Cybersecurity Risk&Issues submit portal for end-users

Valqe · ‎03-26-2024

Hi all,

Was wondering what are best practices when it comes to creating an intake process for end-users to report organization's Cybersecurity risks&issues?

I have copuple of options in mind, but I welcome your comments with leading practices:

a) Catalog item in service portal that would collect questions and then would let fulfillers to triage the input and decide to whether create an issue[sn_grc_issue] or risk[sn_risk_risk] records?

b) Record producers:

Record producer in service portal that would create an issue[sn_grc_issue] but not sure if this is a best practice to do it without any triaging and wonder if end-user knows the difference between risk & issue?
Record producer in service portal that would create an risk[sn_risk_risk] but not sure if this is a best practice to do it without any triaging and wonder if end-user knows the difference between risk & issue?

c) MOST IMPORTANT option is your comments 🙂

P.S. I read also about 'Issue Triage' module, but not sure if that's the best path.

I appreciate your comments and best practices.

Thank you.

V.

Community Alums · ‎03-26-2024

Hi @Valqe ,

Well, none of the options you have quoted is correct unfortunately.

The best fit for your use case is Vulnerability Response application , yes off course it comes with additional charges.

But your solution is like a Workaround or a tactical solution not really a Strategic Solution.

If you really want to move forward with a workaround solution, then go with Solution "a" on your question and just add a field having choice as Issue or Risk, then based on the choice you can run a flow for it's lifecycle.

Issue Triage is not a right fit.

View solution in original post

Community Alums · ‎03-26-2024