Introduction
Cybersecurity threats are on the rise, and your organization may be vulnerable due to risky employee behaviors and limited visibility into organizational factors that affect your security posture. To address these challenges, you need tools that provide granular insights, actionable metrics, and real-time intervention mechanisms.
The Behavioral Risk Indicator (BRI) empowers you to measure and analyze cybersecurity risks across two key areas:
- Behavioral: The individual actions your employees take that impact security.
- Cultural: The broader organizational factors, such as training, policies, and platform usage, that influence your security posture.
With BRI, you receive an overall risk score that helps you identify, prioritize, and address key areas of improvement, enabling your organization to reduce security risks and improve your cybersecurity culture.
Challenges addressed by BRI
- Lack of granular insights into individual and collective employee actions.
- Limited mechanisms to measure and mitigate behavioral risks.
- Absence of real-time interventions for risky behaviors.
- Insufficient analysis of how organizational culture and policies influence security.
How BRI helps you
- Empower your organization to manage and reduce cybersecurity risks.
- Provide visibility into employee behavior and cultural factors that influence security posture.
- Offer behavior-focused security insights to drive platform best practices.
- Enable data-driven decisions to strengthen your organization's security posture.
BRI terminology
- Behavioral Risk Indicator (BRI): Your overall risk score, combining individual and cultural factors, to give you a comprehensive view of your security posture.
- Behave (70% weight): Tracks individual employee behaviors that impact your organization’s risk.
A. Security Behavior Indicator (SBI): Measures the actions of your employees (e.g., response to phishing simulations, reporting suspicious emails) that impact security.
B. Security Behavior Trend (SBT): Tracks trends in employee security behavior over time.
- Culture (30% weight): Reflects how well your organizational culture supports security best practices.
A. Organizational Security Influence (OSI): Measures the impact of platform modules (like training and phishing simulations) on your organization’s security culture.
B. Security Implementation Score (SIS): Assesses how effectively your organization utilizes platform features to strengthen security.
BRI structure and calculation
The BRI score offers you a comprehensive, ongoing view of your organization's security posture by factoring in both employee behaviors and organizational cultural influences.
How your BRI score is calculated
1. Collecting behavioral events
- Behave: Tracks employee activity across platform modules. Behaviors can be individual actions (e.g., clicking on a phishing simulation link) or patterns observed over time (e.g., consistently reporting phishing emails).
- Culture: Tracks your organization's security-related actions that impact employee behaviors. This includes actions like activating all platform modules or skipping training campaigns.
2. Event classification
- Each event is categorized as either Safe or Risky.
- Safe Events: Assigned a negative weight, reducing the BRI score.
- Risky Events: Assigned a positive weight, increasing the BRI score.
3. BRI score calculation formula
BRI = (0.7 \times Behave) + (0.3 \times Culture)
Where:
Behave = (X1 \times SBI) + (X2 \times SBT)
A. SBI (Security Behavior Indicator): Aggregated score of all employee behaviors marked as events.
B. SBT (Security Behavior Trend): The trend of employee behaviors over time.
- Culture = (Y1 \times OSI) + (Y2 \times SIS)
A. OSI (Organizational Security Influence): Measures how much each platform module impacts the overall BRI score.
B. SIS (Security Implementation Score): Assesses how well your organization adopts and implements security best practices using the platform.
BRI calculation
1. Behave score calculation
Aggregate all employee SBI and SBT behavioral events.
Apply respective safe or risky weights to each event.
Average the scores to calculate the Behave score.
2. Culture score calculation
Apply weights to each cultural event.
3. Final BRI calculation
The platform multiplies the Behave score by 0.7 and the Culture score by 0.3.
The two values are added to calculate the total BRI score.
BRI score cap
The BRI score cap, based on the Organizational Security Influence (OSI), indicates the impact of each platform module on the overall BRI score. Each module contributes a fixed percentage to the overall BRI score, making it easier for you to understand how each module affects your security posture.
How It works
- Each module’s contribution to the total BRI score is fixed, with a cumulative total of 100%.
- This approach offers transparency, showing you the security value that each module provides.
Fixed contribution of each module to the BRI score
|
Module |
Contribution to total BRI score |
|---|---|
|
AWARE |
25% |
|
PHISH3D |
25% |
|
SENSE |
25% |
|
PHISH Reporter |
25% |
When adding a new module, you will see an indicator of the minimum cap of your organizational BRI score. This cap indicates the potential improvement possible through the new module. However, it does not mean that the score will immediately decrease. Instead, it enables your employees to take actions that can reduce the BRI score over time.
Example If you have the AWARE and the PHISH3D modules and you add the SENSE module, you may see a minimum BRI score cap reduced to 25. This means that by fully utilizing the SENSE module's features and encouraging employee engagement, your organization can reduce its BRI score to at least 25. However, the actual reduction depends on employee actions, such as participation in training, compliance with phishing detection, and reporting of suspicious activities.
Before adding the SENSE
After adding the SENSE module
Group / Department BRI score
The BRI supports the calculation of Group / Department scores as a specialized case of the Organizational BRI score. The Group BRI score is calculated based on the employees associated with the specific group or department. This enables you to track, analyze, and improve the security posture of specific teams within the larger organizational structure.
The Group / Department BRI score follows the same calculation principles as the Organizational BRI score, but it limits the data scope to the employees assigned to a specific group or department. This provides targeted insights, allowing managers to focus on specific areas for improvement within their teams.
Example calculation
Behave score
- SBI (Security Behavior Indicator) = 25
- SBT (Security Behavior Trend) = 20
- Total Behave score = 25 + 20 = 45
Culture score
- OSI (Organizational Security Influence) = 30
- SIS (Security Implementation Score) = 34
- Culture = 30 + 34 = 64
BRI calculation
BRI = Behave (0.7 \times 45) + Culture (0.3 \times 64) BRI = 31.5 + 19.2 BRI = 50.7
How the calculation works
- The Behave score of 45 is weighted at 70%.
- The Culture score of 64 is weighted at 30%.
- The combined total is 50.7, indicating that the organization is within the 'Fair' category of security posture.
If you have any questions, please reach out to support@ninjio.com.
Comments
0 comments
Please sign in to leave a comment.