Seamlessly Configure Request Mitigation Policy Rules in SAP Access Control 10.0

  • by Kehinde Eseyin, Security Architect
  • January 31, 2013

Learn how to implement the business rule request mitigation policy in your SAP Access Control 10.0 system using Business Rules Framework. This feature is especially useful in the event that you do not want to approve a request that contains specific risk levels without appropriately defining mitigating control for the access risk.

Request mitigation policy is a business rule that you can use to drive the behavior of the approval process based on the attributes (risk level) of the risk identified during risk analysis for an access request. You can integrate this rule with the Mitigation Control Assignment Workflow for a more controlled access request management process.

SAP Access Control 10.0 enables an enterprise to manage access risk associated with different business processes. Following the identification of access risks, you normally need to remediate the risk or mitigate the risk depending on a comprehensive risk assessment and analysis. One attribute that drives how you treat access risks in your enterprise system is the risk level. The risk level can be associated with different colors that reflect the degree of importance of the risk via hexadecimal code assignment (Figure 1). Risk level 3 (critical) is highlighted as I use this level for illustration purposes later.


Figure 1
Access risk levels

Kehinde Eseyin

Kehinde Eseyin is a security architect. He holds a bachelor’s degree in computer science. He has about 12 years of IT security, governance framework, IS risk, and compliance experience gained by working in numerous global organizations. Over the years, he has demonstrated competencies in security design, information assurance, cyber security, data privacy, threat and vulnerability management, penetration testing, business architecture, project management, IT audit, IS controls framework, and identity and access management.
 

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.