Goal
Add a decision queue that answers: what needs executive action this week?
Current state
- Security/technical manager dashboard summaries expose approval tasks, approved decisions, patching tasks, aged vulnerabilities, and risk-change briefs.
- The executive dashboard does not yet curate these into ranked management decisions with business impact and required action.
Scope
- Add an executive decision queue API model with rank, risk title, business impact, required action, source type, severity, owner, due/expiry date, and drill-down target.
- Populate it from high-signal sources: exploited internet-facing exposure, overdue critical work, pending/expiring approvals, accepted risk expiring/overdue, unowned critical assets/software, and missed maintenance windows.
- Render the top queue in
CisoExecutiveOverview.
Acceptance criteria
- Queue returns deterministic ranking for the top 5-10 executive-action items.
- Each item includes a clear action verb/category and drill-down reference.
- Items are de-duplicated when the same remediation case triggers multiple signals.
- Tests cover ranking, de-duplication, and empty-state behavior.
Goal
Add a decision queue that answers: what needs executive action this week?
Current state
Scope
CisoExecutiveOverview.Acceptance criteria