Security risk is an outcome of the likelihood of a security incident and its ensuing impact on your organization. For example, data breaches can lead to loss of sensitive information such as personal and financial data, causing financial and legal implications. Cyberattacks and malware can compromise systems and networks, leading to disrupted operations and downtime, revenue loss, and damaged customer relationships.

Likelihood refers to any unwanted security incident (data theft, credential exposure, publicly exposed sensitive data, etc.) that can occur, putting the data and organization at risk. In the context of DSPM, likelihood refers to the derivative of policies that match the attack vectors in the data store, with a possibility of a data breach.

Impact is the potential damage to the organization if there's a data breach. The severity of the impact is based on the sensitivity level of the data found and volume of data.

Zscaler takes into account both likelihood and impact when calculating the risk.

DSPM scans data stores for sensitive data and determines the risk based on true impact. That is, DSPM scans the entire data in the data stores but calculates the impact based on that portion of data that is at risk and not the entire data (some of which is actually secure).

For example, let's consider an EC2 instance that is a primary resource, and it contains two EBS volumes as associated resources. The first EBS volume has 100 sensitive records that are encrypted and secure, and the second EBS volume has 50 sensitive records that are not encrypted. DSPM calculates the risk score for both EBS volumes, as both contain sensitive records and both have a certain volume of such records. To evaluate the likelihood, the first volume is secure, and the likelihood for this volume to be breached is very low. But the likelihood for the second volume to be breached is much higher. In the total outcome, the first EBS volume does not contribute anything to the EC2 risk score and the second EBS volume represents most of the risk score.

Risk Score

The risk score is calculated based on the following factors:

• Likelihood is a derivative of the matched policies. Modifying the policy severity impacts the likelihood score.
• Impact is a derivative of sensitive data. Running the sensitive data configuration has an effect on impact.

Currently, there is no other way to override the risk score.

You can view the risk scores on the dashboard.