Risk Measurements

Lucidum includes multiple risk measurements for assets and users. You can use these risk measurements to identify assets and users that require analysis and possible mitigation.

Risk Measurements

Lucidum calculates the following risk measurements for each asset and user:

• Risk Factor

• Risk Score

• Risk Ranking

• Risk Level

Risk Factor

Risk Factors are known security risks that Lucidum has ingested. Some example risk factors are:

• Endpoint protection is not installed

• Endpoint protection is not updated

• Critical vulnerability is found

• High-risk application is found

• Other security applications in the environment, such as AWS GuardDuty, indicate a risk.

Lucidum uses Risk Factor in two ways:

• To calculate the Risk Score

• To inform users of the most impactful security issues for an asset or user

Lucidum uses proprietary, rule-based algorithms and proprietary, machine-learning algorithms to assign a numeric weight to each Risk Factor. Lucidum then uses the weight for each risk factor when calculating risk score.

Lucidum displays the Top Risk Factor to indicate the factors that most affect the Risk Score:

• Risk Factor 1: The most important risk factor that has the biggest impact on the risk score. Although the weight is not displayed, this factor has the highest weight.

• Risk Factor 2: The second most important risk factor. Although the weight is not displayed, this factor has the second-highest weight.

• Risk Factor 3: The third most important risk factor. Although the weight is not displayed, this factor has the third-highest weight.

You can examine Risk Factors to prioritize risk mitigation for individual assets. For example, if the top Risk Factor for an asset is “endpoint protection not installed”, then installing the endpoint protection on this asset will have the biggest impact on lowering its risk.

You can also examine top Risk Factors to gain insights into the overall enterprise. For example, if you determine that “endpoint protection not installed” is a common top risk factor for multiple assets, then installing the endpoint protection on as many assets as possible will significantly reduce the enterprise risk.

Risk Score

Lucidum calculates Risk Score using proprietary rule-based algorithms and machine learning algorithms. The risk score comprises information that Lucidum has discovered about the asset or user (Risk Factors) combined with the security risk for the data associated with the asset or user.

• Lucidum calculates risk score using the weight of all the Risk Factors.

• Lucidum also examines the data associated with an asset and assigns a risk value to the data. The overall risk score for an asset is greater if the associated data is more sensitive (has a higher risk value). Highly confidential data has the highest risk value.

The lowest possible risk score is “1”. The highest possible score is unbounded; there is no defined highest possible value for risk score.

Risk score changes only if you mitigate the risks that Lucidum has discovered about the asset or user. For example, if Lucidum determines that an asset does not include endpoint protection, you can reduce the risk score for that asset by installing endpoint protection.

You can create a times series chart to monitor risk score and monitor the trend of the risk score.

Risk Ranking

Lucidum calculates Risk Ranking using proprietary rule-based algorithms and machine learning algorithms. To derive Risk Ranking, Lucidum calculates Risk Scores and then ranks them from 1-100.

Lucidum calculates risk ranking once a day. Risk ranking compares the risk score for an asset to the risk scores for all the other existing assets.

You can use risk ranking to prioritize daily security tasks. For example, you might choose to reduce risks for assets with a risk ranking of over 95.

Because Lucidum re-calculates risk ranking every day, you should not compare risk rankings in a time series. For example, a risk ranking of 90 on Monday is not comparable with a risk ranking of 90 on Tuesday.

Risk Level

Lucidum calculates Risk Level by organizing Risk Ranking into three bins (Low, Medium, High).

You can use risk level to prioritize daily security tasks. For example, you might choose to reduce risks for assets with a risk level of “high”.

Risk Level is useful for pie charts and bar charts. Risk Level also helps users drill-down in the Dashboards page. For example, users can drill down into high-risk assets to view information about those assets.

Viewing the Risk Measurements for an Asset

To view the risk measurements for an asset:

1. Log in to your Lucidum system.

2. In the left menu, click Asset.

3. The Asset page displays a list of assets that Lucidum has found..

   

4. Click Edit Column.

5. In the Edit Columns modal page, select Risk Factors, Risk Level, Risk Ranking and Risk Score.

6. Click Confirm.

7. You can now view risk data about each asset directly from the Asset page.

8. To view details about an asset, click the blue > symbol at the far right of the row.

9. In the Details page, click the tab for Lucidum Data Group.

10. In the left menu, click Risk.

11. You can now view the Risk Score, Risk Ranking, Risk Level, and Risk Factors for the asset.

    

    • Risk Score. Notice that Risk Score is 13.98.

    • Risk Ranking. Notice that although the Risk Score is relatively low, the Risk Ranking is “90”. This means that most of the assets in the Lucidum system have lower risk scores than this Asset. So an Asset with a Risk Score of only 13.98 can still have a high Risk Ranking for the day.

    • Risk Level. Notice that although the Risk Score is relatively low, the Risk Level is “high”. This is because the Risk Ranking is 90, which is considered “high” Risk Level.

    • Risk Factors. The Risk Factors field displays four Risk Factors and lists the top three factors in the subsequent field.

Viewing the Risk Measurements for a User

Because users access the enterprise environment via their assets, Lucidum derives risk for a user by examining the risk for the user’s assets.

Lucidum calculates risk for a user using the highest Risk Score for the user’s assets. For example, if a user has two assets, and the assets' risk scores are 75 and 95 respectively, then the user’s risk score will be 95.

Lucidum calculates Risk Ranking and Risk Level for a user from the Risk Score. Lucidum does not assign Risk Factors to users.

To view the risk measurements for a user:

1. Log in to your Lucidum system.

2. In the left menu, click User.

3. The User page displays a list of assets that Lucidum has found..

   

4. Click Edit Column.

5. In the Edit Columns modal page, select Risk Level, Risk Ranking and Risk Score.

6. Click Confirm.

7. You can now view risk data about each user directly from the User page.

8. Click the blue > symbol at the far right of the row.

9. In the Details page, click the tab for Lucidum Data Group.

10. In the left menu, click Risk.

11. You can now view the Risk Score, Risk Ranking, and Risk Level for the user.

    

    • Risk Score. Notice that Risk Score is 15.65.

    • Risk Ranking. Notice that although the Risk Score is relatively low, the Risk Ranking is “67”. This means that most of the users in the Lucidum system have lower risk scores than this user. So a users with a Risk Score of only 15.65 can still have an elevated Risk Ranking for the day.

    • Risk Level. Notice that although the Risk Score is relatively low, the Risk Level is “medium”. This is because the Risk Ranking is 67, which is considered “medium” Risk Level.

Using Risk Measurements in the Dashboards page

This dashboard is an example of how you can use the risk measurements in Lucidum to monitor risk and prioritize remediation.

In each chart, you can drill down to find more details.