A set of _____ constitutes a ruleset.

A ruleset in the context of identity governance and administration, such as with Saviynt, helps to define a framework for controlling and managing access and security risks. A set of risks forms the foundation of a ruleset because it identifies the potential threats to the system or data being protected. Each rule within this set addresses specific risks associated with user access, ensuring that there are measures in place to mitigate those risks effectively.

In contrast, the other options focus on aspects that are components of the identity governance landscape but do not solely define what constitutes a ruleset. Functions refer to the varied operations that can be performed within the identity management system. SOD (Segregation of Duties) involves principles designed to prevent conflicts of interest by separating responsibilities, which is a specific use case rather than the complete construct of a ruleset. Mitigating measures refer to actions taken in response to identified risks but do not encapsulate the broader context of what a ruleset is intended to encompass. Therefore, it is the set of risks that most accurately represents the foundations upon which a ruleset is built.