Mitigating controls overview
You can see the most important information about a mitigating control on the overview form.
To obtain an overview of a mitigating control
-
In the Manager, select the Risk index functions > Mitigating controls category.
-
Select the mitigating control in the result list.
-
Select the Mitigating control overview task.
Assigning company policies
Use this task to specify for which company policies the mitigating control is valid. You can only assign company policy working copies on the assignment form.
To assign company policies to mitigating controls
- Select the Risk index functions > Mitigating controls category.
- Select the mitigating control in the result list.
- Select the Assign company policies task.
- In the Add assignments pane, double-click the company policies you want to assign.
- OR -
In the Remove assignments pane, double-click the company policies whose assignment is to be deleted.
- Save the changes.
Calculating mitigation
The reduction in significance of a mitigating control supplies the value by which the risk index of a company policy is reduced when the control is implemented.One Identity Manager calculates a reduced risk index based on the risk index and the significance reduction. One Identity Manager supplies default functions for calculating reduced risk indexes. These functions cannot be edited with One Identity Manager tools.
The reduced risk index is calculated from the company policy and the significance reduced sum of all assigned mitigating controls.
Risk index (reduced) = Risk index - sum significance reductions
If the significance reduction sum is greater than the risk index, the reduced risk index is set to 0.
General configuration parameter for company policies
The following configuration parameters are additionally available in One Identity Manager after the module has been installed. Some general configuration parameters are relevant for company policies. The following table contains a summary of all applicable configuration parameters for company policies.
Table 25: Overview of configuration parameters
QER | Policy |
Preprocessor relevant configuration parameter for controlling company policy validation. Changes to the parameter require recompiling the database.
If the parameter is enabled, you can use the model components.
If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
QER | Policy | EmailNotification |
This parameter is used for mail notifications.
Information about notifications during company policy checks is stored under the parameter. |
QER | Policy | EmailNotification | DefaultSenderAddress |
Sender's default email address for sending automatically generated notifications when company policies are checked. Replace the default address with a valid email address. |
QER | CalculateRiskIndex |
Preprocessor relevant configuration parameter controlling system components for calculating an employee's risk index. Changes to the parameter require recompiling the database.
If the parameter is enabled, values for the risk index can be entered and calculated.
If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |