Skip to main content
All CollectionsBest PracticesAdmin User
Managing Remediation Workflow Best Practice
Managing Remediation Workflow Best Practice
Updated over a month ago

Target Audience

Security Champions, Governance Risk and Compliance (GRC) Team, Admin.

About

What's the rationale behind this best practice?

As organizations increasingly rely on digital technologies, managing cybersecurity risks becomes more complex. Fragmented security approaches can create gaps in coverage, inconsistent policy enforcement, and increased vulnerabilities, especially with shadow IT, insufficient asset management, and unclear responsibilities. To address these challenges, an integrated cyber risk operating model is essential. This model unifies Governance, Risk, and Compliance (GRC) functions with product teams, security champions, and other key stakeholders, ensuring a strategic approach that aligns with business objectives, regulatory requirements, and risk management priorities.

Effective risk management is not just about identifying risks but prioritizing them to ensure that critical threats are addressed first. Overwhelming teams with low-priority tasks can lead to alert fatigue and the potential for significant risks to be overlooked.

What's the goal of this best practice?

The goal of this best practice is to establish a cohesive cybersecurity operating model that:

  • Aligns security efforts across all teams.

  • Enhances risk management and compliance.

  • Improves communication and collaboration.

  • Mitigates risks from shadow IT and inadequate asset management.

  • Supports strategic decision-making for a stronger security posture.


Best Practice Workflows

The suggested operating model provides a general framework based on industry knowledge and experience. However, each organization should tailor this model to fit its structure, recognizing that responsibilities may differ across teams. Below are key workflows to follow to manage the remediation process effectively.

1. Clarifying Roles and Responsibilities

Security Champions

Embedded within product teams, they promote security best practices, conduct initial assessments, and liaise with both product teams and the GRC team. Security champions ' responsibilities may need adjustment depending on the role of product owners.

Product Owners (POs)

Responsible for the security of their specific products, including vulnerability management, patching, and compliance. They own and manage cyber risks affecting their products but may lack visibility across the broader IT environment, particularly in shadow IT cases.

GRC Team

Provides oversight of governance, risk management, compliance, and policy development within the security operating model.

Cohort Leads/Department Heads

Oversee multiple products, offering a broader view and coordinating efforts across teams, particularly for vulnerabilities affecting multiple areas.

2. Managing Risk and Vulnerability Remediation

Risk Identification and Assessment

Once vulnerability data is ingested into Vulcan Cyber, the platform performs an automatic risk assessment based on criteria like severity, exploitability, and business impact. Security champions review the risk assessment to ensure it reflects the context and criticality of the affected assets.

Vulnerability Triage and Assignment

Following the risk assessment, critical vulnerabilities (e.g., zero days) are sent to the appropriate teams for immediate action. Vulcan Cyber's automated playbooks can create tickets or alerts for Product Owners (POs) based on predefined conditions such as threat level, risk score, and business impact of affected assets.

Risk Updates by Product Owners

Product Owners can edit the risk score in Vulcan Cyber if they believe the automated assessment does not fully capture the potential business impact. This update should include a justification for the change based on asset criticality or compensating controls, which should be documented for review within the system.

4. Submitting and Approving Risk Exception Requests

After vulnerability assignment, if the remediation team identifies a vulnerability that cannot be addressed (e.g., due to technical constraints or business requirements), they may submit a risk exception request in Vulcan Cyber. This request should detail the rationale and any compensating measures.

Product Owner Review

POs review the request to determine if ignoring the vulnerability aligns with the organization's risk appetite.

Consultation with Security Champions

If necessary, POs may consult Security Champions for insights into the security implications of the exception.

Managerial Approval

The request must be escalated to a manager for high-impact exceptions to ensure alignment with the organizational risk strategy.

5. Continuous Monitoring and Review

Vulcan Cyber supports continuous monitoring and review of approved risk updates and exceptions. All decisions and compensating controls are documented within the platform, ensuring transparency and accountability during audits and reviews.

The GRC team regularly reviews the risk approval process, making necessary adjustments in response to new threats or changes in the organization's risk environment.

Did this answer your question?