mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 22:19:39 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,82 @@
|
||||
# Role Mining for RBAC Optimization - Workflows
|
||||
|
||||
## End-to-End Role Mining Workflow
|
||||
|
||||
```
|
||||
Phase 1: DATA COLLECTION (Week 1-2)
|
||||
├── Export user-permission data from all identity sources
|
||||
│ ├── Active Directory group memberships
|
||||
│ ├── Cloud IAM role assignments
|
||||
│ ├── Application-level permissions
|
||||
│ └── Database access grants
|
||||
├── Collect HR data (job titles, departments, cost centers)
|
||||
├── Normalize data into User-Permission Assignment (UPA) matrix
|
||||
└── Clean data: remove disabled accounts, system accounts
|
||||
|
||||
Phase 2: ANALYSIS (Week 3-4)
|
||||
├── Run clustering algorithms (hierarchical, k-means)
|
||||
├── Run Formal Concept Analysis for exact role candidates
|
||||
├── Compare results using WSC and coverage metrics
|
||||
├── Identify optimal number of roles via silhouette analysis
|
||||
└── Map candidate roles to organizational structure
|
||||
|
||||
Phase 3: VALIDATION (Week 5-6)
|
||||
├── Present candidate roles to business unit managers
|
||||
├── Validate each role against job descriptions
|
||||
├── Identify and resolve outlier permissions
|
||||
├── Define role hierarchy (inheritance relationships)
|
||||
└── Agree on role names and descriptions
|
||||
|
||||
Phase 4: IMPLEMENTATION (Week 7-8)
|
||||
├── Create roles in identity governance platform
|
||||
├── Assign users to validated roles
|
||||
├── Remove individual permission assignments
|
||||
├── Test access for sample users in each role
|
||||
└── Document role definitions and approval chain
|
||||
|
||||
Phase 5: GOVERNANCE (Ongoing)
|
||||
├── Monitor for permission drift
|
||||
├── Quarterly role effectiveness review
|
||||
├── Re-run mining annually to detect new patterns
|
||||
└── Track role count and WSC metrics over time
|
||||
```
|
||||
|
||||
## Data Normalization Workflow
|
||||
|
||||
```
|
||||
Raw Data Sources
|
||||
│
|
||||
├── AD: user → group → permissions
|
||||
│ Normalize to: user_id, permission_id
|
||||
│
|
||||
├── AWS: user/role → policy → actions
|
||||
│ Normalize to: user_id, permission_id
|
||||
│
|
||||
├── Azure: user → role → permissions
|
||||
│ Normalize to: user_id, permission_id
|
||||
│
|
||||
└── Applications: user → app_role → features
|
||||
Normalize to: user_id, permission_id
|
||||
|
||||
Merge all sources → Deduplicate → Create UPA matrix
|
||||
```
|
||||
|
||||
## Role Consolidation Workflow
|
||||
|
||||
```
|
||||
Mining produces N candidate roles
|
||||
│
|
||||
├── Remove roles with < 3 users (outliers)
|
||||
│
|
||||
├── Merge roles with > 90% Jaccard similarity
|
||||
│
|
||||
├── Identify hierarchical relationships:
|
||||
│ └── If Role A permissions ⊂ Role B permissions
|
||||
│ → Role A is junior to Role B
|
||||
│
|
||||
├── Check for SoD violations:
|
||||
│ └── Does any role combine conflicting permissions?
|
||||
│ → Split into separate roles if needed
|
||||
│
|
||||
└── Final role set with hierarchy and constraints
|
||||
```
|
||||
Reference in New Issue
Block a user