What factors affect risk scoring?

Administrator Help | Forcepoint DLP | Version 8.4.x

Many factors and indicators contribute to the risk score displayed in the incident risk ranking reports. This section introduces some of the score's main components.

Impact

The impact of a case represents the potential damage of the breach, and is evaluated directly from the case's breached classifiers. The impact is used as a multiplier to increase the risk score. For example, a 20% increase in impact results in a 20% increase in risk score.

Marking a source as a privileged account increases the impact value, as breaches from privileged accounts may comprise highly sensitive information or evolve into a high-profile breach.

Risk indicators

Various indicators are used to assess the case's classification as active data theft, broken business process, false positive, and so on. The indicators take into account such factors as the user's history, statistics, the reputation of the destination, and the type of content, among others.

An active data theft case conveys the highest risk and requires urgent action.

High-risk users

Marking a source as a high-risk user affects the data-theft probability, but not the impact.

Cases with a high-risk user as the source have a higher data-theft probability.