cancel
Showing results for 
Search instead for 
Did you mean: 

After at run the risk at user level then i find the Risk then next what Can i do ?

Former Member
0 Kudos

Hi Experts,

Please give me sugation

i run the risk at user level then i will get the some risks.

will u tell me the next step ? kindly provide me the relvent documents its help for me,

Thank you

Best Regards.

Ravi

Accepted Solutions (1)

Accepted Solutions (1)

alessandr0
Active Contributor
0 Kudos

Hi Ravi,

failed to search. Please check the following document which is available here on SCN:

If you have specific question do not hesitate to ask. But please google first.


Thanks and regards,

Alessandro

Former Member
0 Kudos

Hi Alessandro

Thank you so much, this document  helps me.

Thank you so much

Answers (3)

Answers (3)

former_member193066
Active Contributor
0 Kudos

Hello Ravi,

The above mention steps and document provided helpful.

you need to sit with business and identify.

whether is a risk or false positive.

if Risk follow

either remediation or mitigation

if false positive modify your ruleset or create false positive rules.

the decision has to be taken by business .

Regards,

Prasant

Former Member
0 Kudos

Hi Ravi,

Below are the steps  can be followed :

1.Remediate/remove the risks shown in the user level risk analysis  by following the document as suggested by Alessandro above.Normally risks can be removed by correcting the role or removing the unnecessary role from the system.

2.Mitigate the risks-Most of the time some risks cannot be removed from the system due to numerous reasons like limitation of resources due to which same person performing multiple  duties in an organization which creates conflicts.These factors  are known to business and they are ready to live with these risks.In these cases business create Mitigation Control  to mitigate particular risk and monitor those risks continuously to avoid threats to their business.

Hope this helps.

Regards

Pradeep

Former Member
0 Kudos

you can do

Remediation: Remove risks from users, by removing the roles, causing risks.

Mitigation: Apply Mitigation Control, so that they(risks) are approved by business, and users do not appear as risks