Breach Risk
      Back to home
      1. UpGuard Knowledge Base
      2. UpGuard Platform Quick Start Guide
      3. Breach Risk

      Getting Started with Breach Risk: Part 2

      Organize your data, view and understand your rating

      This guide discusses functionality from across product tiers and may reference functionality not available on your account.

      Step 1: Organize  

      Decide how you want to organize data.  

      • Subsidiaries: Subsidiaries are separate entities owned by the parent company. Entities in the Subsidiaries module don’t affect your principle rating and you can evaluate them individually.
      • Asset portfolios: Use these to group domains, subdomains, and IPs, by who is responsible for managing them.
      • Create labels: Use labels to tag domains, subdomains, and IPs with any information you want to filter or report by. Examples:
        • domain type (marketing, product, etc).
        • data access (access to PII data, etc).
        • designate who is responsible for an asset (if you don’t have asset portfolios).
        • designate subsidiaries (if you don’t have the Subsidiaries module). In this case, subsidiaries do not have separate ratings.

      Step 2: View your rating

      UpGuard uses a risk rating to help you (and others) understand your security posture. Once you’ve set up the platform (e.g. confirmed domains and IPs), you’ll have a baseline rating to begin investigating. Your goals:

      • Raise or maintain your score to the level you want.
      • Everyone starts with a rating of 950 and any identified risks detract from your score. Evaluate risks to understand (and hopefully improve!) your security posture. Your score improves as a side effect of addressing risks.  

      When viewing your rating, you’ll be able to choose what you see:

      • (External) Your automated risk rating
      • (External) Your automated risk rating with public waivers applied
      • (Internal) Your automated risk rating with private waivers applied

      Step 3: Understand your rating

      UpGuard performs non-intrusive scans every 24 hours. These scans inform your rating.

      Your rating is determined by:

      • 10 categories — each carrying a different weight (e.g. one category weighs 19%, another weighs 1%).
      • Risks — ranked as critical, high, medium, low*.
      • Vulnerabilities — typically associated with a risk.

      Risks, their ranking, and their category determine your risk rating.

      From Exec Summary

      • View your overall rating and each category’s rating
      • View how many risks there are in each category

      *There are also informational risks, but these do not affect your score.

      Up next: Getting Started with Breach Risk: Part 3