Setup Privileged Apps & Risk Scores for application
IDHub allows you to set your privileged applications and also set risk scores for the application. This would be necessary to categorize your applications in terms of the risk factor or the nature of the data or accounts that are handled by the application for your organisation.
Setting Risk Scores for the Application
- Go to ‘
Manage Catalog
' in the Admin Module of IDHub using the credentials of a user that has the role of 'System Administrator
' with them. To learn more about IDHub roles, click here - Upon reaching the manage catalog, click on the Edit icon of the application to which you want to set the risk score.
- Under the Risk Level of the application, you can modify the risk score as per your need as shown in the screenshot level.
- Upon doing the required edit you need to click on submit
- The application goes to an approval cycle again with the modifications in place. The older version is archived once the modified version is in effect
Understanding Risk Levels & Scores
- A high-risk level (risk score of 3) is generally assigned to applications which have highly sensitive data about your organization. For instance: Finance applications such as XERO have financial data and audit reports of your business which are usually highly sensitive. Therefore for this application, you might want to set the risk level as high (risk score of 3). This is because, financial data or audit reports of your organization should be ideally accessed only by the top-level management, hence making these types of applications at a high-risk level would minimize the risk factors associated with sensitive data breaches.
- A medium risk level ( risk score of 2) is assigned to those applications which contain data which can be accessed by middle-tier managers and employees of your organization. For instance: An inventory management app like Zoho or others can be accessed by middle management, so you have the option to set a medium risk level (risk score of 2) for this application.
- A Low-risk level (risk score of 1) is assigned to those applications which have data that be viewed or modified by all your employees. For instance: A support tickets application such as FreshDesk or Zendesk can be accessed by all employees to create issues and support tickets, therefore you can consider categorizing these types of applications as low-risk level and giving a risk score of 1 to this application.