Job Titles and Risk Score Calculation
Originally, job-related risk was calculated based on keywords such as “CEO”, “Accounting”, and “Manager”. Since organizations use a wide variety of job titles, this original method may not have accounted for all potential risks. To help calculate job-related risks more accurately, we developed a new data-driven approach for predicting the risks associated with each job title.
This method analyzes user and manager data from the entire Security Awareness Training platform. This data is used to create a tiered model of all job titles, based on their responsibility to other titles. Then, each job title is assigned a score, based on their tier, and users with that job title are assigned that score. This score is reflected in their Job Function risk score factor. Click here for more information on Risk Score Factors.
In the example below, the highest tiered job title is President & CEO because they are responsible for all other titles. Both the Scholarships Administrator and Grants Administrator report directly to the President & CEO. The Grants Administrator only has a score of 3 while the Scholarships Administrator has a score of 5. This is because the Scholarships Administrator is responsible for another job title, so they are considered higher risk. This also demonstrates why using keywords, such as “Administrator”, isn’t as accurate as using a data-based calculation.
The model is retrained periodically and reconfigures risk scores to include newly learned job titles. This continually learning model helps maintain risk score accuracy and ensures all users who have a job title defined are assigned a score for their job function.