cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mitigation / Risk Analysis in CUP

Former Member

on ‎02-04-2009 3:12 PM

0 Kudos

Hi

I have created a Role using ERM and mitigated all the risks in that role. Now I am creating a new user using CUP in which I assign only this role.

Just wanted to check whether the system will show the risk violations at the time of User creation?

According to me it should not show any violations because the role being assigned to user is already mitigated.

Thanks in advance for the help.

Nitin Aggarwal

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎02-05-2009 4:28 AM
0 Kudos

Nitin,

You need to end the Risk ID with '' and not put '' in front of the Risk ID. I don't know what else can be the problem here. Did you try to run RA for the role and user in RAR?

Regards,

Alpesh

Show replies
Show replies
Former Member
‎02-05-2009 5:07 AM
0 Kudos

Hi Alpesh

I am sorry. I meant that I have put "*" at the end of Risk ID at the time of mitigation.

As for the Risk analysis in RAR, I ran an analysis for the Role and the system didn't give any violations because all the risks are already mitigated for this role.

However for running a User analysis in RAR using this role, i need to have the user created first. This problem itself is occuring at time of creation of user and so I am not able to run User analysis in RAR.

Regards,

Nitin

Former Member
‎02-06-2009 3:25 PM
0 Kudos

Hi nitin

Check the note Note 1167637 - Mitigated Risk still shows in CUP Risk Analysis

let me know if it helps

Former Member
‎02-04-2009 9:09 PM
0 Kudos

Hi Nitin,

When you are creating Mitigating controls and mitigating roles, provide the risk ID with '*'.

If the risk for which you are creating Mitigating controls and mitigating roles using that control is 'S028' then input the risk ID as 'S028*'.

This will resolve the issue. This is the most common problem when you have configured everything correctly.

Regards,

Alpesh

Show replies
Show replies
Former Member
‎02-05-2009 3:55 AM
0 Kudos

Hi Alpesh

This is exactly what I have been doing. I have put a "*" in front of the risk ID similar to what you had mentioned in your reply. but still I am facing this problem.

Please suggest any other setting which I need to check.

Regards,

Nitin

Former Member
‎02-04-2009 5:14 PM
0 Kudos

Hi Nitin,

You should not see violation from that particular role, but you will see violations due to conflict between this role and other roles assigned to this user.

I agree with Sahad as well. It will depend on the configuration. Go to RAR and run a simulation on that user and that role and see if you are getting violation or not.

Regards,

Alpesh

Show replies
Show replies
Former Member
‎02-04-2009 5:59 PM
0 Kudos

Hi Alpesh / Sahad

Thanks for replying.

The problem is that I just have attached 1 role to the new user which I am creating through CUP. This role has already been mitigated for all the risks. But in CUP, the risks mitigated in the role are shown again and need to be mitigated again at User level.

I have checked all configuration settings in RAR & CUP.

I have checked the "Consider Mitigation Control" box in CUP and my "default analysis type" in CUP is "Object level".

Further in RAR, I have the default analysis type as "permission" and I have also made "Include Role/profile mitigation at time of user risk analysis" to Yes.

Please advise if something else needs to be checked in the configuration.

Do you think i would need to make the "default analysis type" in CUP as Transaction level?

Regards,

Nitin Aggarwal

PwC India

Former Member
‎02-04-2009 4:46 PM
0 Kudos

Hi Nitin

I think you will still see violations, but depending upon the configuration you have made for mitigation on CUP 5.3, you may or may not be able to create user.

Please test and let me know the result.

Show replies
Show replies
Ask a Question