ginger-anderson
commented
1 year ago PL,
Can you please verify which Safeguards you're referring to?
v/r Ginger
Open planglois925 opened 5 years ago
ginger-anderson
commented
1 year ago PL,
Can you please verify which Safeguards you're referring to?
v/r Ginger
ginger-anderson
commented
1 year ago in hindsight i think these are for Controls v7.1 or CAS v1.0?
Controls
Control 1.6 Control 2.6
Comment
Both of these measures are based on the frequency of the scan of the approved vs unapproved software which seems to be based on the process (scanning frequency) vs the outcome (unapproved software are removed).
An alternative method focused on the outcome, which could also accommodate more of the "near real time" data collection could be a comparison between
"Initial Discovery DateTime" - "Last Seen DateTime"of unapproved software. This would just require that a date time stamp be added to any asset whenever they're scanned and added to the inventory.Recommendation
Change the measure from being focused on the Scan Frequency to the difference between Initial Discovery and Last Seen Datetime. Which means the measure would then be based on how many of those fall within the "acceptable" range.