1. Technical Field
This disclosure relates generally to security within an enterprise computing environment and, in particular, to providing risk-related information to users having permitted access to enterprise resources.
2. Background of the Related Art
It is well-known in the prior art to provide software and services to deploy policy-based provisioning solutions. These solutions helps companies automate the process of provisioning employees, contractors, and business partners with access rights to the applications they need, whether in a closed enterprise environment or across a virtual or extended enterprise. A known product of this type is IBM® Security Identity Manager.
When permitted users request access to applications, databases and other computer accounts, the users often are not aware of the regulatory implications or other risks associated with the request. Such regulatory requirements are quite varied and include, for example, the Sarbanes-Oxley (SOX) Act, the Health Insurance Portability and Accountability Act (HIPAA), and the like. Moreover, access to these special security considerations may require additional escalated approvals that also are unknown to the requestor. For example, a request to access a financial department's document database may have SOX compliance implications that must be signed-off for in advance by the Company's Chief Financial Officer. Submitting requests without knowledge of these often special considerations may give rise to security violations or cause unnecessary approval workflow for the requestor and/or his or her manager.