Support Center

Using Risk Analysis

Last Updated: Dec 17, 2017 10:56PM PST
This article shows you how to use :Respond to determine Definitive Disclosure Risk.

Introduction
Disclosure Analysis allows you to determine the relative skill an attacker would need in order to acquire plaintext associated with SSProtect'd content. Different than other offerings that provide some measure of Risk based on dynamics, machine learning, AI, heuristics, and extrapolation, :Respond provides objective disclosure risk insight resulting from actions specific to managed content.


This article provides details specific to Disclosure Risk Analysis, with general use common to all Analysis Types described in the article, Using :Respond. For a general overview, refer to the :Respond Introduction.
 
‚ÄčSetting Up a Disclosure Risk Execution
The :Respond UI is accessible from the SSProtect notification icon's context menu. Select Disclosure Risk (not the default) from the dropdown at the top left:



Disclosure Risk analysis utilizes the following additional features:
 
  • Include Org Users; performs Analysis for all Organization Users, not just the caller
  • 3rd Party Reports; generates Reports for Third Party Trusts (see below)
  • List Event Details; adds detailed auditing history to the resulting Report

Analysis Period
The middle section of the dialog provides controls that manage the Period for which a Disclosure Risk Analysis is performed (disabled when choosing Data Integrity Analysis):

 
  • Last X allows you to choose a certain number of prior Days from a given End Date
  • Distinct allows you to choose specific starting/ ending dates and times

Distinct Period Presets
Use the button to the right of the Period controls to cycle through Last Month, Last Week, or 2d Periods (the latter only available when Distinct is used). The target end date/ time is always the current UTC day's midnight; using 2d instead of a single day makes certain a 24h timeframe is always covered in the final Analysis.

Distinct Period Format
The Distinct format must follow that shown, i.e. 00:00:00 for Time, and mm.dd.yyyy for Date. Any deviation will fail when interpreted by the system. Be sure to 0-pad any single-digit value, i.e. 1:00am should be keyed in as military time, i.e. 01:00:00; January 5th should be 01.05.2017.


Analysis Scope and Third Parties
Data Disclosure Risk Analysis is by default associated with your Account; choosing Include Org Users scopes the Analysis to all Organization Accounts. Content is always for all actions undertaken by scoped Accounts for the given Period. Some of this content may include access to materials shared by a Third Party. This requires that an external Organization configure your Organization Accounts/ Users as Third Party Trusts, explained in the article, Managing Third Party Trusts.

Managing Trusting Third Party Report Visibility
When you choose the 3rd Party Reports option, Disclosure Risk Analysis generates individual Reports specific to use of shared content. These Reports are available to Trusting Third Parties, though only after you review and Approve, as explained below.


After an Analysis execution completes, and when an Analysis is not executing, and if your Analysis Set selection is for a Disclosure Risk Analysis that utilizes the 3rd Party Reports option, the Userlist button will transition to Report List for you to transition to view the set of Third Party Reports available for review and Approval:



Choose any Trusting Third Party from the list, then View Report to see Disclosure Risk data for information shared by the Trusting Third Party and used by your Organization Accounts during the Analysis Period. Choose Approve to make this report visible in the Third Party's Analysis Set list, or Remove if you wish to remove the information. This can of course be regenerated by repeating the Analysis at a later time.

The line-item's associated Approved By and Approved On reflect Approve operation, whereas action by the Trusting Third Party to review SHARED reports (as shown in the Analysis Sets listing) is displayed in the Reviewed By and Reviewed On columns. As expected, Remove operation is shown in the Removed By and Removed On columns (not shown above, but included with the final v6.4.0 release).


Analysis Line-Item Details
On the original page (which you can reach by choosing Analysis Sets from the Report List), you will see the resulting Analysis Set after you click Report (to complete the Analysis, as noted in related documentation). The resulting line-item includes the date/ time (UTC) the Analysis was started, the owner (an Organization Administrator, Delegate, or Individual Account, which will be your Account for these purposes), and the additional details explained below.


The Org Summary Risk column reflects the, "progression" from the lower bound of resulting Risk to the upper bound, and includes a number to indicate which boundary the resulting Risk is closest to. For example, the result may be, Low to Moderate (60), which indicates that the overall average risk is between a Low risk rating and a Moderate risk rating, and it's 60% of the way to Moderate. When it reaches 100%, the rating will only be the specific Risk level, i.e. Moderate in this case. For details, refer to the article, Definitive Risk Analysis.

The Remediation column displays results when the line-item is for a Data Integrity Analysis. Refer to the article, Using Data Integrity, for details.


The Src, Scope, Ext column enumerates parameters for the given Analysis Set. This is a text string that uses shortened monikers for each of the Analysis parameters, as described in the article, Using :Respond.

You will find all the related details in associated Reports, which you see when you complete each Analysis using the Start/ Report button. This is the same data you see when choosing the associated line-item and choosing, View Report.

For additional information, refer to the article, :Respond Reports.

Shared Reports
When you are the recipient of a Third Party Trust Disclosure Risk Analysis, and a Report has been reviewed and Approved for your visibility (noted above), your Analysis Set list will contain a Report with SHARED detail columns. Any Organization Privileged User can Remove this Analysis Set, though you cannot regenerate its' content since it is specific to the Third Party that generated the data. This information is included in the resulting Report's header.


For More Information
Refer back to the article, Using :Respond, for general execution details, and to the general :Respond Introduction for additional capabilities. For immediate assistance, send email to support@definisec.com 
or call the number at the right of this article for more pressing matters.
 

This article was updated w/ v6.4.0 of the :Foundation Client

Contact Us

ed5301d112e75fde24d469c55568f50b@definisec.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete