Entities are related to one another, usually in obvious ways. An application is hosted on a particular computer; a user has access to a certain application, and so on. In RiskVision, entity relationships model these associations. Once the relationships between entities are understood by the system, you can propagate controls, risk scores, and other aspects of entities within a given program, for use in dashboards and reports.
Relationships between entities have types and are bidirectional. If an application is deployed on a computer, the computer hosts the application.
Entity relationships allow risks to propagate from entity to entity.
| EXAMPLE |
| Mark Smeeth (user) has access to a critical business application. He leaves his user name and password on a sticky note on his computer monitor at his desk. Despite the security measures (authorization and authentication controls) in place on the server, Mark's negligence increases the risk that an unauthorized person will access the server and application data. |
When a parent entity is deleted, the child entities are not automatically included in assessments in which their parents had participated.
By default, entity relationship propagation settings are disabled.
