A lot of Risk I/O users rely on bug tracking and trouble ticketing to track their remediation workflow including status, ownership and due dates. We built Risk I/O to integrate directly into these solutions so our customers would never have to leave while tracking to close. That’s all well and good, but we have others who prefer not to use bug trackers or trouble ticketing or simply don’t have all of those resources in-house. Well I’m happy to show how this can be done now all within Risk I/O.
For awhile now we have had both custom asset tagging and custom fields. These are often used to collect data for tracking remediation such as status, ownership, expected remediation dates, SLA’s, etc. Last week we launched role-based access that allows you to control who has access to what down to the vulnerability level. In addition to our Standard and Admin roles, you can now create “tag-based” roles to control access within your Risk I/O instance.
Here’s a simple example:
We have several development teams each that own different applications and the bugs and vulnerabilities associated with them. We can tag each of those applications in the assets tab with these development teams. From there I can create a new role allowing for read-only or read-plus-write access to any assets and vulnerabilities that have that tag. I can also now create new users and give them the appropriate role, allowing them to work directly within Risk I/O to help manage remediation workflow.
We have focused relentlessly on simplicity and flexibility. With our new access control features I think we’ve found a great balance to allow you to keep it all within Risk I/O or use the remediation management tools you already have deployed in your environment.
…and since a picture is worth a thousand words, a short how-to video must be worth even more.