1. Cash Flow Engine Cloud User Guide
  2. Business Rules Administration
  3. Common Rules
  4. Vulnerability Assessment

5.2.5 Vulnerability Assessment

At time of macroeconomic crisis different parts of Balance Sheet respond differently. Some portfolios may gain in times of crisis while others may go into loss. For example, during the COVID19 pandemic airline companies were severely affected as travel was disrupted. On the other hand, healthcare providers benefitted financially.

It is important that banks identify portfolio or segments of their balance sheet that are vulnerable to an event and the degree of vulnerability.

Vulnerability Assessment feature can be used to map accounts into different categories using user-defined criteria. A simple dimension ‘Vulnerability Category’ is present in data model where the scale or different categories can be defined using Dimension Management Members screen. After that multiple criteria can be defined which is then applied against the instruments and each instrument is assigned a vulnerability category.

The criteria are defined by a business analyst which then goes through an approval cycle before eventually getting confirmed for final use. The criteria can be executed via scheduler batch. Once triggered, all instruments are evaluated for vulnerability and marked accordingly.

User Roles

User Role Privileges

vulnerabilityAssesment.ADMIN

 Manage the users

vulnerabilityAssesment.ANALYST

 Defines the configurations

vulnerabilityAssesment.REVIEWER

 Reviews the changes done by Analyst to the configuration.

vulnerabilityAssesment.AUDITOR

 Views the configurations

Map Application with Vulnerability Assessment User Groups

After creating a group, you can map the required applications with the group. For more information, see Getting Started with Oracle Cloud.

To map the application to a user group, log in to IAM and follow these steps:

  1. Go to the Navigation menu in the enter the Domains in the Search bar to view the Domains list.
  2. Select the Default Domain and then from the LHS menu, select Oracle Cloud Services, to view the list of Cloud Services.
  3. Select the Cloud Services you are subscribed to (Syntax: <Cloud_service_name>xxxx-prd and <Cloud_service_name>xxxx-nprd, where Description is mentioned as your registered cloud service). For example, PBSMCS cfeqa1234-nprd
  4. From the LHS menu, select Users and click Assign Users.
  5. Select the user and click Assign.

Note:

Once Vulnerability Assessment is enabled, map Users and Groups.

For example

User 1 - CFE_Anrev - CFEADMINGRP + vulnerabilityAssessmentPBSMCS.Analystgrp + CFEAnalystGRP + vulnerabilityAssessmentPBSMCS.Reviwergrp

User 2 - CFE_Rev1 - CFE Admin Group + vulnerabilityAssessmentPBSMCS.Reviwergrp

User 3 - CFE_Rev2 - CFE Admin Group + vulnerabilityAssessmentPBSMCS.Reviwergrp

User 4 - CFE_Analyst- CFEAnalystGRP + vulnerabilityAssessmentPBSMCS.Analystgrp

The User Groups vulnerabilityAssessmentPBSMCS.Analystgrp and vulnerabilityAssessmentPBSMCS.Reviwergrp are not directly available under Groups. To create users with CFE groups and map vulnerability group, follow these steps:

  1. After creating user, Go to the Navigation menu in the enter the Domains in the Search bar to view the Domains list.
  2. Select the Default Domain and then from the LHS menu, select Oracle Cloud Services, to view the list of Cloud Services.
  3. Select the Cloud Services you are subscribed to (Syntax: <Cloud_service_name>xxxx-prd and <Cloud_service_name>xxxx-nprd, where Description is mentioned as your registered cloud service). For example, PBSMCS cfeqa1234-nprd
  4. From the LHS menu, select Application Roles.
  5. Select Vulnerability group and click Manage to map the corresponding user as vulnerabilityAssessmentPBSMCS.Analystgrp and vulnerabilityAssessmentPBSMCS.Reviwergrp .

Workflow

The workflow involves the creation of draft Vulnerability Assessment rules in non-production branch and its approval. The Vulnerability Assessment rules can be tested in both draft mode and after approval. After publishing the rules are merged from Non-Production to Production branch and during that time you can create underline multiple objects, tags, releases, etc. Then, you can deploy the changes in Production.

Figure 5-37 Vulnerability assessment workflow


Vulnerability assessment workflow

Vulnerability Assessment Summary

This page is the gateway to all submissions and related functionality. This has following two tabs:

  • My Submissions: Lists all submissions
  • Configurations: Allows you to create, edit, and delete the Vulnerability Assessment criteria.

Search Vulnerability Assessment Rule

Prerequisites: Predefined Vulnerability Assessment Rule

To search for a rule:

  1. Click Search after entering the search criteria. The search results are displayed in a table containing all the Vulnerability Assessment rules that meet the search criteria.