![white-logo.png]](https://www.livingsecurity.com/hs-fs/hubfs/white-logo.png?height=40&name=white-logo.png){kind=logo}
Behavior Score Calculation
The Behavior Score focuses solely on user behaviors across six security categories: Data Security, Device Security, Phishing and Email, Training and Compliance, Authentication, and Web Security. It does not include external threats or other factors considered in the Human Risk Index (HRI).
The Behavior Score ranges from 0-100 with a baseline of 70.
The default calculation timeframe is 90 days, but can be adjusted.
If an identity has no behavior insights detected, they will have the baseline behavior score. Their score will change based on the behaviors detected and their weight, improving with vigilant behaviors and decreasing with risky behaviors. Our recommended baseline behavior score is 70, but this can be adjusted.
Vigilant behaviors detected add points to the baseline score. Examples of vigilant behaviors include:
- Completing training
- Utilizing MFA
- Reporting phishing emails
Risky behaviors detected subtract points from the baseline score. Examples of risky behaviors include:
- Sharing Sensitive Information
- Attempting to Access Blocked Websites
- Installing Malware
Score Customization
1. Set the Baseline Score
The baseline score is the score for an employee with no observed vigilant or risky behaviors. This is the starting point from which they can either improve or reduce their score based on their risky/vigilant insights detected.- Scores range between 0-100
- We recommend starting with the current baseline score of 70 to include enough opportunity for an employee to reach the max score of 100 for vigilant behaviors.
2. Adjust Weighting
As long as the total possible score is 100 points, points can be allocated across the tracked behaviors to adjust the impact of risky/vigilant insights. When new behaviors are added, points should be reallocated to maintain a score of 100.
3. Consider the impact of vigilant vs. risky behaviors
It’s important to provide employees with opportunities to demonstrate both types of behaviors, risky and vigilant, to create additional data points and a more robust and accurate behavior score. Examples include optional training, improving credential hygiene, and reporting simulated phish.
4. Focus on Organizational Goals
Customize the score by focusing on behavioral insights that align with your security initiatives. Consider the available risky and vigilant behaviors by looking at the observed behavior insights in your Unify platform, then adjust scoring to reflect your organizations priorities. Ex: MFA is required for compliance, so insights related to MFA have a higher impact on the score than add/reduce more points than password manager insights.
5. Configuration Constraints
The Behavior Score focuses solely on user actions surfaced as behavior insights from integrations enabled. It does not include external threats or other factors considered in the Human Risk Index (HRI).
6. Adjust over time
Review and adjust the score configuration as new behaviors become measurable or organizational goals evolve.
Scorecard Template Customizations
The scorecard template can be customized to reflect your organization's security culture in the following ways:
- Change, add, or remove logo
- Change name and image representing the risk categories.
- 90-100: Vigilant
- 80-89: Somewhat Vigilant
- 70-79: Neutral
- 60-69: Somewhat Risky
- 0-59: Risky
- Show or hide count of insight detections
- Show or hide point effect of insights
- Update insight and security category descriptions to include internal language, calls to action, or links to internal tools
Request Score and Scorecard Template Customizations
- Use the scorecard customization form here to document your changes
- Schedule time with your Customer Success Manager to review form, discuss any score changes and submit your changes.
All customizations are based off our standard scorecard
