Getting Started with Breach Risk: Part 2

Organize your data, view and understand your rating

This guide discusses functionality from across product tiers and may reference functionality not available on your account.

Step 1: Organize  

Decide how you want to organize data.  

  • Subsidiaries: Subsidiaries are separate entities owned by the parent company. Entities in the Subsidiaries module don’t affect your principle rating and you can evaluate them individually.
  • Asset portfolios: Use these to group domains, subdomains, and IPs, by who is responsible for managing them.
  • Create labels: Use labels to tag domains, subdomains, and IPs with any information you want to filter or report by. Examples:
    • domain type (marketing, product, etc).
    • data access (access to PII data, etc).
    • designate who is responsible for an asset (if you don’t have asset portfolios).
    • designate subsidiaries (if you don’t have the Subsidiaries module). In this case, subsidiaries do not have separate ratings.

Step 2: View your rating

UpGuard uses a risk rating to help you (and others) understand your security posture. Once you’ve set up the platform (e.g. confirmed domains and IPs), you’ll have a baseline rating to begin investigating. Your goals:

  • Raise or maintain your score to the level you want.
  • Everyone starts with a rating of 950 and any identified risks detract from your score. Evaluate risks to understand (and hopefully improve!) your security posture. Your score improves as a side effect of addressing risks.  

When viewing your rating, you’ll be able to choose what you see:

  • (External) Your automated risk rating
  • (External) Your automated risk rating with public waivers applied
  • (Internal) Your automated risk rating with private waivers applied

Step 3: Understand your rating

UpGuard performs non-intrusive scans every 24 hours. These scans inform your rating.

Your rating is determined by:

  • 10 categories — each carrying a different weight (e.g. one category weighs 19%, another weighs 1%).
  • Risks — ranked as critical, high, medium, low*.
  • Vulnerabilities — typically associated with a risk.

Risks, their ranking, and their category determine your risk rating.

From Exec Summary

  • View your overall rating and each category’s rating
  • View how many risks there are in each category

*There are also informational risks, but these do not affect your score.

Up next: Getting Started with Breach Risk: Part 3