Entities are related to one another. For example, an application is hosted on a particular computer, or a user has access to a certain application. In RiskVision, entity relationships model these associations. Once the relationships between entities are understood by the system, you can propagate controls, risk scores, and other aspects of entities within a given program for use in dashboards and reports.
Relationships between entities have types and are bidirectional. For example, if an application is deployed on a computer, the computer hosts the application.
Entity relationships allow risks to propagate from entity to entity.
EXAMPLE |
Mark has access to a critical business application. He leaves his username and password on a sticky note on his computer monitor at his desk. Despite the security measures (authorization and authentication controls) in place on the server, Mark's negligence increases the risk that an unauthorized person will access the server and application data. |
When a parent entity is deleted, the child entities are not automatically included in assessments in which their parents had participated. Entity relationship propagation settings are disabled by default.