Friday, May 3, 2013

Identity Risk Model SailPoint IIQ

Risk score is a interesting feature in SailPoint, though I haven't seen many customers interested in using this feature. 
The main reason behind this could be that they have to educate the certifiers(business users) on the risk scores and levels defined in SailPoint, though if planned well it can be very useful and expedite the process of certification.
In this post I will describe how the Identity risk score is configured/calculated in SailPoint.
  •  -Identity Risk score can be configured for three types :-
             - Role Baseline Access Risk
             - Entitlement Baseline Access Risk
             -  Policy Violation Access Risk

  • For each type of entitlement/role/policy as per the discussion with business you assign a specific Risk Score.  
  • Risk score can be assigned on a scale of 1 to 1000. The green color indicates low risk, yellow color indicates medium risk and red color indicates high risk. 
  • The scale can be adjusted  in System Setup-> IdentityIQ configuration -> Risk
  • Based on the risk score defined and on the composite scoring, the Identity risk score is calculated.
  • Risk Score Calculation :- If an identity has an entitlement with risk score 200 , role with a risk score of 100 and its not certified (if not certified then risk score is 1000) , and the compensated score for entitlement is 25%, role is 25% and certification is 50%, so the total risk score will be 25% of 200 + 25% of 100 + 50% of 1000 = 575 for the identity.

1 comment:

  1. Enterprise Architecture Manager is Risk Modeling a robust repository that organizes, integrates and analyzes information about an organization's architecture elements.