Please enable JavaScript.
Coggle requires JavaScript to display documents.
Workday Security Group Anomaly Detector - Coggle Diagram
Workday Security Group Anomaly Detector
identify
domains
that may have been inappropriately assigned to the wrong/incorrect security group
Goals
Early Detect unwanted access
avoid system exploits
avoid data breach
avoid misused access
Prevent too much security privileges
being assigned
Objectives
Always reduce security privileges
All detections
<->
recommendation
a new proposed access
Customer data tenanted
and not combined for POC
Maybe combine in the future
Assets provided
2 Workday reports
Kainos Audit - Security AI Anomaly Detector –
Domains
Kainos Audit - Security AI Anomaly Detector -
BP Policy
Business Process
Data Description
Tenant Population
Size : FTSE 350k approx.
Security Group
Count : 1,550
Unique
Business Process Types
: 180
Unique
Domains
: 1,400
Number of
Functional Areas
: 100
Anomalies
(sudden)
Increase in access to a new functional area
for a specific domain
By Membership Count
Domain that was only accessible by 10 people but now 400 people have access with "privileged functional area
By Security Group type
:
Domain that is typically constrained but is not unconstrained "privileged functional areas"
Abnormal business process policy combinations
Can approve but can't view process
Abnormal Modify, View, Get & Put combinations
HR Auditor who has view access is assigned Modify permission, but rest are View this should be flagged
Abnormal
Functional Areas
~ 100
domain / BP combinations
within Security Groups
Security group assigned Personal information related even though they only have System and Compensation
Desired Deliverables
Reusable model for each of the scenarios
Recommendations – Risk ratings, tenanted data or not