1. Mitigation: Always need to monitoring.
if there is mitigation, Then we need to monitor continuously.
if there is mitigation, Then we need to monitor continuously.
2. Risk --> High, Medium, Low
3.Some companies have zero risks in their business.but, if user want access again. Then user should raise exception requests.
why user need exception access & business requirements.
why user need exception access & business requirements.
In the below screen, we can see the sample page for function id, business process,Risk id. integration.
From the below screen, Multiple action / permissions combined toghether Function.
Multiple functions combined toghether Risk.
Multiple risks combined toghether as Business process.
Multiple business process will be assigned to one single rule set.
* SOD is complex in company code environment.
3.Analysis:
Analysis to identify risk:( best way)
object --> Fields --> Values --> Single role --> Composite role --> User.
In the below, Mitigation phase. we have 2 types of mitigation controls.
1.preventive control and
2.detective control.
* Need to monitor logs in detective conntrol mitigation. * Sometime mitigation of risk. may be taking insurence.
1.preventive control and
2.detective control.
* Need to monitor logs in detective conntrol mitigation. * Sometime mitigation of risk. may be taking insurence.
6.Continous monitoring with respect to new users creation.
Manually.
or
Configuring automatic alert mechanism.
or
Configuring automatic alert mechanism.
--------------------------------------------------xxx-----------------------------------------xxx-------------------------
No comments:
Post a Comment