RedShield maintains a record of who within your organisation is authorised to request and make changes. We also maintain a record of who should be notified for certain events that may occur.
During onboarding this information is collected during the Service Integration Workshop.
Ensuring these records are up-to-date is important so that requests can be actioned in a timely manner and the approval and notification process is followed.
The following are the different authorisations that can be granted to one or more users associated with your RedShield service:
RedShield Portal Roles
RedShield Portal users can access and view data relating to their service and environment. Management of these users is performed by a RedShield Portal Admin user.
The admin role grants the ability to create additional users within your organisation's tenancy. One or more of the following authorisations will also be required.
Primary Contacts are the first point of contact between RedShield and the customer. In the case contacts are not provided for some of the other required roles and authorisations, approvals and notifications will go to the Primary Contact.
Logging and reporting is critical to ensuring Customers maintain awareness of changes in the threat environment, their attack surface, and the effectiveness of controls.
It can be used to demonstrate to management and business owners the risks being managed by RedShield and the business value provided by the RedShield service.
Users subscribed to the Monthly Report will receive it via email.
You can nominate one or more users to be notified via email when vulnerability scans are completed. This will provide an overview of any newly identified vulnerabilities, prompting to log into the RedShield Portal to view any specific scan details.
This should include any personnel / service providers involved in vulnerability management processes.
You may elect to have users notified of changes for which they may not be directly involved in the approval process. User notification will be via email CC.
The change categories are:
You may elect to have users notified of incidents for which they may not be directly involved in. User notification will be via email CC, or via phone if urgent notification is required.
The incident categories are:
It is recommended to elect one or more users to be able to authorise changes to be made to your service. If no users are defined, requests must originate from the Primary Contact or authorisation will be sought before changes are made.
The change categories are:
Please submit any required changes to firstname.lastname@example.org