Preparing for external data integration

You can integrate any third-party application with
Control Compliance Suite
. You can use the ODBC, CSV, or the web services connectors to import the required data into
Control Compliance Suite
.
Before you import external data, you must do the following:
  • Identify the following attributes in the external data:
    Asset
    An asset can be any target object against which an evaluation can be executed. For example, assets, asset groups, folders, or any entity can be classified as assets.
    Assessment
    An assessment is the parameter that you use to assess your subject. For example, CCS standards or checks, policies, mandates, and third-party controls can be classified as assessments.
    Status
    A status is the outcome or the resultant value of an evaluation. Once you identify the asset and the assessment attributes, all the remaining attributes are considered as the status of the assessment. For example, a particular range of DLP incident IDs can be mapped to the 'Pass' status in CCS. Or, a particular value for password length can be mapped to the 'Fail' status in CCS.
    For CCS to understand the result, the evaluation outcome must be mapped to one of the following:
    • Pass
    • Fail
    • Unknown
    • N/A
    CCS consumes and represents data only in terms of the subject-test-result attributes. Hence, before you import external data into CCS, you must map the external data fields to the subject-test-result attributes in the CCS schema. You can map the external data fields to the CCS schema from the
    External Data Integration
    view.
  • Correlate the external system data to CCS.
    By means of correlation, you basically establish an association between the imported data and the existing Control Compliance Suite assets. Without correlation, you cannot leverage the CCS infrastructure to represent the external data in CCS dashboards and reports. You can correlate the external data fields and the CCS asset fields from the
    External Data Integration
    view.
  • Configure asset risk aggregation.
    For risk score calculation, you can use CCS to calculate the risk scores based on the CVSS parameters. Or you can use the risk scores that are defined in the imported data. You can specify the risk score parameters from the
    External Data Integration
    view.
Let us take the example of the use-case scenarios to elaborate on the external data integration planning:
External data integration model based on your business objective
Scenario
Description
What you need to do
Import external data and view the data in CCS dashboards without correlating to the CCS assets
You can import the external data and view the data by using the CCS dashboards. For the basic dashboard and panel creation using imported data, you do not need to correlate the external data to the CCS assets.
To meet this business goal, you need to do the following:
  • Identify the key fields for the Subject attribute in the external data and map the data field to the existing CCS schema or custom schema.
  • Identify the Key Performance Indicators (KPIs) that you want to use to monitor the data and subsequently to create the panels.
Import external data and view the data in CCS dashboards in correlation with the CCS assets.
You can import the external data and view the data by using the CCS dashboards in correlation with the CCS assets. By means of correlation, you basically establish an association between the reported entities in the imported data and the existing CCS assets.
To meet this business goal, you need to do the following:
  • Identify the key fields for the following attributes in the external data:
    • Asset
    • Status
  • Once you have identified the mentioned fields, you must map the fields to the existing CCS schema or a custom schema.
  • Identify and map the fields that you want to use to correlate the data to the assets.
  • Identify the asset-based KPIs that you want to use to monitor the data and subsequently to create the panels.
Import external data and use it for compliance assessment in correlation with the CCS assets.
You can import the external data and use the data for compliance calculation in correlation with the CCS assets. You can use the imported data to correlate with the CCS assets. You can then calculate the compliance score of the assets based on policies, mandates, and regulations.
To meet this business goal, you need to do the following:
  • Identify the key fields for the following attributes in the external data:
    • Asset
    • Assessment
    • Status
  • Map the identified data fields in the external data to the existing CCS schema or a custom schema.
  • Identify the possible result values in the external data and map the values to the CCS result attributes.
  • Based on the mandates that you want to comply to, decide if the existing assessments are sufficient or you need to create new assessment procedures.
  • Based on the mandates that you want to comply to, decide if the existing control statements are sufficient or you need to create new ones.
    If you create new control statements, then you must map the new control statements to the existing CCS control statements.
Import external data and use it for contributing to the CCS asset risk score.
You can import the external data and use the data for risk score calculation in correlation with the CCS assets. You can use the imported data to correlate with the CCS assets. You can then calculate the risk score of the assets based on CVSS attributes or the risk score that is defined in the external data.
To meet this business goal, you need to do the following:
  • Identify the key fields for the following attributes in the external data:
    • Asset
    • Assessment
    • Status
  • Once you have identified the mentioned fields, you must map the fields to the existing CCS schema or a custom schema.
  • Identify and map the fields in the external data that you want to correlate to the assets.
  • Identify and map the result fields in the external data that you want to correlate to the CCS result attributes
  • For calculating the risk score, decide if you want to use CVSS attributes. Or you want to use the existing risk score of the external data. For the risk score, you must specify a range between 0-10.
  • Specify a value for the weight to be used in the risk score calculation.
  • Decide if you want to use the risk score in the external data to calculate the asset risk aggregation in CCS.