on 03-23-2010 3:35 PM
Hi,
I am trying to understand how the Alert Monitoring background jobs work. I understand that Alert monitoring for Confliction Actions and Critical Actions will generate allerts when conflicting actions or critical actions actually are performed, but how is this for the Control Monitoring? Will it create allerts when users/roles with conflicts are actually assigned a mitigating control, or will alerts also be created when mitigating controls are created but not assigned to a specific users/roles risk violation?
Thank you!
Ingar Steinsvik
Did you check the documenation on this ("Scheduling Alert Generation" section in GRC 5.3 config guide):
Control Monitoring:
This alert type is a mitigation level analysis, which generates mitigation alerts.
During the generation of alerts, the user and transaction information is passed to the risk
analysis. If you select the Consider Mitigated Users option, alerts are generated on user who
are associated with a mitigated risk. The generation of these alert types are useful for
transaction usage in Segregation of Duties (SoD) Review and User Access Review (UAR).
You can also set up a background job for sending alert notification via email based on the
alert type. By selecting Conflicting Actions and/or Critical Actions alert types, notifications are
sent to Risk Owners. Selecting Control Monitoring alert type sends notification to the
Management Approver of the Mitigating Control.
Thanks
Himadama
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi!
Yes, I have read the config guide, but it is still a bit unclear to me. As you say, "Selecting Control Monitoring alert type sends notification to the Management Approver of the Mitigating Control." But what triggers these allerts? Is it when a mitigation control is assigned to a user who has a risk violation? Or is it when a mitigating control is created? Or maybe it is when a mitigating control is NOT performed (report executed) within the frequency set for the mitigating control?
I hope my question is not too confusing
Ingar Steinsvik
Answer to your question is:
This alert generates if the report is not executed by the person identified as the monitor as required in the mitigation.
Please refer the following link:
http://www.grcexpertonline.com/article.cfm?id=3511
Thanks
Himadama
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.