To access the Risk Assessment dashboard, click the corresponding tile in the main window. The IT risks are grouped into the following categories:
- Users and Computers
Within each category there are several key metrics identified by Netwrix industry experts who also suggested formulas for calculating metrics values. Risks are assessed against these metrics and displayed with the color indicators in accordance with the level:
- High — red
- Medium — yellow
- Low — green
After reviewing general risks assessment results in each category, you can drill-down to details covered in the underlying report— for that, double-click the selected metric or use the View Report button.
Customizing Metrics for Your Organization
Default threshold values for risk levels are set in accordance with recommendations of Netwrix industry experts, as described in How Risk Levels Are Estimated . They can be, however, easily customized to reflect your organization's internal security policies and standards. For that, do the following:
- In the dashboard pane, select the metric you need and in the Actions section on the right click Modify thresholds.
- In the dialog displayed, specify new threshold values for risk levels.
Click OK to save the settings and close the dialog.
Also, for several metrics the Customize risk indicators command is available.
|For metric...||Use Customize risk indicators command to...|
|File and folder names containing sensitive data||
Edit the list of words you consider to be indicators of sensitive content if detected in the file or folder name.
|Potentially harmful files on file shares||
Edit the list of extensions you consider to be indicators of potentially harmful files detected in the file share.
|Servers with inappropriate operating systems||
Edit the whitelist of permitted OS versions. Any other OS version will be considered a risk factor.
|Servers with unauthorized antivirus software||
Edit the whitelist of permitted antivirus tools. Any other antivirus will be considered a risk factor.
|Administrative group membership sprawl||
Edit the whitelist of permitted accounts that can be the members of local administrative groups. Any other account will be considered a risk factor.
NOTE: New settings will be applied/risk level thresholds will be refreshed after the next data collection session.
Delivering Assessment Results as a File
You can create a subscription to periodically receive IT risk assessment results by email or using a file share. For that, in the dashboard window click Subscribe and configure the necessary settings. See Create Subscriptions for more information.
You can also save current results to a PDF file, using the Export button in the dashboard window.