cancel
Showing results for 
Search instead for 
Did you mean: 

GRC 5.3 RAR ( Rule set and Risk levels)

Former Member
0 Kudos

Hi Guys,

I am newer to GRC and have lot of doubts related to it.

Please help me to understand the concepts of Ruleset in RAR and also different types of risk level with their significance or some examples ?

One more question what is HR objects , How it is useful in security point of view.

Thanks in Advance

Accepted Solutions (1)

Accepted Solutions (1)

alessandr0
Active Contributor
0 Kudos

Dear Arpit,

quite difficult to explain the whole GRC story in a short post. Basically I will show you how a rule set looks like. Therefore I will use an example which should make it clear:

As you can see a rule set combines one or more access risks. An access risk is always a combination of two functions which is a potential conflict. A funtion contains actions which can be grouped together (same function can be performed with several transactions). Each action/transaction has its permission (Display for example should not be a risk, but Change/Create might be).

Risk levels are defined of the potential risk to your organization. As this is different from company to company I cannot tell you which risk is a high potential risk and which not. This should be considered together with your responsible for internal controls.

Hope this helps to give you a very short overview.

Best regards,

Alessandro

alessandr0
Active Contributor
0 Kudos

I have an additional slide which shows the ruleset with other examples:

Let us know if you have specific questions.


Regards,

Alessandro

Former Member
0 Kudos

Thanks Alessandro !!!!!!

Answers (0)