Security Planning Overview
Copado Security Planning combines industry-leading tools and expertise to identify potential security and compliance risks that threaten the success of your digital transformation. First, you’ll meet with a certified security expert to assess your DevSecOps readiness and create your plan. Your tailored action plan uses value-driven prioritization to form your unique compliance and security requirements to your business, industry and release process. The centralized dashboard shows your overall progress, areas for improvement and your security score to keep you on track in your DevSecOps journey.
Here are some of the advantages of using Copado Security Planning in your organization:
- It provides customized assessments and action plans from CISSP certified security experts.
- It gives you quick insights into different assessments as you can have multiple assessments under the same platform and easily switch from one assessment to another.
- It helps you focus on what is important since tasks are prioritized based on the effort and the value they provide.
When you log in, the first thing you see is the product dashboard. This dashboard includes metrics that help you monitor and plan your value-driven prioritized path.
Now, let’s describe each of the metrics displayed on the dashboard.
The Security Planning Score is a single metric that represents your maturity according to the content on which you have been assessed. The score ranges from 0% to 100%. 100% is the highest score possible and means you have achieved the highest possible maturity score.
The Story Status doughnut chart represents the progress to completing the assigned user stories based on three different user story statuses: Pending, In Progress and Completed.
Assessment status allows you to select which assessment to show on the dashboard. You may be assessed on more than one package. If this is the case, you can click on the drop-down menu and select an assessment from the list. Once you select an assessment, the dashboard displays new assessment data specific to the selected assessment.
The Events widget shows a running log of events applicable to the user currently logged in and their organization. The types of events shown include user logins, score changes and changes to the status of user stories.
The metrics area at the very bottom of the dashboard demonstrates your strengths and weaknesses according to the currently selected assessment from the Assessment Status selection. Each assessment is broken down into one or more specific categories. Higher values for a particular category demonstrate your strengths. Likewise, a lower score represents a weakness. You can quickly scan the metrics to compare across categories easily.
Stories & Tasks
In this section, you can find the list of assigned and completed user stories, grouped into epics, generated according to your results for an assessment. This view is more than just a checklist of things to do; it is a value-driven prioritization.
Assigned user stories represent gaps in your current security practices that have been identified during the selected assessment. They are the ticket to improving your score - every assigned story you complete will increase your score.
Completed user stories are your security practice baseline - the steps you have already taken towards a comprehensive security and compliance program.
Let’s take a closer look at the information you can find on this list.
The Story ID is a unique identifier assigned to each user story.
The epic represents a group of user stories. For example, the Compliance epic includes all the user stories that are related to the topic of compliance.
The description is a short description of the user stories’ goal. You can get more information about a particular user story by clicking on the story.
The user story status indicates where the assigned story resides within your workflow. There are three workflow types: Pending, In Progress and Done. You can click on the status icon to change its workflow status.
The effort demonstrates the estimated amount of work required to complete the user story’s guidance. There are three levels of effort: Small, Medium and Large. By default, a small effort is a few days, a medium effort is a month and a large effort is three months. Each level of effort is configurable by Copado.
V/E Ratio means Value to Effort ratio. The metrics are used to illustrate the expected outcome of your score based on the amount of effort. The V/E ratio enables you to sort user stories by the biggest score improvement for the least amount of work.
The modifiers on each user story show you how each user story affects the overall scores per category. Modifiers are directly related to the category scores on the dashboard. Each user story may affect many categories. The percentage value shown is exactly how your score will change once the user story completes. For example, a user story that shows “Awareness: 3.2%” means that your awareness score will increase by 3.2% when completed.
User Story Details
User stories on the list are clickable. If you click on a particular user story, you can see the details specific to that user story. This includes:
- User Story Content
- The specific guidance on what you need to do to complete the task.
- The content varies depending on the topic. User stories that are smaller and prescriptive may have only a few lines of text. Some user stories are more detailed and contain more information such as overall goals, external references and more.
- The name of the content package for this specific assessment. There are numerous different types of content packages, each of them sold separately.
- Information about the epic, modifiers, status and effort of that user story (see the description above for more details about each of these items).