Risk configuration
Omada Identity calculates risk scores for resources and identities based on the classification tags associated with:
- Systems
- Resources
- Resource folders
- Identities
- Business contexts (such as organizational units)
Out-of-the-box classification tag categories
The following table shows the out-of-the-box risk categories available under Setup > Master data > Classification tag categories:
| Classification Tag Category | Value (Classification Tag) |
|---|---|
| Criticality (defined per system based on vulnerability analysis) | Non-critical Critical |
| Data Classification (defines the confidentiality level for the resource) | External Internal Confidential Sensitive Secret |
| Privileges (defines the access security for the resource) | Read Write Approve/Assign Administrator |
| EU General Data Protection Regulation | Personal data Personal sensitive data High risk data Medium risk data Low risk data |
| Resource classification | Business critical System administration Privileged access |
Risk is determined by the classification tags assigned to a resource or system.
Risk values and weights
Risk configuration consists of two components:
-
Risk value – assigned to individual classification tags. Available under Setup > Master data > Classification tags.
-
Risk weight – assigned to classification tag categories. Available under Setup > Master data > Classification tag categories.
Using risk weight allows you to:
- Apply the same risk value scale (for example, 1–10) across different categories.
- Adjust the relative importance of each category.
- Reflect varying severity between different risk dimensions.
Making a category relevant for risk calculation
Risk score calculation includes only classification tag categories configured as Relevant for risk calculation.
In the example below, the EU GDPR category is set as relevant and is therefore included in the risk score calculation.
The Risk weight field becomes available only after the Relevant for risk calculation checkbox is selected. If the checkbox is not selected, the Risk weight field is not visible, and the category is not included in risk score calculation.
Extending risk categories
You can add new classification tag categories if additional dimensions are required for your risk model.
For more information on managing tag categories, refer to the data classification section of the documentation.