each user
- A contributor will only have access to his cockpit dashboard.
- A private dashboard will be accessible only to its creator.
Excel
Mass import of your objects via Excel files
💡 You can find the model in the pop up window
🚨 When importing/exporting, keep the original file to back up any errors.
Support
- If you have a problem, you can consult our contextual help.
- You can search for articles in our knowledge base or chat with us.
- You can write to us at support@tenacy.io
⚠️ Chat is hosted by the Hubspot tool. If it doesn't appear, you'll need to whitelist the Hubspot JS execution.
🔎 Chat support is guaranteed from Monday to Friday (excluding public holidays), from 9:00 am to 12:00 pm and from 2:00 pm to 6:00 pm. (GMT +2)