Skip to Content
avatar image
Former Member

Mitigation of sensitive auth obj

how do we mitigate an auth object which is sensitive decided by business?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Jan 20, 2014 at 12:48 PM

    Hi Sankar,

    before mitigation you need a risk. Create a risk (critical auth. xy) and an associated funtion or adding that sensitive object to an exiting risk/function. Afterwards you can mitigate that risk/or even the rule ID pointing add that particular auth. object.

    Cheers,

    Andreas

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 20, 2014 at 10:06 PM

    Hi Sankar

    You can only mitigate the role/profile; the user; or a HR object

    Extending Andreas' comment, you will need to define a function that contains the authorization you deem critical (function does not require an action) and then add it to a critical action risk and assign that risk to your rule set.

    When you complete SoD analysis, the users with that Critical Action will flag and then you can mitigate them

    Regards

    Colleen

    Add comment
    10|10000 characters needed characters exceeded