High risk overview (page description)
To open the High Risk Overview page go to Compliance > Governance Administration > High Risk Overview.
On the High Risk Overview page, you can get overview of the objects with the highest risk factor (see Displaying high risk objects). This can help you prioritize when managing your business resources. Company resources have risk values, which provide the risk index when combined with risk index functions.
The following tables give you an overview of the various features and content on the High Risk Overview page.
Table 252: Controls
|
Show all high risk objects |
Select this check box if you want to show all the high risk objects (instead of just the top 10) (see Displaying high risk objects). |
Table 253: Columns
|
High Risk Objects |
|
Display name |
Shows you the object's display name. |
|
Object type |
Shows you the type of object. |
|
Risk index |
Show the object's risk index. |
|
High Risk Employees |
|
Full name |
Shows the identity's name. |
|
Primary department |
Shows you to which department the identity is primarily assigned. |
|
Risk index (calculated) |
Shows you the identity's calculated risk index. |
|
High Risk Business roles |
|
Business role |
Shows the business role's name. |
|
Role class |
Shows the business role's role class. |
|
Risk index (calculated) |
Shows you the business role's calculated risk index. |
|
High Risk System roles |
|
System role |
Shows the system role's internal name. |
|
Display name |
Shows the system role's display name. |
|
System role manager |
Shows you the name of the identity responsible for the system role. |
|
Risk index (calculated) |
Shows you the system role's calculated risk index. |
|
High Risk System entitlements |
|
Display |
Shows the system entitlement's display name. |
|
Group type |
Shows the system entitlement's group type. |
|
Risk index |
Shows the system entitlement's risk index. |
|
High Risk User accounts |
|
Login name |
Shows you the user name of the user account used to log in. |
|
Name |
Shows you the user account's display name. |
|
Employee |
Shows you the name of the identity to which the user account is primarily assigned. |
|
Container |
Shows you in which container the user account is located. |
|
Risk index (calculated) |
Shows you the calculated user account's risk index. |
TIP: You can show less data by using the column filters. For more information, see Filtering.
Rule violations (page description)
To open the Rule Violations page go to Compliance > Governance Administration > Rule Violations.
On the Rule Violations page, you get an overview of compliance rules and the corresponding rule violations and generate detailed reports on them (see Viewing compliance rules and violations). This information can help to determine gaps in your security or compliance policies and to develop attestation policies or mitigating controls. Mitigation comprises processes existing outside the One Identity Manager solution and that reduce the risk of violation.
The following tables give you an overview of the various features and content on the Rule Violations page.
Table 254: Controls
|
By framework |
Enable this option to display all compliance rules associated with compliance frameworks for which you are responsible. |
|
By department |
Enable this option to display all compliance rules violated by identities belonging to departments for which you are responsible. |
|
By rule |
Enable this option to display all compliance rules for which you are responsible. |
|
By approval role |
Enable this option to display all compliance rules for which you are allowed to grant exceptions. |
|
All compliance rules |
Enable this option to display all compliance rules. |
Table 255: Controls in the detail pane of a compliance rule
|
Show details |
This opens the <rule> page (see Rule details (page description)).
Use this button to display more details about the compliance rule as a HyperView (see Viewing compliance rules and violations). |
|
Report |
Use this button to generate a report listing the rule violations (see Viewing compliance rules and violations).
The report contains a risk assessment for you to use for prioritizing violations and on which to base subsequent planning. The risk assessment takes into account many risk factors that arise from violations and represents the risk as a value between 0 (no risk) and 1 (high risk). |
Table 256: Columns
|
Rule name |
Shows you the compliance rule's name. |
|
Risk index |
Shows the severity of the rule violation (meaning the calculated risk index). The higher this value is, the higher the risk that this rule violation poses. |
|
Risk index (reduced) |
Shows the risk index taking mitigating controls into account. A rule’s risk index can be reduced by a significance amount after mitigating controls have been applied.
Mitigating controls are processes that exist outside the One Identity Manager solution and that reduce the risk of violation. For more information, see Compliance – Governance Administration. |
|
Rule violations (new) |
Shows you how often the compliance rule has been violated recently. |
|
Rule violations (all) |
Shows you how often the compliance rule is violated. |
|
Rule group |
Shows you the rule group to which the compliance rule belongs based on its content. |
|
Compliance framework |
Shows you the compliance framework to which the compliance rule belongs. |
TIP: You can show less data by using the column filters. For more information, see Filtering.
TIP: You can see more information about each compliance rule in the details pane. To do this, click the corresponding entry in the list.
Rule details (page description)
To open the <rule name> details page go to Compliance > Governance Administration > Rule Violations > click an entry in the list.
On the <rule name> details page, you will see a overview of a specific company policy displayed as a HyperView (after you select Show Details on the Rule violations page) and you can create a report listing the rule violations.
The following table gives you an overview of the various features on the <rule name> details pane.
Table 257: Controls
|
Report |
Use this button to generate a report listing the rule violations.
The report contains a risk assessment for you to use for prioritizing violations and on which to base subsequent planning. The risk assessment takes into account many risk factors that arise from violations and represents the risk as a value between 0 (no risk) and 1 (high risk). |
Policy violations (page description)
To open the Policy Violations page go to Compliance > Governance Administration > Policy Violations.
On the Policy Violations page, you get an overview of company policies and the corresponding policy violations, and generate detailed reports about them (see Displaying company policies and violations). This information can help to determine gaps in your security or compliance policies and to develop attestation policies or mitigating controls. Mitigation comprises processes existing outside the One Identity Manager solution and that reduce the risk of violation.
The following tables give you an overview of the various features and content on the Policy Violations page.
Table 258: Controls
|
For framework owners |
Enable this option to display all company policies associated with compliance frameworks for which you are responsible. |
|
For policy owners |
Enable this option to display all company policies for which you are responsible. |
|
For exception approvers |
Enable this option to display all company policies for which you are allowed to grant exceptions. |
|
All policies |
Enable this option to display all company policies. |
Table 259: Controls in the company policy's details pane
|
Show details |
This opens the <policy> (Policy) page (see Policy details (page description)).
Use this button to display more details about the company policy as a HyperView (see Displaying company policies and violations). |
|
Report |
Use this button to generate a report listing the policy violations (see Displaying company policies and violations).
The report contains a risk assessment for you to use for prioritizing violations and on which to base subsequent planning. The risk assessment takes into account many risk factors that arise from violations and represents the risk as a value between 0 (no risk) and 1 (high risk). |
Table 260: Columns
|
Policy |
Shows you the name of the company policy. |
|
Risk index |
Shows the severity of the policy violation (meaning the calculated risk index). The higher this value is, the higher the risk that this policy violation poses. |
|
Risk index (reduced) |
Shows the risk index taking mitigating controls into account. The risk of a policy violation can be reduced by a significance amount after mitigating controls have been applied.
Mitigating controls are processes that exist outside the One Identity Manager solution and that reduce the risk of a policy violation. For more information, see Compliance – Governance Administration. |
|
Policy violations (new) |
Shows you how often the company policy has been violated recently. |
|
Policy violations (all) |
Shows you how often the company policy is violated. |
|
Policy group |
Shows you the policy group to which the company policy belongs, based on its content. |
|
Compliance framework |
Shows you the compliance framework to which the company policy belongs. |
TIP: You can show less data by using the column filters. For more information, see Filtering.
TIP: You can see more information about each company policy in the details pane. To do this, click the corresponding entry in the list.
