Application Risk Score Configuration

IdentityIQ uses a combination of Component and Composite scoring to determine the overall application risk scores used throughout the application. You configure Component and Composite risk scoring for your applications by navigating to Applications > Application Risk Model.

All scores are calculated by first determining the percentage of accounts that have the qualities tested by the component score. For example, if 10 out of 100 accounts are flagged as service accounts, then the raw percentage is ten percent (.10). This number is then multiplied by a sensitivity value which can be used to increase or decrease the impact of the original percentage. The default sensitivity value is 5 making the adjusted percentage fifty percent (.50). This final percentage is then applied to the score range of 1000 resulting in a component score of 500.

After the component score is calculated a weight, or compensating factor, is applied to each component score to determine the amount each contributes to the overall risk score for the application. The resulting score is the composite score. For example, a few violator accounts might increase risk more than many inactive accounts.

To view the currently configured risk information for an application, go to the Application Definition page, click on a listed application, and then select the Risk tab.

Use these tabs to create risk score factors for your enterprise:

• Application Component Scores Tab – apply base risk scores to roles, entitlements and policy violations.

• Application Composite Score Tab – apply compensating factors to base risk scores.