Sensitive data ownership analysis
About sensitive data ownership analysis
ManageEngine DataSecurity Plus cross-analyzes the riskiness or risk score of the files containing sensitive data with their owner details to identify high-risk users, alarming data trends, and more.
The data riskiness or risk score is a measure of the sensitivity or value of the data stored and how vulnerable it is to external and internal IT security attacks.
For example, a file containing employee salary details stored on a secure share with limited access is less risky when compared with a file containing similar information on an open share accessible by everyone.
The ownership analysis offers a detailed dashboard that provides visibility over the riskiness of the sensitive data owned by various users within the organization.
By default, the Ownership Analysis dashboard displays the following information:
- Users Risk Score
- Users with High Risk Scores
- Users with Most Rule Matches
- Risk Score Trends
- Users by Data Source
Users Risk Score
All users, including both AD and local users, are listed in the decreasing order of their risk score.
Users who own files containing high-value vulnerable information inherently have high-risk scores and will be listed on top.
Users with High Risk Scores
Lists the top five users in your environment with the highest risk scores.
Users with Most Rule Matches
Lists the top five users in your environment who own most files containing sensitive information.
Risk Score Trends
The graph cross analyzes the number of users owning files containing sensitive data with their risk scores. It helps analyze patterns of how many of your employees are holding how much volume of your business-critical information.
Users by Data Source
Displays the count of all the local and AD users in your Active Directory environment.
Calculating risk scores
A risk score is a measure of the actual risk of an IT security incident that could result in data theft or loss. DataSecurity Plus assigns a risk score to files containing sensitive information and all users who own them to help the security team investigate and mitigate valid risks to vital data.
Assigning risk scores to files
All files discovered by DataSecurity Plus as containing sensitive information are automatically assigned a risk score. DataSecurity Plus quantifies the risk associated with a file containing vital information by considering the following factors:
- Volume of sensitive information the file holds.
- Reliability or confidence level of the sensitive information.
- File access level.
- File ownership details.
- File audit details.
- And more.
The risk score associated with a file will typically range from 0 (lowest risk) to 100 (highest risk).
Assigning risk scores to users
All users, including both AD and local users who own files containing sensitive information, are automatically assigned a risk score. DataSecurity Plus quantifies the risk associated with the user by considering the following factors:
- Volume of sensitive information the user owns.
- Reliability or confidence level of the sensitive information held.
- File audit details.
- And more.
Assigning a risk score will help proactively prevent data theft and loss when coupled with content-aware DLP capabilities. These risk scores are refined over time with subsequent incremental scans.
The risk score associated with a user will typically range from 0 (lowest risk) to 100 (highest risk).
Notify high-risk data owners
DataSecurity Plus offers provision through which admins can trigger email notifications to users with high-risk scores to educate or reprimand about the consequences of owning sensitive information with inadequate levels of security.
To send alerts to users with high-risk scores, follow the steps listed below:
- Select Risk Analysis from the application drop-down.
- Go to Ownership Analysis.
- The Users Risk Score display on the left-hand side lists all users in the decreasing order of their risk score.
- Select the user to whom you want to send the email. This will open the User Risk Analysis window.
- Select the Notify Users button in the top right corner.
- In the Notify Users by Email pop-up that opens, add in the recipient details, mail content, etc. An attachment containing a list of all files owned by the user with relevant information will already be attached.
- Click Send.