User risk score card

OutThink calculates a risk score for each employee. This is shown in the User scorecard.

The scorecard breaks the employee’s overall score into its components. Each component identifies a specific attitude or behaviours that make the employee high- or low-risk.

OutThink only calculates a risk score for employees who have completed a curriculum campaign.

RISK SCORECARD ELEMENTS

  1. Employee general information: Name, job role, department and user avatar (if available)
  2. Risk score: the employee’s overall risk score
  3. User tags: this section displays the tags OutThink has attached to the user, based on their performance and real world behaviour data from integrations. Using these tags, you can issue targeted training. To learn more about how to use Segmentation, please click here
  4. Access to sensitive information?
    • Yes – user reports handling sensitive information in the course of their work
    • No – user reports that they don’t handle sensitive information in the course of their work
  5. Psychographic profile: when OutThink has sufficient data on a user they are matched to a psychographic profile, providing more detail on their security attitudes and behaviours. To learn more about these profiles and how they can be used, please click here.
  6. Risk score components:
    • Knowledge: employee’s knowledge of security policies and recommendations. The score is based on responses to questions asked in training.
    • Compliance: the employee’s overall intention to follow security policy. The score is based on responses to questions asked in training.
    • Confidence: how confident the employee feels in their ability to work securely. The score is based on responses to questions asked in training.
    • Productivity: how far the employee feels able to work productively whilst following security policies and recommendations. The score is based on responses to questions asked in training.
    • Phishing: the employee’s historical performance in attack simulations carried out through the platform. This score takes into consideration the last 3 campaigns in which the user was involved
    • Behaviour: the overall security of the employee’s behaviour. The score is based on objective data from third-party security system integrations (e.g: Graph API)

Note: Customers who have elected to run the system in Enhanced Privacy Mode will only be able to see certain sections of the Risk Score Card (i.e. Employee General Information, Training/Untrained tag, Handles Confidential Information and Active Campaigns sections.)