A policy is the expression of specific directives to achieve security or operational goals. Typically it contains a short name for easy identification, a rationale for the policy and the machine-readable rule specifying the exact parameters and logic applied. For example a policy could express the intent to encrypt a specific cloud resource type with the rule describing how to interpret the data structure supplied by the data source to check if the directives are met or not.
A violation is a specific instance where a policy directives were violated. It typically contains the specific data source where the violation occurred, the exact date, and additional metadata as specified by the policy and the Secberus policy engine. The Secberus policy engine automatically updates violations as your system is changing and your team is resolving issues.
Exception is used to mark when a violation of a policy is for legitimate reasons. For instance you use a policy that mandates all S3 buckets to be encrypted, but in a few instances there is a good reason to break that rule, like hosting static material that's public. Users can manually mark a violation, or set automatic exceptions to omit violations based on metadata.
Frameworks are a structured set of requirements and controls. In Secberus these controls are mapped to policies. Percentage of passing controls makes it easy to understand your status. Good examples are FedRAMP (regulatory compliance framework) or CIS (framework of critical security controls).
Risk Score is a measurement of the deviation from the security baseline that you have set in Secberus. It measures the risk of specific policy violations, their age, and your organization's ability to remediate all of the open violations. You have the ability to adjust the risk associated with specific policies in the policy editor.
Data source can be any source of data to execute policies on. Currently Secberus supports a variety of cloud services.
Integrations are 3rd party services Secberus can connect to and pass data to. Currently they are used for notifications and ticketing.
Workflows are automated processes that are triggered when a certain criteria is met. Currently they are used for notifications and ticketing based on violation criteria.
Updated 5 months ago