Name

sn_risk.RiskUtilsBase

Description

Protected Script Include with Risk Utilities.

Script

var RiskUtilsBase = Class.create();
RiskUtilsBase.prototype = {
  initialize: function() {
  	
  },
  
  //Overridable functions

  generateRegisteredRisksFromType : function(grType) {
  	return this._generateRegisteredRisksFromType(grType);
  },
  
  getCalculatedScore : function(grInherentScore, grResidualScore, percent_pass, total_tests) {
  	return this._getCalculatedScore(grInherentScore, grResidualScore, percent_pass, total_tests);
  },

  getRiskScore : function(significance, likelihood) {
  	return this._getRiskScore(significance, likelihood);
  },
  
  getRiskCriteria : function(type, weighting) {
  	return this._getRiskCriteria(type, weighting);
  },

  rollUpRiskScores : function(appliesToID) {
  	return this._rollUpRiskScores(appliesToID);
  },
  
  setAppliesToFromProfile : function(grRisk) {
  	return this._setAppliesToFromProfile(grRisk);
  },
  
  setProfilesOnRisks : function(grProfile) {
  	return this._setProfilesOnRisks(grProfile);
  },

  setRiskFromDefinition : function(riskID, definitionID) {
  	return this._setRiskFromDefinition(riskID, definitionID);
  },
  
  assessRisk : function(risk) {
  	return this._assessRisk(risk);
  },
  
  updateViewRule : function(ruleId, active){
  	this._updateViewRule(ruleId, active);
  },
  
  updateViewRuleWorkspace : function(ruleId, active){
  	this._updateViewRuleWorkspace(ruleId, active);
  },
  
  enableDisableModules: function(moduleIds,updateFlag){
  	this._enableDisableModules(moduleIds,updateFlag);
  },
  
  //Base functions
  
  _enableDisableModules: function(moduleIds,updateFlag){
  	var gr = new GlideRecord("sys_app_module");
  	gr.addQuery('sys_id', 'IN', moduleIds);
  	gr.query();
  	while (gr.next()) {
  		gr.setValue("active", updateFlag);
  		gr.update();
  	}
  },
  
  _updateViewRule : function(ruleId, active){
  	var gr = new GlideRecord('sysrule_view');
      gr.get(ruleId);
      gr.setValue('active', active);
      gr.update();
  },
  
  _updateViewRuleWorkspace : function(ruleId, active){
      var gr = new GlideRecord('sysrule_view_workspace');
      gr.get(ruleId);
      gr.setValue('active', active);
      gr.update();
  },
  
  _assessRisk: function(risk) {
  	if (risk.attestation.nil())
  		risk.state = 'respond';
  	else
  		risk.state = 'assess';
  	risk.update();
  },
  
  _generateRegisteredRisksFromType : function(grType) {
  	var results = {
  		added : 0,
  		existing : 0
  	};
  	//Get all Definitions
  	var ids = [];
  	var grDef = new GlideRecord('sn_risk_m2m_risk_definition_profile_type');
  	grDef.addQuery('sn_grc_profile_type', grType.sys_id);
  	grDef.query();
  	while(grDef.next()) {
  		ids.push(grDef.statement + '');
  	}

  	//Get all profiles and ensure risks are registered
  	var grM2M = new GlideRecord('sn_grc_m2m_profile_profile_type');
  	grM2M.addQuery('profile_type', grType.sys_id);
  	grM2M.query();
  	while(grM2M.next()) {
  		for(var i in ids) {
  			var id = ids[i];
  			
  			var grRisk = new GlideRecord('grc_risk');
  			grRisk.addQuery('applies_to', grM2M.profile.applies_to);
  			grRisk.addQuery('definition', id);
  			grRisk.query();
  			if(grRisk.next()) {
  				results.existing++;
  				continue;
  			}

  			grRisk.initialize();
  			grRisk.owned_by = grM2M.profile.owned_by;
  			grRisk.applies_to = grM2M.profile.applies_to;
  			grRisk.table = grM2M.profile.table;
  			grRisk.definition = id;
  			grRisk.insert();
  			results.added++;
  			
  			this.setRiskFromDefinition(grRisk.sys_id + '', id);
  		}
  	}
  	
  	grType.sn_risk_processing_risks = false;
  	grType.update();
  	return results;
  },
  
  _getCalculatedScore : function(grInherentScore, grResidualScore, percent_pass, total_tests) {
  	total_tests = Number(total_tests);
  	if(!total_tests || total_tests === 0) {
  		//No controls. Use Residual Score if it is set. If not, use Inherent score
  		if(grResidualScore) {
  			return grResidualScore;
  		} else {
  			return grInherentScore;
  		}
  	}
  	
  	if(!percent_pass) {
  		//Treat null or undefined as 0% compliance.
  		percent_pass = 0;
  	}

  	//Make sure we can calculate a score. If not, use Inherent score (even if empty)
  	if(!grInherentScore || !grResidualScore || percent_pass === 0) {
  		return grInherentScore;
  	}

  	var compliance = percent_pass / 100;
  	var inherent = grInherentScore.weighting;
  	var residual = grResidualScore.weighting;
  	var calculated = Math.round((inherent - residual) * (1 - compliance) + residual);

  	return this.getRiskCriteria('Score', calculated);
  },

  _getRiskScore : function(significance, likelihood) {
  	//Calculates a score from significance and likelihood and returns the associated Risk Criteria threshold for the score
  	var score = Math.round(significance * likelihood);
  	var gr = new GlideRecord('grc_risk_criteria');
  	gr.addQuery('type', 'Score');
  	gr.addQuery('weighting', score);
  	gr.query();
  	if(gr.next()) {
  		return gr;
  	}
  	return false;
  },
  
  _getRiskCriteria : function(type, weighting) {
  	var rctu = new global.RiskCriteriaThresholdUtils();
  	return rctu.getRiskCriteria(type, weighting);
  },
  
  _getRiskCriteriaByDisplayValue : function(type, displayValue) {
  	var criteria = new GlideRecord('grc_risk_criteria');
  	criteria.addQuery('type', type);
  	criteria.addQuery('display_value', displayValue);
  	criteria.query();
  	if (criteria.next())
  		return criteria;
  	else
  		return null;
  },

  _rollUpRiskScores : function(appliesToID) {
  	var grRisk = new GlideRecord('grc_risk');
  	if (!grRisk.isValid())
  		return;
  	
  	//Get the Risk Profile
  	var gr = new GlideRecord('sn_grc_profile');
  	gr.addQuery('applies_to', appliesToID);
  	gr.query();
  	if(!gr.next()) {
  		//No need to continue if it does not exist
  		return;
  	}
  	
  	//Get the averages
  	var inherentScore = 0;
  	var residualScore = 0;
  	var calculatedScore = 0;
  	var count = 0;
  	
  	//Calculated the averages
  	grRisk.addQuery('applies_to', appliesToID);
  	grRisk.addQuery('state', '!=', 'Closed');
  	grRisk.query();
  	while(grRisk.next()) {
  		count++;
  		if(grRisk.score) 
  			inherentScore += grRisk.score.weighting;
  		if(grRisk.residual_score) 
  			residualScore += grRisk.residual_score.weighting;
  		if(grRisk.calculated_score) 
  			calculatedScore += grRisk.calculated_score.weighting;
  	}
  	
  	if(count > 0) {
  		inherentScore = inherentScore / count;
  		residualScore = residualScore / count;
  		calculatedScore = calculatedScore / count;
  	}
  	
  	var rctu = new global.RiskCriteriaThresholdUtils();
  	var inherentCriteria = rctu.getRiskCriteria('Score', inherentScore);
  	var residualCriteria = rctu.getRiskCriteria('Score', residualScore);
  	var calculatedCriteria = rctu.getRiskCriteria('Score', calculatedScore);

  	//Set the risk criteria
  	gr.sn_risk_score = inherentCriteria ? inherentCriteria.sys_id : '';
  	gr.sn_risk_residual_score = residualCriteria ? residualCriteria.sys_id : '';
  	gr.sn_risk_calculated_score = calculatedCriteria ? calculatedCriteria.sys_id : '';
  	
  	//Update the profile
  	gr.update();
  },
  
  _setAppliesToFromProfile : function(grRisk) {
  	if(current.profile.changes() && !current.profile.nil())
  	{
  		grRisk.table = current.profile.table;
  		grRisk.applies_to = current.profile.applies_to;
  	}
  	else
  	{
  		if(grRisk.applies_to.nil())
  		{
  			return;
  		}
  		var pgr = new GlideRecord('sn_grc_profile');
  		pgr.addQuery('table',grRisk.table);
  		pgr.addQuery('applies_to',grRisk.applies_to);
  		pgr.query();

  		if(!pgr.next())
  		{
  			grRisk.profile = '';

  		}
  		else
  		{
  			grRisk.profile = pgr.sys_id;
  		}
  	}
  },
  
  _setProfilesOnRisks : function(grProfile) {
  	var riskGR = new GlideRecord('grc_risk');
  	if (riskGR.isValid()) {
  		riskGR.addQuery('applies_to',grProfile.applies_to);
  		riskGR.query();

  		while(riskGR.next())
  		{
  			riskGR.profile = grProfile.sys_id;
  			riskGR.update();
  		}
  	}
  },
  
  _getCategoryValue: function(defId) {
  	var categoryValue = '';
  	var defChoice = '';
  	var choice = new GlideRecord('sn_grc_choice');
  	if (choice.get(defId))
  		defChoice = choice.name + '';
  	
  	if (defChoice != '') {
  		var riskChoice = new GlideRecord('sys_choice');
  		riskChoice.addQuery('name', 'grc_risk');
  		riskChoice.addQuery('element', 'category');
  		riskChoice.addQuery('value', defChoice);
  		riskChoice.addQuery('language', 'en');
  		riskChoice.query();
  		
  		if (riskChoice.next())
  			categoryValue = defChoice;			
  	}
  	return categoryValue;
  },

  _setRiskFromDefinition : function(riskID, definitionID) {
  	var grRisk = new GlideRecord('grc_risk');
  	if(!grRisk.get(riskID)) return false;
  	
  	var grDef = new GlideRecord('sn_risk_definition');
  	if(!grDef.get(definitionID)) return false;
  	
  	var updated = false;
  	var fields = [
  		'additional_information',
  		'category',
  		'description'
  	];
  	
  	for(var i in fields) {
  		var field = fields[i];
  		if(grRisk[field] + '' == grDef[field] + '') continue;
  		
  		if (field == 'category')
  			grRisk[field] = this._getCategoryValue(grDef[field] + '');
  		else
  			grRisk[field] = grDef[field];
  		updated = true;
  	}
  	
  	var newLikelihood = this._getRiskCriteriaByDisplayValue(
  		'Likelihood', grDef.likelihood.display_value);
  	newLikelihood = newLikelihood ? newLikelihood.sys_id + '' : '';
  	
  	var newSignificance = this._getRiskCriteriaByDisplayValue(
  		'Significance', grDef.impact.display_value);
  	newSignificance = newSignificance ? newSignificance.sys_id + '' : '';
  	
  	if ((grRisk.likelihood + '') != newLikelihood) {
  		grRisk.likelihood = newLikelihood;
  		updated = true;
  	}
  	
  	if ((grRisk.significance + '') != newSignificance) {
  		grRisk.significance = newSignificance;
  		updated = true;
  	}
  	
  	if(grRisk.risk_name.nil()) {
  		grRisk.risk_name = grDef.name;
  		updated = true;
  	}

  	// Checks to make sure residual values aren't higher than inherent and replaces them if they are
  	if(grRisk.significance.weighting < grRisk.residual_significance.weighting) {
  		grRisk.residual_significance = grRisk.significance;
  		updated = true;
  	}

  	if(grRisk.likelihood.weighting < grRisk.residual_likelihood.weighting) {
  		grRisk.residual_likelihood = grRisk.likelihood;
  		updated = true;
  	}
  	
  	if(updated)	grRisk.update();
  	
  	return updated;
  },

  type: 'RiskUtilsBase'
};

Sys ID

c4a3b191cb133100829cf865734c9ca7

Offical Documentation

Official Docs: