

- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 09-29-2020 04:17 PM
In this last episode in our "Entities" journey, our experts explain how Entity Tiers, Entity Classes and Entity Types all come together to construct, efficiently, a powerful framework for Risk and Compliance.
In this tutorial, you will learn the function of each tool, when and how to use them.
This tutorial complements the others in the series:
- Profiles (aka Entities), why you need them and how to set up https://community.servicenow.com/comm...
- Entities (fka Profiles) in a few words: All places, people and things that... https://community.servicenow.com/comm...
- Entity Scoping: How GRC Community experts do it https://community.servicenow.com/comm...
- Compliance Scoring: a powerful feature that explains the importance of Entities https://community.servicenow.com/comm...
---------------------------------------------------------
Video contents
00:01 Introductions.
01:55 GRC maturity curve.
02:22 Printable cheat-sheet of key GRC concepts and tools.
02:50 Entity Types: A productivity tool to create Controls or Risks at scale.
04:36 Entity Classes: Create them to gain powerful insights later. To tag Entities.
05:58 Entity Class Tiers: To rank the Classes and the Entities associated with them.
06:41 More details about Entity Types. At Scoping, Filters.
07:54 More details about Entity Classes. Set up early for powerful insights later. At Scoping. GRC Workbench.
09:26 More details on Entity Classes Tiers. To build a hierarchy. Upstream, downstream, roll-ups.
10:30 How they all fit together. Policy, Control Objective, Entity Types, Entities, Classes (can go across Types), Tiers (defined in advance).
12:27 Build in the right sequence. At Scoping. Start with Tiers, Class Rules and Classes, then associate Classes to Tiers. Then Types and Filters. All is now automated.
13:37 What to do right now, today. Planning the Scoping workshop, data sources, Tiers, Classes, Types, view the other tutorials.
14:28 Reminders.
Download the PDF:
- 9,899 Views
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thank you this is very helpful.
Can there be multiple control objectives associated with an entity type.
If we have 10000 computers and 28 control objectives.
The system is generating 280000 controls, how can we handle a situation like this?
Can an entity have multiple control owners
Ex : DataBase entity has 10 controls
6 Owned by DataBase team
2 Owned by Security
2 Owned by App team.
How to handle a situation like this?

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Apologies
Q: Can there be multiple control objectives associated with an entity type.
A: Yes, control objects can be linked to more than one Entity Type.
Q: If we have 10000 computers and 28 control objective, the system is generating 280000 controls, how can we handle a situation like this?
A: Yes, that is how the ServiceNow GRC implementation works. If you have a Control Objective to "Enable Firewall on Computer" and you have a 10'000 computers, you have that control on each computer. (This is true in other implementations, though they usually consider the entire bulk of computer as one collection and do sampling of indicators)
You want to automate or script as many of your indicators so you can actually do an accurate, ongoing monitoring of the controls, which is why ServiceNow GRC is so different from other GRC software implementations.
Q: Can an entity have multiple control owners
Example DataBase entity has 10 controls
6 Owned by DataBase team
2 Owned by Security
2 Owned by App team.
A: There is a difference between an Entity Owner and a Control Owner. "Out of the box" the ServiceNow Entity records have only one Entity owner, but each Control has a Control Owner, so in your example:
Database Entity Owner = Database Team
6 x Controls related to Database Team - Control Owner = Database Team
2 x Controls related to Security - Control Onwer = Security
2 x Controls related to Application - Control Owner = App Team
Hope that helps - Apologies again for not seeing this earlier.