Enterprise Recon Cloud 2.12.0
How Risk Scoring and Labeling Works
ER Cloud Risk Profiles let you classify "Risk" for each sensitive data location as a combination of four factors:
| Category | Description |
|---|---|
| Content |
|
| Metadata |
|
| Actions Taken |
|
| Storage |
|
Each risk profile is assigned a risk classification (label) and risk score (e.g. Low, Medium, High), and can be manually reordered to prioritize the profiles that matter most to the organization.
ER Cloud automatically maps the risk profiles to match locations and displays the corresponding risk label and score in the Investigate page. If a location matches the criteria for multiple risk profiles, the Risk column in the Investigate results grid reflects the risk profile with the highest priority, regardless of the risk level associated with the profile. Nested files or locations within archives are assigned individual risk scores, which will be reflected in the Risk column accordingly.
The "Risk" for a match location is not permanent: the Risk is calculated each time the Investigate page is loaded to reflect the latest Risk status. For example, the risk level associated with a match location may increase in severity when a Global Admin or Risk Admin user modifies the rules for a risk profile, or the match location maps to a newly-created risk profile with a higher priority, or a location may be classified as low risk and is mapped to a different profile once it has been remediated.
Example
| Priority | Label | Level |
|---|---|---|
| 1 | Risk Profile 1 | High |
| 2 | Risk Profile 2 | Medium |
| 3 | Risk Profile 3 | High |
| 4 | Risk Profile 4 | Low |
The table above shows a sample Risk Profile page with four risk profiles, ordered by priority. When the Investigate page is loaded, ER Cloud calculates and maps a match location (File path D:\My-Data-Folder\File-A.text) to two risk profiles: "Risk Profile 2" and "Risk Profile 3".
Based on the priority defined in the Risk Profile page, the Risk column will display ⬤ with the label of the highest-priority matching risk profile (Risk Profile 2). The highest-priority matching profile will also be reflected in the Match Report exported from the Investigate page.
To check the full set of risk profiles that are mapped to a location, click on:
- The risk color icon in the Risk column of the match location, or
- A match location to bring up the Match Inspector view.
To start using the Risk Scoring and Labeling feature, refer to the Use Risk Scoring and Labeling section.