What is your risk profile?

Learn about how your risk profile can help you understand your security posture and potential attack vectors in your attack surface.

Written by Abi Tyas Tunggal

 

Your risk profile helps you instantly understand your organization's security posture by providing your security rating over the last month, quarter, or year. Below your security rating, we provide individual risk details across six categories: website security, email security, network security, brand & reputation risk, phishing & malware, and questionnaire risks. By default, the most severe risks will appear first.

Each risk has a finding, risk, category, and the number of domains impacted. When you click on a risk, we provide additional information about the risk and show the domains that are affected.

If a risk is in remediation, you’ll see an information bubble that shows the number of domains in remediation too.

You can also filter your risk profile by category (1) or by label (2), export to PDF or Excel (3), and create a remediation request (4).

The rest of the page lists the current risks for each IP address or domain and the date each risk was first detected.

Your Risk Profile and Subsidiaries

If you have Subsidiaries as part of your plan, you'll also be able to toggle the inclusion of your subsidiaries in your risk profile by clicking Company and subsidiaries.

When you toggle the inclusion of your subsidiaries on your risk profile it will open up a view that is similar to Portfolio Risk Profile but focused solely on your subsidiaries.

This view summarizes all identified risks found across your organization and its subsidiaries. Each identified risk includes a severity, name, risk type, category, and the number of companies impacted.

Note: Even though risks from your organization and its subsidiaries are rolled up into one view, each entity still has its own entity score. That is, your score does not factor in any of your subsidiaries' scores.

By default, findings are sorted by severity, with critical items at the top. This is great if you want to understand the shared risks across your organization and its subsidiaries. For example, if you wanted to find all the organizations who were didn't have SSL available, you could click on Apply filters in the top right corner of your screen and then filter by website security in filter by risk category.

From here you can click on the risk to see the companies that are triggering the risk. This view shows the companies that trigger the risk, their security rating, and their individual domains that have the risk.

To view the individual domains that trigger the risk, click on the organization you wish to view the domains for. In this example, I have clicked on Greg's Workshop.

 

See also: