cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC Rule Sets

Go to solution
Former Member

on ‎03-30-2011 2:45 PM

0 Kudos

Hi

We have a requirement of building up a custom rule set for our organization. The current requirement is to have a central rule set across for all system and have subsequent system specific Risks identified in addition.

Scenario: Letu2019s say we have identified around 100 risks across the enterprise, however only 50 risks out of 100 risks are applicable for one system. While for the second system there are around 70 risks applicable. Finally for the third one all 100 risks are applicable.

Should we have system specific rule sets to address the above scenario or should we have a common rule set for the enterprise.

Appreciate your inputs about the approach for building up of rule set for such scenarios.

Question: With GRC 10.0, can we run risks for a system on multiple rule set IDs at one time.

Thanks.

Anjan Pandey

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

frank_bannert
Active Participant
‎04-06-2011 9:51 AM
0 Kudos

Hi Anjan,

most customer use a single rule set and group there physical systems into logical systems. They then generate the rules on logical system level.

In AC 10.0 it will become easier to use multiple rule sets.

Best,

Frank

Show replies
Show replies
Former Member
‎04-13-2011 6:54 PM
0 Kudos

Hi,

Most of the clients will prefer to go with one rule set. However System can allow create/maintain multiple rule sets.

Anyway your requirement is to have one central rule set across all systems u2013 For that, Create Logical system and maintains one Rule set is the right approach and it gives flexibility for future usage to add /remove required systems. You can maintain risks by system specific, not required to maintain multiple rule sets.

Refer GRC Access Control Effective Rule Set Design document, it gives some good explanation of Rule Set Design&typical Scenarios, Logical & Physical systems approach..etc.

Regards,

Ram

Edited by: ram komma on Apr 13, 2011 1:55 PM

Former Member
‎04-15-2011 5:57 PM
0 Kudos

Thanks Frank & Ram for your answers.. We have finally decided to go for one central rule set across the landscape.

Thanks.

Anjan Pandey

Answers (1)

Answers (1)

Former Member
‎04-15-2011 5:58 PM
0 Kudos

Question answered..

Show replies
Show replies
Former Member
‎07-29-2011 10:41 AM
0 Kudos

Hey Ram.

As you have referd to " GRC Access Control Effective Rule Set Design document " above . Can you please help me to locate this document on SDN or google. I have been searching for this for some time now , however couldnt find it .

Would really appreciate your help here.

Vikas

Ask a Question