Working with SDV³™

• Overview

• Risk Valuation

• Data Type Value Scoring

• Access the SDV3 Dashboard

• Detailed Scoring Breakdown: Value, Volume, Vulnerability

Overview

SDV³™ is a dashboard showing the Value, Volume, and Vulnerability of your sensitive data sorted by various criteria.

• Value:

  • A measure of each data type's value (ordinal or monetary), as set under Settings>Global Data Types.

  • You can use ordinal or monetary value per item. (This is a required setting.)

  • For value scores, see Data Type Value Scoring below. Also see Global Data Types.

  • Set your Data Type Values based on your business requirements.

• Volume:

  • The total number of Asset matches identified as the result of a scan.

    • Example: A scan discovers 8,000 social security numbers in various locations across your environment

  • The "Type" and/or "Category" of scan can be used to manage Volume and mitigate risk.

• Vulnerability:

  • Vulnerability is a reflection of an Asset's security posture.

  • The "Security Measures" applied to an asset as part of your organization's security requirements will reduce Vulnerability from 100.

Risk Valuation

• A Risk Valuation is displayed in the dashboard that shows how vulnerable you are in any particular data asset.

• See Data Type Value Scoring below for value settings.

• Your business requirements will determine what is an acceptable valuation.

Data Type Value Scoring

• (Ordinal) scale ranges from 0 (no risk) to 300 (very high risk).

• Monetary scale (in dollars) default values are taken from various reports such as the IBM data breach report, Gartner, and Ponemon.

  • For example, the Social Security Number Data Type is set to a dollar value of 165 ($165.00 per SSN instance).

• Ordinal and Dollar values are set under Settings > Global Data Types. See below.
  
  

  

Access the SDV³ Dashboard

1. From the left menu, click Data Asset Inventory.
   
   

2. The SDV³ Dashboard displays data in three charts in ordinal or monetary values.

3. To switch between value types, slide the toggle.
   
   

Note: See Example DAI Setup for sample setup instructions.

Detailed Scoring Breakdown: Value, Volume, Vulnerability

SDV3™ is a dashboard showing the Value, Volume, and Vulnerability of your sensitive data sorted by various criteria. Below is a detailed breakdown of the calculation of the 3 V's - Value, Volume, and Vulnerability.

Value

The value of your sensitive data (data assets) is calculated using the amount and weighting of the sensitive data.

• The number (quantity) of each asset is multiplied by its weight to yield the total value of the asset itself.

• All asset total values are then summed to yield a Total data value, or Value score.

Example:

• 10 social security numbers (SSNs) with a weight of 10 = an SSN value of 100 (10 x 10)

• 5 credit card numbers (CCNs) with a value of 50 = 250, (5 x 50)

• The Asset data value total = 350, (100 + 250)

• Subsequently, the Asset Value receives a score based on the Total Asset Data Value.

  • This normalizes the number for a simpler SDV3™ Risk score.

  • Total data value (TDV) = Value score (V1)

Volume

Total number of matches receives a total count score which indicates the Asset's Volume.

• The total count score is normalized in a scale of 1-100 and becomes the Asset Volume Score.

• Total matches (TM), normalized on a score of 1-100 = Volume score (V2)

Vulnerability

An Asset's Vulnerability is measured by the Asset Type and Asset "Security Measures".

• Each variable is given a score.

• The values for both variables (Asset Type and Security Measures) are assigned a base score by the user in the Asset section of the Data Asset Inventory in SDP.

• The total of these values is the Vulnerability Score (V3):

  • Asset Type (AT) + Security (SP) = Vulnerability Score (V3)

*All data is normalized to fit a scale of 1-100

*All data is calculated from the results of the LAST COMPLETED SCAN