Chat now with support
Chat with Support

Identity Manager 8.1.5 - Web Portal User Guide

Getting started Security keys (WebAuthn) Requests Attestation Compliance Responsibilities
My responsibilities
Employees System entitlements Business roles System roles Departments Cost centers Locations Application roles Resources Assignment resources Multi-request resources Multi-requestable/unsubscribable resources Software Devices Adding tags for service items
Task delegation Ownerships Auditing Governance administration
Applications Calls Settings Discovering your statistics on the start page

Risk assessment

Risk assessment is an important part of compliance. For example, high risk rule violations are more likely to require mitigations, or have fewer exception approvers. In One Identity Manager, risk data is gathered from a variety of sources, and then calculations are performed to produce risk indexes. Every item within One Identity Manager can be assigned a risk value. If you own resources, you maybe able to modify their risk values in the Master Data. For more information, see Master data.

In Risk Assessment, you can modify the risk index functions that are used to calculate these indexes. Risk indexes are calculated for employees, user accounts, system roles, IT Shop structures, organizations, and business roles.

There are four calculation types that can be used. Choose the one that best fits the desired impact on risk for the risk index function you are modifying.

Table 44: Calculation types

Calculation type

Description

Maximum (weighted)

The highest value from all relevant risk indexes is calculated, weighted, and taken as basis for the next calculation.

Maximum (normalized)

The highest value from all relevant risk indexes is calculated, weighted with the normalized weighting factor and taken as basis for the next calculation.

Increment

The risk index of Table column (target) is incremented by a fixed value. This value is specified in Weighting/Change value.

Decrement

The risk index of Table column (target) is decremented by a fixed value. This value is specified in Weighting/Change value.

Average(weighted)

The average of all relevant risk indexes is calculated, weighted, and taken as basis for the next calculation.

Average(normalized)

The average of all relevant risk indexes is calculated with the normalized weighting factor and taken as basis for the next calculation.

Reduction

Used when calculating the reduced risk index for compliance rules, SAP functions, company policies and attestation policies. You cannot add custom functions with this calculation type!

You can assign a weight to the calculation, which determines how much the result of a particular function affects the overall risk index. You can view high risk objects in High Risk Overview. For more information, see What statistics are available?.

To edit a risk index function

  1. Open Compliance | Governance Administration and click Risk Assessment.

  2. Mark the risk assessment function you want to view.

  3. Click and select the required calculation type in the Attestation of assignment dialog.

  4. Perform one of the following tasks:

    1. Use the slider to set a value between 0 and 1 on the Weighting/Change value scale.

      - OR -

    2. Check Disabled if you no longer want to use the risk index function.

      - OR -

    3. Uncheck Disabled if you want to use the risk index function again.

  5. Click Save.

High-risk overview

This overview lists high-risk objects and divides them into different groups that can be expanded and collapsed. Each of the groups displays resources with the highest risk factor, which you manage. Risk indexes are calculated for employees, user accounts, system roles, structures, organizations, and business roles. Risk indexes are calculated for employees, user accounts, system roles, IT Shop structures, organizations, and business roles, file systems, and SharePoint resources. Object have risk values, which provide the risk index when combined with risk index functions. You can view the following information in High-Risk Overview statistics.

  • Objects with the highest overall risk
  • For more information on risk function calculators, see Modifying Risk Calculators.

Compliance frameworks

NOTE: This function is only available if at least one of the modules Governance Base Module, Attestation Module, Compliance Rules Module, or Company Policies Module is installed.

Compliance frameworks group together various policies, rules, and attestations to correspond with regulatory requirements. Compliance frameworks are set up by an administrator, but can be viewed in the Web Portal.

This is required, for example, of you must comply to a certain framework. It is useful to know, which rules, policies, and attestation policies are connected with the framework.

To view a compliance framework

  • Open Compliance | Governance Administration and click Compliance Frameworks.

    A Hyper View of the framework appears, with a shape for the associated rules, policies, and attestation policies.

Rule violations

Certain roles require you to find violations within their own system. This information can help to determine gaps in your security or compliance policies and help to develop attestation policies or violation mitigation. Mitigation comprises processes existing outside the One Identity Manager solution and that reduce the risk of violation. For more information, see Governance administration.

You can generate reports that describe the rule violations exactly. These reports contain a risk assessment for you to use for prioritizing violations and on which to base subsequent planning. The reduced risk index takes into account many risk factors that arise from violations and represents the risk as a value between 0 (no risk) and 1 (high risk).

NOTE: You can only see Policy Violations or Rule Violations if you have the Compliance and Security Officer's or Auditor's application role.

Depending on which application is assigned to you, the following options are visible to you in your rule violation view:

  • By framework
  • By department
  • By rule
  • By application role
  • All compliance rules

NOTE: If you only have one application role, you will not see any other options. The option corresponding to the application in this case is preset and must not be enabled by you.

To view rule violations

  1. Open Compliance | Governance Administration and click Rule Violations.
  2. Set one of the options shown to present the view more clearly.
  3. Mark a rule.
  4. Get further information.
  5. Perform one of the following tasks:
    1. Click of the links in the detailed content view to display more details.
    2. Click "Show details" to display details about the selected rule.
    3. Depending on your role assignments, you can generate a report using Report.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating