Building Projects in FutureFeed | Scribe

    Building Projects in FutureFeed

    • Mark Berman |
    • 0 step |
    • 2 minutes
    Navigate to the Your FutureFeed subway stop.
    Click "PROJECT BUILDER"
    There are many ways to find the POA&Ms for grouping into a project. The first is to narrow the focus amongst the types of POA&M feeds. Click the dropdown to reveal the feeds.
    Tip #1 There are several feeds. These three are focused on compliance certification prep: 1. Compliance Validation - these POA&Ms are generated from the Outcomes in the assessment. 2. Objectives - These POA&Ms are sourced from the objectives for each control. Note that POA&Ms can be generated for met objectives. These will appear as "POA&M Improvements" on the SSP. 3. Inventory Item - These POA&Ms are sourced from tools and documents that are needed, but not yet implemented.
    Tip #2 These three feeds are generally capture items for ongoing IT maintenance. 1. Idea - Use the yellow lightbulb in the header to generate these POA&Ms. They may or may not be cybersecurity related, but at the end of the day every organization has one set of resources, so this allows cybersecurity needs to compete with profitability and efficiency needs. 2. End-of-Life - These POA&Ms are identified in the SSP. 3. Vulnerability - These POA&Ms are created when vulnerabilities are imported in the Details subway stop.
    Here are the feeds as they appear in the interface.
    Another way to narrow the POA&M list is to filter by Impact, Effort and Cost.
    Some companies may opt not to rate POA&Ms using these subjective measures, but for those that do it may be interesting to look at high ROI opportunities like items with Extreme Impact and Low Effort and Cost.
    Click on "low cost."
    All of the column headers in the builder sort the list. The Compliance Gain column shows the relative value of one POA&M vs the others. Note that some POA&Ms are not related directly to compliance and thus have no score.

    Creating a Project

    Once you are ready to focus on a particular POA&M, click "Select or Create New..."
    Type a "New Project" name or select from existing projects.
    Note that you can add a POA&M to multiple projects. That is because earlier on you may not know how best to group items. For example, should you add a firewall policy to a "Firewall Project" or to a "Policy Project." Just add the item to both at the early stages. After you activate one of the projects, the item will disappear from the others.

    Manage Your New Project in the Project Portfolio

    Filter by status to focus on new projects.
    Narrow the focus to "Proposed Projects"
    Your two new projects are in the list.
    Open the project by clicking on the name and check out all of the items in it. The Impact/Effort/Cost ratings are manually set, so reflect on the sum of the items in the project and set each rating. You will use these later as a rough measure of ROI so that management can decide what to do first, second and third.
    Click this icon.
    This Scribe is in tip-top shape!Leave feedback if there are any issues with this Scribe