Overview
When creating issue tracking cases for countermeasure's, the Jira priority does not align with the priority set in the countermeasure. Depending on the priorities you have available in your Jira project this is usually normal behaviour, please see below for a detailed explanation.
Example use case
You have your top 4 priorities set in Jira as Highest, high, medium, low and other priorities such as lowest & epic, you then select the option to raise an issue tracking case for a countermeasure with a countermeasure priority of "Very high" but you see the case raised as a high in Jira which seems incorrect.
Explanation
In IriusRisk there are 4 ratings for countermeasure priorities:
Very High
High
Medium
Low
These are split into 4 priority thresholds:
Very High = 75-100
High = 50-75
Medium = 25-50
Low = 0-25
The ideal situation is that we have 4 Jira priorities to correctly align the countermeasure priorities in IriusRisk with the priorities in JIRA.
IriusRisk priority
Very High = 75-100
High = 50-75
Medium = 25-50
Low = 0-25
Jira priority range
Highest = 75-100
High = 50-75
Medium = 25-50
Low = 0-25
However, as is the case with most Jira projects we see there are usually more than 4 priorities available as defined within the target project. We can see this via the log entry in the tomcat container when we create an issue in the below example.
INFO com.iriusrisk.issuetracker.jira.priority.JiraIssuePriorityCalculator - Available project priorities: [Highest, High, Medium, Low, Lowest]
What we now have is 5 priorities which further segregates the thresholds when we need to define a priority automatically in Jira from IriusRisk,
Highest = 81 - 100
High = 61 - 80
Medium = 41 - 60
Low = 21 - 40
Lowest = 0 - 20
So, to feed this explanation back into the use case above, you have a countermeasure priority that has a calculated risk score of 79, IriusRisk marks this as Very High in the UI and you raise an issue tracking case to feed this into Jira project, however, when it is created, it is raised as high when you were expecting a Highest and you need to manually reset this in Jira as a result of the other priorities defined in the project.
IriusRisk priority
Very High = 75-100 < 79
High = 50-75
Medium = 25-50
Low = 0-25
Jira priority range
Highest = 81 - 100
High = 61 - 80 < 79
Medium = 41 - 60
Low = 21 - 40
Lowest = 0 - 20
One way to avoid this is to manually set the priorities in the applicable issue tracking configuration by changing the below configuration from Automatically set based on risk of countermeasure
To Set manually in each countermeasure and remove the unwanted priorities.
Comments
0 comments
Please sign in to leave a comment.