Manage risk levels
In this article is described how access rights risk levels are managed, how users risk level is calculated and re-certificated.
Use Case Description
This use case is available for the IGA Enterprise package.
|
Description |
Overview |
This use case describes how IGA Admin can manage entitlements risk levels, how users risk levels are calculated and re-certificated. |
Operators |
IGA solution
Self-Service Portal
Manager
User
IGA Admin
IGA Owner |
Prerequisites |
Risk level value needs to be added to entitlement. |
Result |
All users have risk level automatically calculated and IGA Admin can report, re-certificate and mange entitlements risk levels. |
Operating chain for setting risk level |
- Risk level is added to IGA Entitlement datacard
- IGA Admin can manage all IGA Entitlements and their risk levels
- IGA Owner can manage those IGA Entitlements risk level, which he/she has been allocated as an owner
- IGA Admin or Owner opens the entitlement, which risk level value they want to change
- Risk levels are
-
High (value 3)
Admin accesses, financial accesses, accesses to sensitive or classified information, physical accesses to for example medicine cabinets etc.
-
Medium (value 2)
Accesses to business-critical applications,
-
Normal (value 1)
Accesses to common application, like for example intranet, email, distribution lists etc.
- Automatic calculations are:
-
Organizations total risk value
Is automatically calculated based on all entitlements risk level and value, if value is empty, calculator uses value 2. This value is used to compare users risk value and determinate most high-risk users.
-
Applications total risk value
Is automatically calculated based on related IGA Entitlements and this is used for evaluating high risk applications in the organization. Information can be found from application datacards
-
User risk level (high, medium, normal)
-
User risk value (compared to organizations total risk value)
- IGA Admin or Owner saves the datacard, which risk level has been changed
- IGA Solution calculates users and applications risk level and value based on related IGA Entitlements
- Users risk level and value can be seen in IGA Identity Storage datacards
- Organizations total risk value can be seen in IGA Identity Storage (no common place for checking this)
- Applications total risk value can be seen in Application datacard
- IGA Admin can report and review users, IGA Entitlements and applications based on risk level and risk value
- IGA Admin can start re-certification for high-risk users or applications
|
Related datacards |
IGA Identity Storage
IGA Entitlement
IGA Account
Application |
Views and dashboards |
- Users sorted based on risk level, percentage of how many users belongs to each risk level
- Users with most high-risk value (compared to organizations total risk value)
- Ongoing or scheduled re-certifications related to high-risk users and applications
- High risk applications, calculated based on entitlements related to the application
- High risk applications, listed with most users high risk level users
|
Delete
Configuration changes
Customer can define these configuration changes, without them affecting the projects schedule or work estimations.
1. More reports, views and dashboards
Customers IGA Admins or Matrix42consultant can create easily more views and reports
Delete
Expansion possibilities
In this chapter are listed expansion possibilities, but please notice that these might have affect to the projects schedule and work estimations, so these will always needs Matrix42Consultants review before agreeing on implementation.
1. Customer can request more risk levels and values to be added, these needs to always be separately defined and agreed with the Customer
Delete
Relations & configuration instructions
Relations to other use cases,
Relations to other data cards,
IGA Identity Storage
IGA Entitlement
IGA Account
Application
Configuration instructions,
With IGA baseline there is no need to edit workflows or EPEtasks to achieve this use case.
Delete