on 08-15-2015 12:04 PM
Hi Experts,
Please give me sugation
i run the risk at user level then i will get the some risks.
will u tell me the next step ? kindly provide me the relvent documents its help for me,
Thank you
Best Regards.
Ravi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Ravi,
The above mention steps and document provided helpful.
you need to sit with business and identify.
whether is a risk or false positive.
if Risk follow
either remediation or mitigation
if false positive modify your ruleset or create false positive rules.
the decision has to be taken by business .
Regards,
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ravi,
Below are the steps can be followed :
1.Remediate/remove the risks shown in the user level risk analysis by following the document as suggested by Alessandro above.Normally risks can be removed by correcting the role or removing the unnecessary role from the system.
2.Mitigate the risks-Most of the time some risks cannot be removed from the system due to numerous reasons like limitation of resources due to which same person performing multiple duties in an organization which creates conflicts.These factors are known to business and they are ready to live with these risks.In these cases business create Mitigation Control to mitigate particular risk and monitor those risks continuously to avoid threats to their business.
Hope this helps.
Regards
Pradeep
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
you can do
Remediation: Remove risks from users, by removing the roles, causing risks.
Mitigation: Apply Mitigation Control, so that they(risks) are approved by business, and users do not appear as risks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.