Security Risks
Overview
This document outlines the process for appropriately handling security risks deemed acceptable to ignore temporarily or permanently. It ensures transparency and accountability while maintaining a robust security posture. The page collates all accepted security risks and provides a management tab for each type.
It helps ensure that security risks are properly assessed, and decisions to ignore them are made based on a thorough understanding of associated risks.
Risk Acceptance for a Security risk
-
Open the Security Risks page, select a risk from the table, click on an affected asset, and then click the eye icon button (Accept the risk).
-
In the Accepting the Risk dialog, you can optionally add a reason and expiration date, then click Save.
-
You should see a confirmation message at the top of the screen indicating the risk was accepted successfully, and the button state has changed to Edit Accepted Risk.
Revoke an accepted risk
-
Open the Risk Acceptance page and click on the line for a previously accepted security risk.
-
Click on the trash button.
-
Confirm the revoke of the accepted risk.
-
You should see a confirmation message at the top of the screen, indicating the accepted risk was revoked successfully.
Updated 5 months ago