FAQ

How does risk acceptance work in the platform?

Within the Adversarial platform, the risk acceptance process is driven by assigned Urgency and the Due Date. When we accept a risk, we are really referring to downgrading the urgency of a risk. With a lowered urgency and an “accepted risk,” the security team may be determining that this risk is not worth fixing, so an urgency of Info would allow you to capture the details and track the risk without assigning a due date.

Additionally, the concept of transferring a risk would really be downgrading/lowering the impact of a risk (e.g., covered by Cyber Insurance). Finally, avoiding a risk is really downgrading/lowering the likelihood.

When should I close an AKR and open an RSK?

When reviewing an AKR: Has the AKR been addressed? If so, determine whether it should be closed. If mitigating actions have downgraded the urgency, close the AKR and open a related RSK with appropriate urgency. If there are multiple RSK records addressing the requirements of a given AKR, close the AKR and keep tracking via the RSKs.

When should I close an AKR?

For a given AKR, if the controls are in place to address the risk, close the AKR. Capture the controls in the Control Statement. With AKRs assigned on tenant creation, the Discovered Date will align with that date. If AKR controls have been in place before that date, set the Closed Date to be one day after the Discovered Date.

How do I handle issues and policy exceptions?

Issues are captured in how we use the term “Risks.” You can think of “Risks” as what ServiceNow calls “Issues, Problems, or Threats (IPTs)” — inclusive of vulnerabilities, audit findings, self-reported issues, and more. The approach is to be source-agnostic so all sources can be scored with the same rubric.

Policy Exceptions: The platform’s approach is inclusive of policy exceptions. Example: 25 workstations that cannot have full disk encryption. Log the exception as a risk, copy or author the supporting details, and use AI scoring to assess likelihood and impact. The recommended path is to capture these as a Risk with the Type set to Control Deficiency or Procedural.

Can I delete or repurpose an RSK?

Empty risk records can be deleted if there are no data or tickets associated with them. Deletion will not cause auto-renumbering. Additionally, if no data was inputted, the risk record can be reused for a new risk.

If there are RSKs that can be mapped to an AKR, set the Closed Date of the AKR to align with the Discovered Date of the RSK. AKRs and their current statuses do not influence the Remediation Agility chart.

How do filter views work?

Filter Views help users quickly organize the data in the registers. Custom filter views are private to the user.

To create: Select the filter icon, choose fields and values, click Save then Create New View.
To update: Add or remove filters, click Save then Update.
To rename or delete: Open the filter drop-down and select the pencil icon.

Filter Views complement Item Tags for granular views.

Filter views are user-specific and cannot be shared directly. However, you can share via URL: open the filter view, copy the page URL, and send it to another user. They will see the same filter parameters applied.

How do I handle new information and rescoring?

When subsequent investigation surfaces new information, record it in Comments and re-run AI Suggest Score. Review Likelihood and Impact. If the rationale aligns, save the updates. Previous AI comments can be deleted before rescoring to avoid influencing the new run. Rescoring is also useful when a risk has been partially mitigated via a compensating control.

How can I track and follow risk records?

There are three ways to track risks:

Follow an RSK — Updates are communicated via in-platform notifications (bell icon).
Assigned To — Users in this field automatically receive notifications for all changes.
Notification Subscriptions — Via Settings, subscribe to urgency-driven risks, severity-driven incidents, threat-based incidents, and new entries.

FAQ