[DRAFT] Actionability / remediation guidance (W1)
Status: DRAFT
Scope
For W1, we do NOT need a full-blown playbook engine. We need:
- Structured, deterministic guidance
- Ranked by impact
- Impact scoring
Think: Per path → Suggested actions ranked by impact
Example:
Top Risk Reducers
- Assign valid owner (removes orphaned status)
- Remove Global Reader role
- Restrict LLM endpoint access
What we are NOT building
- Not a SOAR or policy engine.
- Not policy writing
- Not workflow automation
- Not GRC
We are just telling the SecOps team:
If you change these 2–3 things, risk materially drops.
Definition of Done for this sprint
We can say:
We surface deterministic exposure and suggested remediation guidance tied to each authority path.
Auth Path Risk Narrative
Auth Path → Path Risk Narrative (”Exposure Brief”) → Graph details
What it needs to answer
- “Should i fix this specific authority?”