How can I monitor & manage my (legal) subsidiaries with SecurityScorecard?
Option 1 : Monitoring subsidiaries in a Portfolio
-
- This suits better if your goal is to just monitor your subsidiaries (not necessarily manage them)
- Create a Portfolio, let's say 'My Subsidiaries' and add subsidiary scorecards to monitor them.
Option 2 : Managing subsidiaries via Hierarchy
-
- This is suitable for Common / Hybrid IT teams who are responsible for risk for multiple subsidiaries and hence need all key permissions to manage subsidiary scorecards.
- Access to the subsidiary scorecards is still dependant on them being followed, same as for any other scorecard.
- Pre-requisite is to first get your subsidiary scorecards updated under Hierarchy Tab [Login to SSC >> Go to 'My Organization' in top navigation >> Go to 'My Scorecard' >> Click Hierarchy]
- Submit support ticket here to get your hierarchy updated.
- Once Hierarchy is updated, then 'Customer Admin' in Parent Scorecard will have access to following permissions for their subsidiary scorecards
-
- View issue evidence and submit remediations
- Add missing assets via digital footprint
- Move assets between subsidiaries via digital footprint
- Comment on issue findings and make it public
- View Attack Surface for your Subsidiary
- Edit your hierarchy i.e. add or remove your subsidiary scorecards
-
To enable all above permissions for your subsidiary scorecards, you need to enable 'Attack Surface Dashboard' from Early Access Center (access via your Profile on Top Right of the platform)
Comments
0 comments
Please sign in to leave a comment.