Name
sn_risk.RiskUtilsBase
Description
Protected Script Include with Risk Utilities.
Script
var RiskUtilsBase = Class.create();
RiskUtilsBase.prototype = {
initialize: function() {
},
//Overridable functions
generateRegisteredRisksFromType : function(grType) {
return this._generateRegisteredRisksFromType(grType);
},
getCalculatedScore : function(grInherentScore, grResidualScore, percent_pass, total_tests) {
return this._getCalculatedScore(grInherentScore, grResidualScore, percent_pass, total_tests);
},
getRiskScore : function(significance, likelihood) {
return this._getRiskScore(significance, likelihood);
},
getRiskCriteria : function(type, weighting) {
return this._getRiskCriteria(type, weighting);
},
rollUpRiskScores : function(appliesToID) {
return this._rollUpRiskScores(appliesToID);
},
setAppliesToFromProfile : function(grRisk) {
return this._setAppliesToFromProfile(grRisk);
},
setProfilesOnRisks : function(grProfile) {
return this._setProfilesOnRisks(grProfile);
},
setRiskFromDefinition : function(riskID, definitionID) {
return this._setRiskFromDefinition(riskID, definitionID);
},
assessRisk : function(risk) {
return this._assessRisk(risk);
},
updateViewRule : function(ruleId, active){
this._updateViewRule(ruleId, active);
},
updateViewRuleWorkspace : function(ruleId, active){
this._updateViewRuleWorkspace(ruleId, active);
},
enableDisableModules: function(moduleIds,updateFlag){
this._enableDisableModules(moduleIds,updateFlag);
},
//Base functions
_enableDisableModules: function(moduleIds,updateFlag){
var gr = new GlideRecord("sys_app_module");
gr.addQuery('sys_id', 'IN', moduleIds);
gr.query();
while (gr.next()) {
gr.setValue("active", updateFlag);
gr.update();
}
},
_updateViewRule : function(ruleId, active){
var gr = new GlideRecord('sysrule_view');
gr.get(ruleId);
gr.setValue('active', active);
gr.update();
},
_updateViewRuleWorkspace : function(ruleId, active){
var gr = new GlideRecord('sysrule_view_workspace');
gr.get(ruleId);
gr.setValue('active', active);
gr.update();
},
_assessRisk: function(risk) {
if (risk.attestation.nil())
risk.state = 'respond';
else
risk.state = 'assess';
risk.update();
},
_generateRegisteredRisksFromType : function(grType) {
var results = {
added : 0,
existing : 0
};
//Get all Definitions
var ids = [];
var grDef = new GlideRecord('sn_risk_m2m_risk_definition_profile_type');
grDef.addQuery('sn_grc_profile_type', grType.sys_id);
grDef.query();
while(grDef.next()) {
ids.push(grDef.statement + '');
}
//Get all profiles and ensure risks are registered
var grM2M = new GlideRecord('sn_grc_m2m_profile_profile_type');
grM2M.addQuery('profile_type', grType.sys_id);
grM2M.query();
while(grM2M.next()) {
for(var i in ids) {
var id = ids[i];
var grRisk = new GlideRecord('grc_risk');
grRisk.addQuery('applies_to', grM2M.profile.applies_to);
grRisk.addQuery('definition', id);
grRisk.query();
if(grRisk.next()) {
results.existing++;
continue;
}
grRisk.initialize();
grRisk.owned_by = grM2M.profile.owned_by;
grRisk.applies_to = grM2M.profile.applies_to;
grRisk.table = grM2M.profile.table;
grRisk.definition = id;
grRisk.insert();
results.added++;
this.setRiskFromDefinition(grRisk.sys_id + '', id);
}
}
grType.sn_risk_processing_risks = false;
grType.update();
return results;
},
_getCalculatedScore : function(grInherentScore, grResidualScore, percent_pass, total_tests) {
total_tests = Number(total_tests);
if(!total_tests || total_tests === 0) {
//No controls. Use Residual Score if it is set. If not, use Inherent score
if(grResidualScore) {
return grResidualScore;
} else {
return grInherentScore;
}
}
if(!percent_pass) {
//Treat null or undefined as 0% compliance.
percent_pass = 0;
}
//Make sure we can calculate a score. If not, use Inherent score (even if empty)
if(!grInherentScore || !grResidualScore || percent_pass === 0) {
return grInherentScore;
}
var compliance = percent_pass / 100;
var inherent = grInherentScore.weighting;
var residual = grResidualScore.weighting;
var calculated = Math.round((inherent - residual) * (1 - compliance) + residual);
return this.getRiskCriteria('Score', calculated);
},
_getRiskScore : function(significance, likelihood) {
//Calculates a score from significance and likelihood and returns the associated Risk Criteria threshold for the score
var score = Math.round(significance * likelihood);
var gr = new GlideRecord('grc_risk_criteria');
gr.addQuery('type', 'Score');
gr.addQuery('weighting', score);
gr.query();
if(gr.next()) {
return gr;
}
return false;
},
_getRiskCriteria : function(type, weighting) {
var rctu = new global.RiskCriteriaThresholdUtils();
return rctu.getRiskCriteria(type, weighting);
},
_getRiskCriteriaByDisplayValue : function(type, displayValue) {
var criteria = new GlideRecord('grc_risk_criteria');
criteria.addQuery('type', type);
criteria.addQuery('display_value', displayValue);
criteria.query();
if (criteria.next())
return criteria;
else
return null;
},
_rollUpRiskScores : function(appliesToID) {
var grRisk = new GlideRecord('grc_risk');
if (!grRisk.isValid())
return;
//Get the Risk Profile
var gr = new GlideRecord('sn_grc_profile');
gr.addQuery('applies_to', appliesToID);
gr.query();
if(!gr.next()) {
//No need to continue if it does not exist
return;
}
//Get the averages
var inherentScore = 0;
var residualScore = 0;
var calculatedScore = 0;
var count = 0;
//Calculated the averages
grRisk.addQuery('applies_to', appliesToID);
grRisk.addQuery('state', '!=', 'Closed');
grRisk.query();
while(grRisk.next()) {
count++;
if(grRisk.score)
inherentScore += grRisk.score.weighting;
if(grRisk.residual_score)
residualScore += grRisk.residual_score.weighting;
if(grRisk.calculated_score)
calculatedScore += grRisk.calculated_score.weighting;
}
if(count > 0) {
inherentScore = inherentScore / count;
residualScore = residualScore / count;
calculatedScore = calculatedScore / count;
}
var rctu = new global.RiskCriteriaThresholdUtils();
var inherentCriteria = rctu.getRiskCriteria('Score', inherentScore);
var residualCriteria = rctu.getRiskCriteria('Score', residualScore);
var calculatedCriteria = rctu.getRiskCriteria('Score', calculatedScore);
//Set the risk criteria
gr.sn_risk_score = inherentCriteria ? inherentCriteria.sys_id : '';
gr.sn_risk_residual_score = residualCriteria ? residualCriteria.sys_id : '';
gr.sn_risk_calculated_score = calculatedCriteria ? calculatedCriteria.sys_id : '';
//Update the profile
gr.update();
},
_setAppliesToFromProfile : function(grRisk) {
if(current.profile.changes() && !current.profile.nil())
{
grRisk.table = current.profile.table;
grRisk.applies_to = current.profile.applies_to;
}
else
{
if(grRisk.applies_to.nil())
{
return;
}
var pgr = new GlideRecord('sn_grc_profile');
pgr.addQuery('table',grRisk.table);
pgr.addQuery('applies_to',grRisk.applies_to);
pgr.query();
if(!pgr.next())
{
grRisk.profile = '';
}
else
{
grRisk.profile = pgr.sys_id;
}
}
},
_setProfilesOnRisks : function(grProfile) {
var riskGR = new GlideRecord('grc_risk');
if (riskGR.isValid()) {
riskGR.addQuery('applies_to',grProfile.applies_to);
riskGR.query();
while(riskGR.next())
{
riskGR.profile = grProfile.sys_id;
riskGR.update();
}
}
},
_getCategoryValue: function(defId) {
var categoryValue = '';
var defChoice = '';
var choice = new GlideRecord('sn_grc_choice');
if (choice.get(defId))
defChoice = choice.name + '';
if (defChoice != '') {
var riskChoice = new GlideRecord('sys_choice');
riskChoice.addQuery('name', 'grc_risk');
riskChoice.addQuery('element', 'category');
riskChoice.addQuery('value', defChoice);
riskChoice.addQuery('language', 'en');
riskChoice.query();
if (riskChoice.next())
categoryValue = defChoice;
}
return categoryValue;
},
_setRiskFromDefinition : function(riskID, definitionID) {
var grRisk = new GlideRecord('grc_risk');
if(!grRisk.get(riskID)) return false;
var grDef = new GlideRecord('sn_risk_definition');
if(!grDef.get(definitionID)) return false;
var updated = false;
var fields = [
'additional_information',
'category',
'description'
];
for(var i in fields) {
var field = fields[i];
if(grRisk[field] + '' == grDef[field] + '') continue;
if (field == 'category')
grRisk[field] = this._getCategoryValue(grDef[field] + '');
else
grRisk[field] = grDef[field];
updated = true;
}
var newLikelihood = this._getRiskCriteriaByDisplayValue(
'Likelihood', grDef.likelihood.display_value);
newLikelihood = newLikelihood ? newLikelihood.sys_id + '' : '';
var newSignificance = this._getRiskCriteriaByDisplayValue(
'Significance', grDef.impact.display_value);
newSignificance = newSignificance ? newSignificance.sys_id + '' : '';
if ((grRisk.likelihood + '') != newLikelihood) {
grRisk.likelihood = newLikelihood;
updated = true;
}
if ((grRisk.significance + '') != newSignificance) {
grRisk.significance = newSignificance;
updated = true;
}
if(grRisk.risk_name.nil()) {
grRisk.risk_name = grDef.name;
updated = true;
}
// Checks to make sure residual values aren't higher than inherent and replaces them if they are
if(grRisk.significance.weighting < grRisk.residual_significance.weighting) {
grRisk.residual_significance = grRisk.significance;
updated = true;
}
if(grRisk.likelihood.weighting < grRisk.residual_likelihood.weighting) {
grRisk.residual_likelihood = grRisk.likelihood;
updated = true;
}
if(updated) grRisk.update();
return updated;
},
type: 'RiskUtilsBase'
};Sys ID
c4a3b191cb133100829cf865734c9ca7