Risk Scoring Report

  • Updated

RecordPoint's Risk Scoring report helps users make better decisions about their data, by automatically assigning a "risk score" to every record. Using existing signals and metadata such as PCI, PII, and ROT, the risk report generates an aggregate score from 0-100 for every record, and classifies the risk as high, medium, or low with color-coded labels. This feature provides a visual, composite risk score, helping users instantly understand if a given record requires action.

How to access the risk report

  1. This report requires "Intelligence Signals" to be enabled. If you would like this feature enabled, please speak to your RecordPoint account representative.
  2. Navigate to Administration > Reporting > Enterprise and download the latest Signal Intelligence Report.
  3. Open and authenticate the report using your preferred method. Details on how to do this can be found here.
  4. Navigate to the "Risk Report" tab.

Using the Risk Report

Screenshot 2024-06-14 145945.png

The risk report is split into 4 sections:

Records by risk label

A pie chart which shows the proportion of records that are high, medium, or low risk, so you have an understanding at a glance of your risk proportions across your inventory. You might use this to warrant further investigation into your risk levels, depending on your risk appetite and policies.

High risk by location

This bar chart shows you the number of records which have been classified as 'high risk' in each of your source locations. This chart can help you understand if you have sensitive data in relatively insecure locations. For example, if you have a network file share you know isn't particularly secure, you might consider it a problem if you have a high number of high risk records in that location, which might prompt you to move those items to a more secure location such as SharePoint.

Total risk over time

This time series chart gives you a normalised risk score in relation to the number of records you have. It measures the proportion of risk you're carrying across your inventory, not the absolute tally. For example, if you double your inventory, you would likely double the number of high risk records you have. But this chart would remain flat, provided the proportions of risk scores remained flat.

This chart is helpful to answer the question of "how am I doing?" when it comes to risk management? Are you keeping your risk levels in order in proportion to your inventory? This chart helps you understand if your risk management practices are paying off or need further action.

Table of records with risk score and label

This table pulls in all of your records across all sources, and shows you the score and label for each record. You are able to filter this table by any available metadata field in PowerBI, which is essentially any metadata on the record for all intents and purposes.

 

Filtering records by risk

Using the controls at the top of the risk report, you are able to filter records on the basis of their risk score, content source, file format, and the date they were created.

This is helpful for finding the specific records which meet certain criteria e.g. 'show me all the records in my network file shares which are high risk', so that you can take action on those records, such as moving them to a more secure location for example.

 

How are the pre-set risk scores and labels calculated?

Scores

A risk score is calculated by applying 'points' to various signals and metadata that apply to a record. For example, if a record has a phone number in it, that will get a certain amount of points, and if it has PCI it will have a different number of points. The total points are then normalised to generate a score out of 100 for every record. It is possible to change the calculations (details further down in this article), but the pre-set points we have applied to each signal/field are as follows:

HasPCI: 80
Payment card information is highly sensitive with significant financial and regulatory impact if breached.

HasEmail: 10
Email addresses are less sensitive individually but can be used for phishing.

HasPhone: 10
Phone numbers have moderate sensitivity; potential for misuse but not as critical as financial data.

HasAUTFN: 40
Australian Tax File Number is highly sensitive, with potential for significant identity theft.

HasAUMedicare: 40
Medicare numbers are sensitive health information, crucial for identity theft.

HasIBAN: 30
International Bank Account Number is sensitive financial information but slightly less critical than PCI.

HasCrypto: 30
Cryptographic keys or wallet information have financial implications but depend on the value of the crypto.

HasPerson: 10
General personal information which might be less sensitive individually but important in aggregation.

HasAUACN: 40
Australian Company Numbers are crucial for business identity and sensitive for corporate espionage.

Unclassified record: 20
While not classified, it still requires protection.

Passed retention schedule: 20
Data that should have been deleted as per retention schedule, posing compliance risks.

 

Labels

Dependent on the risk score, a risk label (High/Medium/Low) is also applied to the record as a visual simplification of the score. The labels are applied as follows dependent on risk score:

0-33: Low risk

34-66: Medium risk

67-100: High risk

 

Advanced: Configuring your own risk scores

Using PowerBI, you are able to reconfigure risk scores based on metadata you like. To do this, follow these steps:

1. Open the 'Data' panel on the right hand side of PowerBI 

2. Find the 'ITEM_ALL_LATEST_WITH_SIGNALS' table, and drop it down

3. Click on the 'Total_Risk_Points' field

riskpowerbi1.png

This will open an editable PowerBI query, where you can enter your own values. You might choose to change some of the values that already exist (e.g. change 'HASPCI' to 90 instead of 80), or you might choose to add entirely new fields and assign a score to it, assuming you know the table and attribute to reference (for reference, the table in this example is "ITEM_ALL_LATEST_WITH_SIGNALS" and the attribute is "HASPCI").

 

As mentioned, the score is normalised to 100. That means that if you are changing the risk weights, and they still all add up to the same number (e.g. you add 10 points to something, and remove 10 points from something), then you don't need to do anything.

However, if you are changing the total number of points that are being weighed, there is an extra step to to take. For example if you add a new field and give it 20 points, but don't subtract any points, that means you'll need to change the normalisation scale. Here's how: 

1. Navigate to ITEM_ALL_LATEST_WITH_SIGNALS > Normalized_Risk_Score

2. A query will pop up - change the "MaxPossiblePoints" value to your updated points value. For example, if you have added a new field, and assigned it 50 points, you will need to add 50 points to the MaxPossiblePoints.

3. Save the query.

 

risk normalise.png

 

By following these steps, you can configure your risk model in any way you like, based on any metadata or content signal that exists on the record.

 

Conclusion

  • The Risk Scoring report is a great way to understand risk across your organisation, at an individual record level, and in aggregate.
  • The current report template utilises Intelligence Signals, so that feature will need to be enabled.
  • Risk scores can be configured based on metadata fields, to suit your organisation.

 

 

 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request