CyberSage, Threat Modeling Automation
CyberSage RestAPI for risk management
- cybersage
CyberSage automates a set of common risk management operations. These automation features can be accessed either in the web UI or Rest API.
These RestAPIs can be called by external systems to populate risk and control data in CyberSage. For instance, the APIs can be used to import existing inherent risk data of IT assets from enterprise’s book of record (e.g, an enterprise CMDB). Automated synchronization can also be performed via these APIs so such risk data stays current with the enterprise' book of record.
Here are sample Rest API supporting risk management automation.
RestAPI to set up and maintain Inherent Risk Information for IT assets.
The above saveApp RestAPI sets an application’s risk data, including Confidentiality requirement rating, Integrity requirement rating, Inherent Risk Rating, whether the application is Internet-facing etc.
RestAPI to certify risk and control information.
The above “approve/fact” RestAPI let users to certify risk and control information about an application or a business feature in the application.
For instance, authorized users can certify whether the application uses one-time-use passcode to interdict the requestor before certain critical transaction (e.g, link bank account) can be performed.