Entity Scoping

Question 1

How many Entity Types can an Entity belong to?

Answer 1

Zero, One, or Many

Question 2

Entity + Risk Statement =

Answer 2

= Risk –> Assessment

Question 3

Entity + Control Objective =

Answer 3

= Control –> Attestation

Question 4

How do “dynamic capabilities” impact Entity Types

Answer 4

As new records meet filter criteria, new entities are created

As current records don’t meet filter criteria, they are deactivated (retired)

Question 5

Scoping for Security

Answer 5

ISO 27001
NIST
PCI DSS
IFSMA
NERC CIP

Question 6

Scoping for IT Finacial

Answer 6

SOX
GDPR
BCBS (Basel)

Question 7

Scoping for Healthcare

Answer 7

HIPPA

PCI DSS

Question 8

Scoping for Insurance

Answer 8

NAIC
FINRA
SEC
PCI DSS

Question 9

Operational Approach

Answer 9

Scoping at individual level

Question 10

Strategic Approach

Answer 10

Figure out how to group

Question 11

What precedes common tables?

Answer 11

cmn_

[cmn_department]
[cmn_location]

Question 12

What precedes system tables?

Answer 12

sys_

Question 13

What precedes core tables?

Answer 13

core_

[core_company]

Question 14

Name of entity cleanup job

Answer 14

GRC Cleanup Invalid Entities

runs each night

Question 15

Services Table
Server Table
Business Process Table

Answer 15

[cmdb_ci_service]
[cmdb_ci_server]
[cmdb_ci_business_process]

Question 16

Entity Filter elements

Answer 16

table
filter condition
conditions

Question 17

How is Entity Owner determined

Answer 17

“Entity owner” specified on filter

• references field with username NOT group name
• “empty owner” determines what happens if owner is blank (create, do not create, or use default)

Question 18

What are the two reasons for using Entity Classes

Answer 18

• Risk roll-up (hierarchy)

- Reporting

Question 19

Name of the Module for setting up Entity Classes

Answer 19

GRC Workbench - Dependency Model

entities are on the left, eligible upstream and downstream on the right

Question 20

Document - Table Name and Scope

Answer 20

[sn_grc_document]

GRC: Profiles

Question 21

Document- Extended Tables

Answer 21

Risk Framework (GRC: Risk Management)
Authority Document (GRC: Policy & Compliance)
Policy (GRC: Policy & Compliance)

Question 22

Content - Table Name and Scope

Answer 22

[sn_grc_content]

GRC: Profiles

Question 23

Content - Extended Tables

Answer 23

Risk Statement (GRC: Risk Management)
Citations (GRC: Policy & Compliance)
Control Objective (GRC: Policy & Compliance)

Question 24

Item - Table Name and Scope

Answer 24

[sn_grc_item]

GRC: Profiles

Question 25

Item - Extended Tables

Answer 25

Risk (GRC: Risk Management)

Control (GRC: Policy & Compliance)

Question 26

Entity Type vs Entity Class

Answer 26

Entities can have multiple types but only one class

Question 27

GRC: Profiles Common Tables

Answer 27

Task (global) --> Indicator Task
Base Indicator [sn_grc_base_indicator] --> Indicator
Planned Task (global) --> Issue
Entity Type
Entity Class
Entity
Entity Tier

Question 28

Name for entity creation job

Answer 28

GRC Profile Generation

runs hourly) (updates entities too