on 01-07-2014 8:43 PM
how do we mitigate an auth object which is sensitive decided by business?
Hi Sankar
You can only mitigate the role/profile; the user; or a HR object
Extending Andreas' comment, you will need to define a function that contains the authorization you deem critical (function does not require an action) and then add it to a critical action risk and assign that risk to your rule set.
When you complete SoD analysis, the users with that Critical Action will flag and then you can mitigate them
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sankar,
before mitigation you need a risk. Create a risk (critical auth. xy) and an associated funtion or adding that sensitive object to an exiting risk/function. Afterwards you can mitigate that risk/or even the rule ID pointing add that particular auth. object.
Cheers,
Andreas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.