Post on 22-Jan-2018
transcript
Risk Assessment for applied and authorized permissions
Customers demands:Pro-active reaction to redundant permissions risks (do not allow to apply for the critical permission set on the access request stage). Receive comprehensive authorized permissions assessment for damages forecast and re-assessment planning.
Current NetIQ Deliverables:There are no Risk Assessment components inside NetIQ IDM. The feature is arranged in an off-line mode through reporting - and a refined version through Access Review.
Risk Assessment for applied and authorized permissions
NCU developments:• Data and Permissions Risk Assessment module for NetIQ IDM
(Abuse of permissions risk, Permissions loss risk, Permissions delegation risk, Information distortion risk, Data breach risk etc.)
• Pro-active analysis of risk level feature during access request application stage
• Worlds best practices in Risk Assessment reports• Administration setting tools
Future NetIQ Deliverables:Pro Active Risk Assessment for applied and authorized permissions inside NetIQ IDM
Risk Assessment System module Features
● Risk Assessment based on complex evaluations of object (User, System, Role, Activity)
● Operational risk evaluation during role permission assignment in the request application (form dashboards)
● Risk Analysis and Assessment (parameterized linked reports/sub-reports in JasperReport©)
● Risk Forecasting based on evaluations and executed activities (permissions assignment and revocation)
Risk Assessment System module Conclusion
● Risk Assessment based on characteristics of the objects used in access approval and maintenance
● Prevention/notification during assignment of roles associated with risks
● Risk Analysis and Forecasting● Assessment Indicator settings according to Customer
demands● Analysis visualization for critical areas retrieval and
assessment● “Heat Map” building for analysis acceleration● Assessment engine scaling according to object
characteristics, risks, object evaluations
• components: IDM 4.x UserApplication, EAS; Jasper Report 5.6/6.0 (community edition), jqgrid (opensource js-framework)
• deliverables: .war (.jar, .js), .xml (PRD), database schema (postgresql), report templates
• services: installation, configuration, documentation
• support: updates & upgrades, 2nd line support
Risk Assessment System module Deliverables by NCU