A knowledge graph is a representation of data as simple entities, or nodes, interconnected by semantic relations. Within PeopleRisk, every person in your company will be represented as one of those entities, with an arbitrary number of intrinsic properties, like its name, contract type, or more personal HR aspects, etc. Every asset, every access right, the fact that this person has a position in an organizational chart or works in a specific office or country, is represented as other entities linked to the person by relations.
Knowledge Graphs are intrinsically closer to the way our brain organizes knowledge – as interconnected conceptual elements that can be used in multiple different contexts. It is thus much more agile and evolutive than traditional relational databases, designed for stable processes with few changes.
The role of our underlying CogTL engine is to maintain this knowledge graph, adapt it in realtime whenever a data changes, and re-evaluate all rules or calculations affected by this change. As an example, let us say that the country of domiciliation of an employee changes: CogTL will then automatically re-evaluate all compliance rules that make use of this country of domiciliation, typically cross-border rules or regulations.
But there’s more: as we now have a model of knowledge that federates multiple elements of knowledge coming from multiple sources – sometimes maintained in silos – we can now perform multiple statistical analytics on the model, and discover correlations, outliers, or potential anomalies in an autonomous way. For example: a person that has access to an HR resource but does not belong to HR, or a new temporary employee with much more accesses than the others, etc.
We offer connectors for multiple different kind of knowledge sources. Therefore, you can easily integrate:
• One or multiple HR directories, with the official list of employees and basic HR data and organizational chart
• LDAP directories, like Microsoft Active Directory, for computer accounts or group memberships
• Databases, like Microsoft SQL Server, Oracle MySQL etc., for additional user accounts
• Remote applications through a SOAP or REST API, to access a CMDB or assets inventory
• Excel files, with lists of sensitive assets or custom other data
• CSV or non-structured files with more information, like the results of a DLP system
• … and whatever data you may find useful to weigh the risks of your staff members
Every connector will continuously monitor the source knowledge, and adapt the graph whenever changes are detected.
As soon as you have gathered some knowledge, you can start composing rules: what elements should never be in relation? What kind of access should never be granted to a junior employee? What is the maximum price of company assets that an employee can have while travelling?
Use or CogTL Admin interface to design every rule, simply by visually indicating how to navigate on the knowledge graph, and what conditions should be fulfilled.
Now you immediately get results in PeopleRisk: immediately discover the top scorers or people in violation of a source, but also use our business user-friendly interface to:
• Obtain a 360° view of all pertinent information about your staff, with very simple access to all related knowledge and history.
• Compare staff members in a team or with similar profiles, to visually identify outliers.
• Export all lists or details to Excel for offline review.
No IA magic: every indicator will be explainable: click on any violation and obtain a textual explanation of what conditions led to this issue.
In risk management, exceptions to the rule are sometimes needed: use PeopleRisk to temporarily or permanently validate violations, raise the attention of the management to specific elements needing review, and comment on specific cases.