Security Control:
Risk-Based Governance

Access enforcement based on risk posture derived from at least one risk engine. (Cloud Access Security Broker, Fraud & Risk, UEBA, SIEM).

Components and Required Capabilities

Identity Governance

  • Must have the ability to initiate attestation campaign
  • Must have the ability to call out to Fraud & Risk to update user status

Supporting IDSA Members (analyst reference, where available):

Fraud & Risk

  • Must have the ability to send risk status to requesting tool as a defined value (low, moderate, high, extreme)

Supporting IDSA Members (analyst reference, where available):

CASB

  • Must have the ability to return anomaly status

Supporting IDSA Members (analyst reference, where available):

Interaction Diagram

risk-based governance

– Click for larger image –