Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Use Tags
How to Manage Business Processes
How to Work with Data Assets and Targets
How to Get Started with Data Asset InventoryData Assets and Targets - OverviewData Assets and Targets - Data AssetsHow to Use the SDV3™ DashboardWhat is an Asset?Example Data Asset Inventory SetupHow to Create New Data AssetsHow to View Details About Data AssetsHow to Search for a Data AssetWhat is a Target?How to View Target Details and Search for a TargetHow to Add a Cloud TargetHow to Add a Collaboration Tools TargetHow to Add a Database TargetHow to Add an E-Mail TargetHow to Create an Exchange Online TargetHow to Add a Remote Machine TargetHow to Add a Website TargetHow to Edit a TargetHow to Remove a TargetHow to Bulk Import TargetsHow to Bulk Assign Tags to TargetsHow to Manage a Target PermissionHow to Remove a Target PermissionWhat is Remediation?
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Settings and Resources
Additional Resources
Reports
Reporting API
Customer Support Articles

How to Use the SDV3™ Dashboard

SDV3™ is a dashboard showing the Value, Volume, and Vulnerability of your sensitive data sorted by various criteria. This dashboard provides powerful insights into the sensitive data posture of your organization. Take action on the most vulnerable and riskiest data assets.

Overview

SDV3™ is a dashboard showing the ValueVolume, and Vulnerability of your sensitive data sorted by various criteria.

  • Value:
    • A measure of each data type's value (ordinal or monetary), as set on the "Data Types" page under Settings > Global Data Types.
    • You can use ordinal or monetary value per item. (This is a required setting.)
    • For value scores, see "Data Type Value Scoring" below. Also see Global Data Types
    • Set your Data Type Values based on your business requirements.
  • Volume:
    • The total number of Asset matches identified as the result of a scan.
      • Example: A scan discovers 8,000 social security numbers in various locations across your environment
    • The "Type" and/or "Category" of scan can be used to manage Volume and mitigate risk.
  • Vulnerability:
    • Vulnerability is a reflection of an Asset's security posture.
    • The "Security Measures" applied to an asset as part of your organization's security requirements reduce Vulnerability, down from 100 on a scale of 100 to 0.

What is Risk Valuation?

  • Various measures of Risk Valuation are calculated and displayed in various charts and graphs shown in the SDV3™ dashboard
    • This valuation shows how vulnerable your environment is in any particular data asset
  • Data Type Scoring
    • See Data Type Value Scoring below for value settings.
  • Risk Valuation - What is acceptable?
    • Your business requirements determine what is, and what is not an acceptable valuation.

Data Type Value Scoring

  • (Ordinal) scale ranges from 0 (no risk) to 300 (very high risk).
  • Monetary scale (in dollars) default values are taken from various reports such as the IBM data breach report, Gartner, and Ponemon.
    • For example, the Social Security number data type is set to a dollar value of 165 ($165.00 per Social Security number instance).
  • Ordinal and Monetary (in USD) values are set on the "Data Types" page (Settings > Global Data Types). See the screenshots below.

    Data Type List - Social Security Number
    Data Type List - Social Security Number

    Social Security Number - Edit Data Type - Values
    Social Security Number - Edit Data Type - Values

How to Access the SDV3 Dashboard

 Use the following steps to access the SDV3 dashboard:

  1. From the left side navigation menu, click Data Asset Inventory.

  2. The SDV3 dashboard opens.
  3. Three different graphs are displayed:
    1. Top Data Asset Risk
    2. Top 10 Highest Impact Assets
    3. Total Risk
  5. The data in all three charts can be displayed in either ordinal or monetary values, using the toggle switch at the top of the page.
    1. To move between value types, slide the toggle switch.

Top Data Asset Risk

  • This bar graph displays the top ten data asset risk items by the value type set.
  • Scores range from 0 (low risk) to 300 (very high risk)
  • Hover over an data asset to view the asset's SDV3 value.
  • Assets with high Risk scores contain data that poses serious risks to your organization
    • Spirion recommends you investigate Assets with high Risk scores and take the necessary action to reduce the risk it poses to your organization via data remediation

Data Asset Risk Examples

SDV3 scores are used to populate the charts and graphs on the SDV3 Dashboard

  • In the example below 12 data assets are captured (10 shown), including Email servers, Amazon S3 buckets, a collection of local Workstations, Databases, etc.
    • The bottom of the bar graph displays "1-10 of 12 Assets"
  • Note the following about these examples:
    • File Server 001 - In the example below data asset File Server 001 has the highest risk, with a total Ordinal risk score of 229 (out of 300):
      • Value - 73
      • Volume - 58
      • Vulnerability - 98
      • Risk = 229 (73+58+98)
    • File Server 001 has a total Monetary value of $39,658,200!
    • The sensitive data on the File Server 001 data asset requires Remediation as soon as possible!

Data Asset Risk by Monetary Amount

  • Note the Monetary example below with pink bars - "Example - Top Data Asset Risk - Monetary"
  • The data asset with the highest Monetary value at risk is a file server named "File Server 001," which contains nearly 40 million dollars of data risk!
  • Note that oridnal data asset risk does not necessarily align with monetary asset risk:
    • Workstations - 4th in Ordinal Data Asset Risk (score of 191) - is 2nd in Monetary Asset Risk!
    • Workstations have a Monetary value of $14,750,576!
  • The sensitive data on both the data assets "File Server 001" and "Workstations" requires Remediation as soon as possible!
  • All Data Asset Risk should be completely remediated or kept as low as possible
  • Click the right arrow at the bottom of the chart to view additional Assets

Example - Top Data Asset Risk - Ordinal
Example - Top Data Asset Risk - Ordinal values
Example - Top Data Asset Risk - Monetary
Example - Top Data Asset Risk - Monetary (USD) values

Risk Posed by Assets - Top 10 Highest Impact Assets

  • The chart "Top 10 Highest Impact Assets" displays the ten highest impact assets by the value type set:
    • Ordinal: Uses a relative scoring system. Scores range from 0 (low impact) to 100 (high impact). See example screenshot below
    • Monetary: Uses USD currency ($), from 0-unlimited
  • Chart details:
    • Y-axis (left side) measures Value
    • X-axis (bottom) measures Vulnerability
    • Assets on the graph positioned highest on the y-axis and furthest to the right on the x-axis are the most vulnerable, highest-risk assets, and require Remediation
    • Hover over a data asset to view the SDV3 value (Ordinal or Monetary).

      Top 10 Highest Impact Assets Example - Highest Impact Asset
      Example chart of Assets that pose the greatest data risk, by ordinal value

Total Risk - What is it and How is it measured?

Total Risk represents the overall total Risk score for your entire organization over time.

  • The risk of all of your data assets is combined and averaged to create the Total Risk Score.
  • Ordinal score ranges from 0 (no risk) to 300 (very high risk)
  • Monetary score shown in USD ($), ranges from 0 to unlimited
  • Hover over a data point to view the total risk score for that time period.

    Total Risk graph
Note: See Example Data Asset Inventory Setup for sample setup instructions

Total Risk Over Time - Optimal Trend vs. Observed Trend

Note that Total Risk measurements over time in the SDV3 Dashboard should not increase over time - this indicates that the amount of sensitive data in your organization and the risk imposed by that data, is growing. This INCREASES the odds of a data breach as well as the total impact of such a breach.

  • Total Risk rising over time is a warning
    • Investigate to determine if any of the following is true:
      • Your organization has added assets without proper controls
      • Changes in your organization have resulted in existing assets no longer being subject to proper security controls
      • Changes to your IT policies (such as email or other data archiving) have caused gaps in data security
      • New personnel do not follow proper data security protocols
  • Take steps to keep your Total Risk score as low as possible, and trending downward over time.

Total Risk over time in your organization should trend down, as shown in graph below:

Example - Total Risk of Assets Over Time Down trending - ordinal measurement

How to Investigate Risk Assets

Once you identify your riskiest assets, archTIS recommends you remediate the sensitive data at risk. First, learn more about the assets that contain the sensitive data. There are multiple ways to do this. The steps below represent one possible path to take:

  1. From the left-side navigation menu, select "Data Asset Inventory > Data Assets and Targets."
  2. The "Data Assets and Targets" page opens. The ASSETS tab is selected, by default.
  3. Sort the table shown by the desired column. Sort by SDV3 Risk at far right to bring the riskiest assets to the top of the table.
  4. The data assets identified in the example above, "File Server 001," and "Workstations," are shown in the table of assets, sorted by SDV3 Risk, in the screenshot below. The 'i' info icon reveals more information.
  5. Select an asset and from the more options menu at the far right of the table row select "View Asset Details."
  6. The Asset Details page opens with the DATA CONTENT tab selected, by default. See the "Asset Details" screenshot below.

Example - Data Assets sorted by risk for investigation

Note: Depending on your goals, multiple paths to reduce data exposure or improve your data asset risk posture are possible. This example provides one scenario, but your specific path will vary depending on your specific needs.

Asset Details

Detailed Scoring Breakdown: Value, Volume, Vulnerability

SDV3™ is a dashboard showing the Value, Volume, and Vulnerability of your sensitive data sorted by various criteria.

  • Below is a detailed breakdown of the calculation of the 3 V's - ValueVolume, and Vulnerability.

Value

The value of your sensitive data (data assets) is calculated using the amount and weighting of the sensitive data.

  • The number (quantity) of each asset is multiplied by its weight to yield the total value of the asset itself.
  • All asset total values are then summed to yield a Total data value, or Value score.

Example:

  • 10 social security numbers (SSNs) with a weight of 10 = an SSN value of 100 (10 x 10)
  • 5 credit card numbers (CCNs) with a value of 50 = 250, (5 x 50)
  • The Asset data value total = 350, (100 + 250)
  • Subsequently, the Asset Value receives a score based on the Total Asset Data Value.
    • This normalizes the number for a simpler SDV3™ Risk score.
    • Total data value (TDV) = Value score (V1)

Volume

Total number of matches receives a total count score which indicates the Asset's Volume.

  • The total count score is normalized in a scale of 1-100 and becomes the Asset Volume Score.
  • Total matches (TM), normalized on a score of 1-100 = Volume score (V2)

Vulnerability

Total number of matches receives a total count score which indicates the Asset's Volume.

  • Each variable is given a score.
  • The values for both variables (Asset Type and Security Measures) are assigned a base score by the user in the Asset section of the Data Asset Inventory in SDP.
  • The total of these values is the Vulnerability Score (V3):
    • Asset Type (AT) + Security (SP) = Vulnerability Score (V3)

*All data is normalized to fit a scale of 1-100

*All data is calculated from the results of the LAST COMPLETED SCAN

Was this article helpful?

Powered by Product Fruits