Business Entities
Business Entity is your most valuable asset. It is essentially a collection of assets supporting your business applications. A business entity can be a business unit, department, location. It is created using a Qualys tag and can have more than one tag. However, only one tag is currently allowed to be added to a business entity. By associating tags with business entities, you establish the business criticality and context of the assets to determine priorities. You can also configure a Risk Appetite and add a business value and loss magnitudes for any type of loss to monitor financial risk across enterprises.
What is the use of defining a business entity?What is the use of defining a business entity?
A business entity is an object for action. It is essentially a collection of assets supporting your business applications that need to be monitored to manage security risks. Defining a business entity helps to establish an appropriate security governance framework. By defining the loss magnitude and risk appetite, you can add business value to the business entity.
How to create a business entity?How to create a business entity?
The creation of a business entity is a manual process. You provide basic information and create asset tags or select existing asset tags to associate assets to the business entity. You can also switch on the toggles Risk Quantification and Risk Appetite to define loss magnitude and risk appetite to add business value to the business entity.
You can skip creation of business entity while onboarding and create it later.
How do tags impact business entities?How do tags impact business entities?
Tags help you organize assets in your organization. You can apply tags manually or configure rules for automatically classifying your assets in logical, hierarchical, business-contextual groups.
By associating tags with business entities, you establish the business criticality and context of the assets to determine priorities.
You can use Qualys ServiceNow CMDB integration to automatically ingest assets and tags from ServiceNow. Then you can use these assets and asset tags to associate them to the business entity.
What is Risk Quantification?What is Risk Quantification?
Risk Quantification is an optional feature that allows you to provide business context for the business entity. It helps to quantify security risks in financial terms, shifting the focus from technical issues to business impacts. This enables you to make appropriate security risk management and prioritization decisions based on the financial risk associated with the business entity.
To enable the Risk Quantification, you need to share the following details:
-
Monetary value of the business entity by selecting the appropriate currency.
- Loss magnitude to define the financial impact of a loss type (security incident) on a business entity if it occurs.
What are loss magnitude and loss types?What are loss magnitude and loss types?
Loss magnitude allows you to measure the impact of a security risk. You define Loss Magnitude by selecting the Loss Type and the estimated minimum or maximum amount of financial loss the business entity can incur due to this loss incident.
Loss Types:
- Data Breach
- Business Interruption
- Fruad
- Extortion
- Intellectual Property