How Tenacy works ? What are links between objects ?
Summary :
2.2 The security objectives (Policies & Risks) :
2.4 The performance of your measure (Recurring tasks & Indicators)
2.5 Objects indirectly related to measures (Gaps/ Incidents / Exemptions)
2.6 Add-ons (Risk Analysis & Project Safety)
1) Schema :
2) Explanations :
2.1 Measures :
Measures : Software and/or processes and/or team to secure a perimeter.
🔎 In Tenacy all objects will revolve around the measures
Offered Measures : The offered measures are all the measures you'll find in the Tenacy catalog.
🔎 If you don't find a measure you can contact us on the chat to exchange on the subject. The Tenacy team regularly updates its device catalog.
Operated measures : The measures you have put in place in your organization. They make up your security base.
⚠️ A faulty measure is an operated measure, not a measure under construction.
Construction Measure : A measure that you don't have in your organization, but which you are going to implement in your organization.
⚠️ A construction measure is a measure that does not exist in your organization - we are at level 0.
2.2 The security objectives (Policies & Risks) :
Policies : Measures will cover your policy control. The measure is the answer to the control.
Risks : Measures will cover your risks. The measure will reduce your risk.
2.3 Actions
Building action: Build actions enable you to build your measures under construction.
Improvement action: Improvement actions enable you to improve your operated measures.
Simple action: Simple actions are not linked to a measure.
💡Simple actions can be used for "To Do" actions, opportunities and/or to link actions to suppliers and/or applications.
2.4 The performance of your measure (Recurring tasks & Indicators)
Recurring tasks : A task or check to verify the performance of your measure.
⚠️ Difference between action and recurring task:
An action will necessarily have an end date (e.g. I'm changing EDR).
Recurring task: A task that you will repeat over time and that does not necessarily have an end date (e.g. I'm updating my EDR).
Indicators: Assess the performance of my measure.
🔎 Indicators are calculated with metrics
2.5 Objects indirectly related to measures (Gaps/ Incidents / Exemptions) :
Gaps: Gaps or non-conformities are anomalies observed in relation to what should be, generally the safety requirements set out in policies.
Exemptions : Temporary acceptance of non-compliance with a safety rule.
🔎 An exemption is a request for temporary non-compliance, generally a voluntary process, while a gap is a finding that is often external and imposed. The most common sources of gaps are internal and external audits, but can also be technical tests such as pentests or vulnerability scans.
Incidents : Security incidents
💡 These 3 objects can be closed thanks to the implementation of actions linked to your measures.
2.6 Add-ons (Risk Analysis & Project Safety) :
Risk analysis: The risk analysis module enables you to design your processes to identify and quantify risks.
We have developed a risk analysis module that enables you to be compatible with your methodologies, whether standardized (Ebios-RM, ISO27005) or your own.
Natively, you can manage your own risk management.
Security in projects (ISP): Monitor the integration of security into your IT/business projects.
Project compliance vision.
Implementation of the ISO27034 worflow for integrating security into projects.
🔎If you're interested in any of these add-ons, contact your CSM or chat directly.