Risk configuration

Omada Identity calculates risk scores of resources and identities based on which classification tags are associated with Systems, Resources, Resource folders, Identities and Business contexts (such as Org. units).

To be able to perform the calculation of risk scores, risk categories need to be available for the risk calculation.

The following table shows the out-of-the-box risk categories, available from Setup > Master Data > More > Classification Tag Categories:

Classification Tag Category	Value (Classification Tag)
Criticality (defined per system based on vulnerability analysis)	Non-critical Critical
Data Classification (defines the confidentiality level for the resource)	External Internal Confidential Sensitive Secret
Privileges (defines the access security for the resource)	Read Write Approve/Assign Administrator
EU General Data Protection Regulation	Personal data Personal sensitive data High risk data Medium risk data Low risk data
Resource classification	Business critical System administration Privileged access

Risks are specified on the classification tags that a given resources or system has.

You can assign risk value to the classification tags, and risk weight to the classification tag categories, using numerical values. By using the risk weight, you can use the same risk value scale (for example, from 1 to 10) across all tags within different categories, and thus verify whether a given value is a low or high risk within the category, and apply the weighting to manage the varying risk severity of the categories.

Risk score calculation includes only the classification tag categories where the risk weighting has a value. In the example below, the "EU GDPR" and "Resource classification" categories are excluded from the risk score calculation.

tip

You can add new classification tag categories if more are needed for your risk score calculation purposes. For information on how to manage tag categories, refer to the data classification section of the documentation.