Risks

CA Identity Portal provides a real-time context-based RISK ANALYZER & SIMULATOR. It's based on an advanced, robust rules engine that calculates user risk score in real time.
cis141
CA Identity Portal provides a real-time context-based RISK ANALYZER & SIMULATOR. It's based on an advanced, robust rules engine that calculates user risk score in real time.
It offers an easy-to-use, configurable user-centric Risk Model that identifies areas of risk within the organization caused by users with high risk scores. It also enables organizations to strategically prioritize security and compliance activities to focus proactive controls on the areas of higher risk, as follows:
  1. Calculates and displays users' risk scores and Alerts whenever it detects a risky user
  2. Updates risk scores continually based on changes to user access privileges, user attributes and other relevant compensating factors
  3. Simulates in real time the user's risk score changes in the context of access requests, including permissions requested in the cart
  4. Implements three levels of preventive controls across IAM processes, based on risk and violation types and levels, when high-risk users or violating transactions are detected:
    • First level - Informative – alert on violation
    • Second level – collect justification from the user in order to continue request
    • Third level – prevent the user from continuing with his action
  5. Displays violations (and justifications) to approver to support approver's decision
  6. Audits violations and tracks them throughout the end-to-end process
Follow these steps:
  1. Navigate to the Admin UI.
  2. Click
    Elements
    ,
    Risks
    ,
    Create
    .
  3. Specify a name.
    The Tag value is populated automatically.
  4. Specify a score. Take into consideration the maximum risk level defined in the UI Configuration.
  5. Specify a description. 
  6. .Select one from the following access levels:
    1. Prevent From Submitting – a notification will be displayed and the user will not be allowed to continue with the request
    2. Requires justification – a notification will be displayed for the and if he wants to continue with the request he will be required to enter a justification for the request
    3. Inform Only – a notification will be displayed for the user but he will be allowed to continue with the request
  7. Click the
    Scope
    tab.
  8. Define the conditions(s) for the risk
    1. Select if all of the rules or any of the rules bellow must apply for the risk to be identified
    2. To add another rule click on
      Add Condition
    3. Select the parameter to evaluate for the rule, based on the parameter the rule configuration changes
    4. Group – Use group to define another layer of nesting in the condition. For example (GROUP: Condition A AND Condition B) OR Condition C.
    5. User's permissions
      1. Select the condition for the permissions
      2. Select the permissions
    6. User's attribute
      1. Select the attribute
      2. Select the condition for the attribute
      3. Enter a string for the condition
    7. Violations from external source
      1. When using this type of condition CA Identity Portal will transform the permissions in the cart, to the target permissions that they are linked, then transform them to a list of compliance target permissions and send them to evaluation in the external systems.
      2. The external systems are all systems that are able to perform compliance check that CA Identity Portal has connector to (i.e. Identity Governance).
      3. These systems will return violation if they exist.
      4. This rule will then filter the violations according to the definition in the condition filter. For example if we defined to only show violations that are related to Permission X, all violation that do not include Permission X will be discarded.
      5. If "include violations with external entitlements" is checked then violation that include items that CA Identity Portal is not familiar with (not mapped as target permission) will not be ignored.
      6. Only violations that are related to permissions in the Cart will be used.
      7. If a violation is fetched it will be displayed under this rule. So in turn, the user will be displayed with this risk message, and all the violations fetched from the external system underneath it.
      8. The violations fetched from external source will inherit the behavior from the risk fetching them. The score they receive is the risk that fetched them.
  9. Click
    Create
    .
    The risk element is created.