This article shows you how to use :Respond to determine Definitive Disclosure Risk.
Introduction
Disclosure Analysis allows you to determine the relative skill an attacker would need in order to acquire plaintext associated with SSProtect'd content. Different than other offerings that provide some measure of Risk based on dynamics, machine learning, AI, heuristics, and extrapolation, :Respond provides objective disclosure risk insight resulting from actions specific to managed content.
This article provides details specific to Disclosure Risk Analysis, with general use common to all Analysis Types described in the article, Using :Respond. For a general overview, refer to the article, :Respond Introduction.
Setting Up a Disclosure Risk Execution
The :Respond UI is accessible from the SSProtect notification icon's context menu by selecting Disclosure Risk Analysis and/ or choosing Disclosure Risks from the dropdown at the top left:
Disclosure Risk analysis utilizes the following additional features:
- 3rd Party Reports; generates Reports for Third Party Trusts (see below)
- Suppress PrePeriod; ignores pre-period plaintext remnants in the final output
Analysis Period
The middle section of the dialog provides controls that manage the Period for which a Disclosure Risk Analysis is performed (disabled when choosing Data Integrity Analysis):
- Last X allows you to choose a certain number of prior Days from a given End Date
- Distinct allows you to choose specific starting/ ending dates and times
Distinct Period Presets
Use the button to the right of the Period controls to cycle through Last Month, Last Week, or 2d Periods (the latter only available when Distinct is used). Reset Dates modifies the target end date/ time to the current day's midnight UTC; using 2d instead of a single day makes certain a current local timezone's 24h period is covered.
Distinct Period Format
The Distinct format must follow that shown, i.e. 00:00:00 for Time, and mm.dd.yyyy for Date. Any deviation will fail when interpreted by the system. Be sure to 0-pad any single-digit value, i.e. 1:00am should be keyed in as military time, i.e. 01:00:00 and 1pm - 13:00:00; January 5th, 2019 would be 01.05.2019.
Analysis Scope and Third Parties
Data Disclosure Risk Analysis is performed for all Organization Accounts. Content is always for all actions undertaken by these Accounts in the target Period. Some of this content may include access to materials shared by a Third Party. This requires that an external Organization configure your Organization Accounts/ Users as Third Party Trusts, explained in the article, Managing Third Party Trusts.
Managing Trusting Third Party Report Visibility
When you choose the 3rd Party Reports option, Disclosure Risk Analysis generates individual Reports specific to use of shared content. These Reports are available to Trusting Third Parties, though only after you review and Approve, as explained below.
After an Analysis execution completes, and when an Analysis is not executing, and if your Analysis Set selection is for a Disclosure Risk Analysis that utilizes the 3rd Party Reports option, the right-most button above the Report List will transition to Report List for you to transition to view the set of Third Party Reports available for review and Approval.
Choose any Trusting Third Party from the list, then View Report to see Disclosure Risk data for information shared by the Trusting Third Party and used by any of your Organization Users during the Analysis Period. Choose Approve to make this report visible in the Third Party's Analysis Set list, Remove if you wish to, "rescind" access. This generates email notification for the Third Party Privileged Users so they know to access the Disclosure Risk display to find the new SHARED Report.
The line-item's associated Approved By and Approved On reflect Approve operation, whereas action by the Trusting Third Party to review SHARED reports (as shown in their Analysis Sets listing) is displayed in the Reviewed By and Reviewed On columns. As expected, Remove operation is shown in the Removed By and Removed On columns (not shown above, but included with the final v6.4.0 release), though this is rarely used.
Analysis Line-Item Details
On the original page (which you can reach by choosing Analysis Sets from the Report List), you will see the resulting Analysis Set after you click Report (to complete the Analysis, as noted in related documentation). The resulting line-item includes the date/ time (UTC) the Analysis was started, the owner (an Organization Administrator, Delegate, or Individual Account, which will be your Account for these purposes), and the additional details explained below.
The Risk/ Results column reflects the, "progression" from the lower bound of resulting Risk to the upper bound, and includes a number to indicate which boundary the resulting Risk is closest to. For example, the result may be, Low to Moderate (60), which indicates that the overall average risk is between a Low risk rating and a Moderate risk rating, though it's 60% of the way to Moderate. When it reaches 100%, the rating will only be the specific Risk level, i.e. Moderate in this case. For details, refer to the article, Definitive Disclosure Risk.
The Parameters column enumerates options for the given Analysis Set, described in the article, Using :Respond.
You will find all the related details in associated Reports, which you see when you complete each Analysis using the Start/ Report button. This is the same data you see when choosing the associated line-item and choosing, View Report.
For details, refer to the article, :Respond Reports. To walk through an example, refer to the article, Disclosure Risk Example.
Shared Reports
When you are the recipient of a Third Party Trust Disclosure Risk Analysis, and a Report has been reviewed and Approved for your visibility (noted above), your Analysis Set list will contain a Report with SHARED detail columns. Any of your Organization's Privileged Users can Remove this Analysis Set, taking it out of your list and making in inaccessible. You can't regenerate content since it's executed by another Organization, though of course you can contact their SSProtect team and submit a request to run another Analysis on your behalf.
Additional Resources
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to support@definisec.com, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v9.8.0 of the :Foundation Client