In this article:
About the Issues Tab & Score Planner
Take control of your security rating and easily boost your score.
Benefits
- Greater transparency into impact of specific issue remediations
- A better understanding of which issues to prioritize to improve the score
- Information and tools required to boost the score to the desired level
- Enhanced vendor-customer collaboration to improve the cybersecurity posture
- Flexibility to select automated or customized plan
- Ability to run interactive “what if” scenarios to determine the most effective remediation path
Solution Overview
Score Planner lets you build or automatically generate a plan to improve your score while providing full transparency into how specific security issues impact your score. The tool helps you understand which issues to prioritize to achieve your desired security rating.
How it Works
You can choose to automatically generate an action plan for issues that require remediation in order to reach your target letter grade. If this plan does not fully meet your security priorities, you can adjust it or create your own plan. SecurityScorecard will automatically calculate the minimum number of issues, and findings within those issues, required to remediate in order to reach your target score. Once the plan is ready, you can download it as a CSV so you can conveniently include it in your issue tracking system.
Step by Step Guide
- Select Issues tab on the your own Scorecard and click Improve Your Score.
- To automatically generate a plan, select your desired letter grade.
- Click Generate Plan.
- If you want to include different issues, simply click Adjust My Plan.
- To create a customized plan from scratch, click Create Your Own Plan.
- Drag and drop issues into your Score Plan to see how remediation of specific issues will impact your score.
- Edit the number of findings you’ll remediate by hovering over the Remediating entry. You can pick the desired number and the amount you’ll recover from your score will update accordingly.
- Download your plan as a CSV.
For automatically generated plans, you may see only the specific findings for an issue that requires remediation to reach a target score – particularly for issues with a large number of findings. When adjusting your plan, or creating a new one, you can change the number of findings you plan to address.
Please note that the number of findings for an issue follows exponential growth. What that means is that if you remediate very few findings, you’ll see a really small score recovery, but as you remediate more and more, the amount you’ll recover will grow very quickly.
Some issues track status over time, such as particular issues within the Patching Cadence factor, for example. Because these issues age out, they cannot be immediately resolved (only refuted). As such, they are not included in automatically generated score plans.