on 04-17-2014 8:10 AM
Hi Guys,
I am newer to GRC and have lot of doubts related to it.
Please help me to understand the concepts of Ruleset in RAR and also different types of risk level with their significance or some examples ?
One more question what is HR objects , How it is useful in security point of view.
Thanks in Advance
Dear Arpit,
quite difficult to explain the whole GRC story in a short post. Basically I will show you how a rule set looks like. Therefore I will use an example which should make it clear:
As you can see a rule set combines one or more access risks. An access risk is always a combination of two functions which is a potential conflict. A funtion contains actions which can be grouped together (same function can be performed with several transactions). Each action/transaction has its permission (Display for example should not be a risk, but Change/Create might be).
Risk levels are defined of the potential risk to your organization. As this is different from company to company I cannot tell you which risk is a high potential risk and which not. This should be considered together with your responsible for internal controls.
Hope this helps to give you a very short overview.
Best regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.