Security Compass has recently announced an update to its flagship policy-to-execution platform, SD Elements. The update includes an action-oriented risk policy that gives users a summary of their software and infrastructure risk metrics as well as compliance and policy details through a series of visualizations. This feature will improve SD Elements’ ability to enforce risk compliance policies in organizations that practice agile and DevOps software development by enabling risk policy creation and providing security guidance throughout software development.
Risk policy and reporting
Risk Policy Reporting provides visualizations and reports that allow decision-makers to quickly identify areas that may need attention across business units, which results in an improvement in an organization’s ability to address problems quickly, saving both time and resources. The platform translates risk policies into measurable procedures and metrics that can be used to achieve your company’s security objectives as per your corporate standard.
The policy feature has widgets to show you, at a glance, which of your projects are compliant and which are non-compliant, according to the policies you have assigned. From the policy feature, you can quickly jump to each of your business units to view their compliance status. Likewise, you can move from a business unit to an application, and from an application to a project, to see risk compliance status at each level.
In addition to the policy feature, you can create custom reports to summarize the risk compliance of your business units and projects. A risk status summary report outlines development across all business units and shows non-compliant projects within that unit, providing a view into its development process and increasing accountability. Risk status reports summarize details from projects with assigned risk policies, including outstanding non-compliant tasks and an overview of risk compliance status.
Setting risk policies
All projects within an organization must have a risk policy, which you can modify at any time to suit your business’ needs. It is important to set the correct risk policies for your organization so you can see the information you need in your reports and ignore the rest. Risk policies are characterized by the completion status of a set of tasks that are identified by criteria including priority, development phase, and custom tags.
If a risk policy has not been created for an organization, SD Elements applies a default risk policy to all business units and projects within that organization. If there is a default organization policy in place, that policy will be automatically applied to all business units and projects within that organization. In addition, business units can have their own default policy in place, and in that case, all projects within that unit will receive that default policy. You can also define a minimum acceptable risk for each of your projects, and the reports will determine compliance based on that level and that status of the tasks within the policy.
Read the original press release here: http://www.globenewswire.com/news-release/2018/04/03/1459253/0/en/Security-Compass-Releases-New-Risk-Dashboard-Capability-in-the-Latest-Version-of-its-SD-Elements-Platform.html