Entity Scoping Flashcards
How many Entity Types can an Entity belong to?
Zero, One, or Many
Entity + Risk Statement =
= Risk –> Assessment
Entity + Control Objective =
= Control –> Attestation
How do “dynamic capabilities” impact Entity Types
As new records meet filter criteria, new entities are created
As current records don’t meet filter criteria, they are deactivated (retired)
Scoping for Security
ISO 27001 NIST PCI DSS IFSMA NERC CIP
Scoping for IT Finacial
SOX
GDPR
BCBS (Basel)
Scoping for Healthcare
HIPPA
PCI DSS
Scoping for Insurance
NAIC
FINRA
SEC
PCI DSS
Operational Approach
Scoping at individual level
Strategic Approach
Figure out how to group
What precedes common tables?
cmn_
[cmn_department]
[cmn_location]
What precedes system tables?
sys_
What precedes core tables?
core_
[core_company]
Name of entity cleanup job
GRC Cleanup Invalid Entities
runs each night
Services Table
Server Table
Business Process Table
[cmdb_ci_service]
[cmdb_ci_server]
[cmdb_ci_business_process]