About entitlements

The Entitlements view in Control Compliance Suite facilitates the monitoring of access rights in the organization. The Entitlements view provides the means to efficiently gather the permissions data from the various platforms and enables the user to generate reports.

In a typical environment, IT compliance is confined to configuration management, the firewall, the antivirus systems, and the vulnerability assessment. However, there is a difference between managing security configurations and vulnerabilities and managing access controls and data entitlements. The IT department can implement processes for managing and auditing entitlements. The decision about who has access to what data lies with the business owner of that data. Incidents can occur when a valid user can have access to the data that the user should not access. The Entitlements view identifies these false entitlements. The Entitlements view lets you define the data that user X is entitled to access. The Entitlements view also monitors whether the system adheres to the defined access controls.

The Entitlements view lets you configure the control points and assign the review periods. The view also ensures the frequent approvals of the control points by the respective data owners. To know where an individual user and groups have rights is critical to safeguard the data. Merely the documentation of those rights is insufficient to safeguard the data. This information must correspond to the internal business processes and must be directly linked to data ownership. The ability to confirm the entitlements at regular intervals gives additional support to the organizations for demonstrating good stewardship. This confirmation ability includes internal and external data security, confidentiality, integrity, and availability.

See Problems in managing entitlements.

More Information

Creating a review cycle setting