Once you define and publish a security objective, risk manager lets you analyze the risk score and define an action plan to treat the risks.
Sequence of operations for treating risks
Define and publish a security objective.
After the security objective is published, risk manager calculates the current risk score and the projected risk score for the following:
Each risk element that is associated with the security objective.
Aggregated risk for the overall security objective.
Based on your analysis of the risk score, you can decide on an action to treat risks, by using dashboards.
Before you proceed with an action to treat risks, you must select a default system under Settings > Risk Management. You can select either email, Symantec Workflow, or Symantec ServiceDesk as the default system for treating risks.
Create and submit either a remediation plan or an exception plan by selecting risks for remediation or risks for exception, respectively.
What happens once you submit the plan?
If you opt for email , an email with the plan details is sent to the specified recipients.
If you opt for Symantec Workflow, you can submit the action plan to the desired workflow in Symantec Workflow. Symantec Workflow handles the action and provides a status update to CCS. This status is displayed on the Action Plans page, under the Status column.
If you opt for Symantec ServiceDesk , a ticket is generated and submitted to the Symantec ServiceDesk . When Symantec ServiceDesk updates the status of the ticket, the status is displayed on the Action Plans page under the Status column.