Prepare your Environment for the ETM Journey
Before building your Risk Operations Center (ROC) with TruRisk, ensure a solid foundation. This checklist serves as your launchpad for effective cyber risk quantification and informed strategic decisions.
Platform and Access Requirements
| Prerequisite | Why It Matters |
|---|---|
| Qualys Cloud Platform Account | Your gateway to ETM. An active Qualys subscription is required to access the platform. |
| ETM Application Activation | ETM must be provisioned and enabled. This is your core engine for TruRisk insights. |
| User Role Permissions | Assign Manager or equivalent roles to users who configure profiles, connectors, and dashboards. Empower your ROC leaders!. |
Data Source and Integration Setup
| Prerequisite | Why It Matters |
|---|---|
| Qualys Applications Enabled | Activate VMDR, CSAM, Policy Audit, and Web App Scanning. These feed essential asset and vulnerability data into TruRisk. |
| Third-Party Tool Access (Optional) | If you are planning to integrate ServiceNow, Wiz, or Microsoft Defender, ensure API access and credentials are ready. |
| Network Accessibility | The Qualys platform must securely communicate with all connectors and data sources via outbound APIs or file uploads. |
Business Context Preparation
| Prerequisite | Why It Matters |
|---|---|
| Business Entities Identified | Define logical entities you want to track, such as Finance, Cloud Platform to aggregate TruRisk scores meaningfully. |
| Business Impact and Value Metrics | Assign financial or operational value to each entity. This helps quantify cyber risk in real-world terms. |
| Defined Risk Appetite | Set acceptable TruRisk thresholds for your organization or per business entity (for example, Risk Appetite = 450 / 1000). |
Asset and Inventory Readiness
| Prerequisite | Why It Matters |
|---|---|
| Asset Discovery Completed | Ensure that every asset, whether on-premises, in the cloud, or part of a hybrid setup, is thoroughly scanned and listed in the Qualys asset inventory. This visibility is crucial for maintaining a secure and well-managed environment. |
| Tagging Structure Defined | Use consistent tagging logic (based on departments, applications, or IP ranges) to group assets into business entities. |
| Asset Criticality Criteria | Define importance levels (1–5) to prioritize risk mitigation based on asset value for TruRisk calculation and prioritization. |