Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

GRC Access control - access risk level definition

Tiberius
Explorer

on ‎2019 Jul 22 11:14 PM

0 Likes
3,016

Is there a document outlining the definitions of the access risk levels.

I am interested in all levels: low, medium and high and what makes the classification to one versus another.

Thanks,

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

madhusap
Active Contributor
‎2019 Jul 23 4:17 AM

Hi Busu,

A risk rating is the measure of the impact of an irregularity related to access risk. We rate risks based on the impact to the process or business and then decide on how to handle them based on the risk rating.

There is no single definition for risk ratings but generally the following are some recommended guidelines:

HIGH - Any risk having financial or reputational impact or can lead to compromising CIA (Confidentiality, Integrity and Availability) of the system can be considered under this category. No mitigation will be allowed for these kind of risks.

MEDIUM and LOW - Any risk which can have operational impact but can be mitigated with compensating controls

Regards,

Madhu

Show replies
Show replies
former_member230681
Participant
‎2020 Feb 04 12:23 AM
0 Likes

Hi Madhu ,

Thanks for sharing knowledge about risk levels. GRC Ruleset has 4 types of risks,"Critical", "High","Medium" and "Low". Could you also mention recommended guidelines (definition) for Critical risks.

Thanks

Anika

Ask a Question