Getting Started

Protecto Overview
- Introduction
  Quickstart Guide
  Protecto Vault
  What is a token?
  Token customization
  Authentication
  Tokenization APIs
  Masking
  Mask with token
  Mask with format and token
  Identify and mask (Auto-detect)
  Unmasking
  What happens if an API fails?
  Asynchronous API's
  Bulk data
  Add new data source
  Snowflake
  Create and grant access to Protecto
  Add Snowflake to Protecto
  Salesforce
  Create connected app and user
  Steps to create connected app
  Steps to create Protecto user
  Add Salesforce to Protecto
  Azure SQL
  Connect using AD Application credentials
  Connect using database user credentials
  Databricks
  Add Service principal (Azure AD Application) to Databricks
  Steps to create Azure Databricks Cluster
  Steps to create Databricks python notebook and schedule job
  Redshift
  Create and grant access to Protecto user
  Add Redshift to Protecto
  Protecto FAQ's
  1. What are the steps after we sign up for a Protecto account?
  2. Can I sign up for a free account? How long is the trial period?
  3. What is Protecto license key? How can I get a new license key?
  4. How do I extend the trial period?
  5. What is the Protecto pricing model?
  6. How do I cancel my account?
  7. How do I unsubscribe / opt-out from emails?
  Compliance User Guide
  Risk Identification: Key Definitions
  Understanding Risks
  Find assets with severe breach risk
  Filter assets by breach risk level
  Find assets with other privacy risks
  Understanding Usage
  Find the data assets that were accessed
  Find the data assets that are not used
  Add Tags & Classification
  Add tags globally
  Classify tags to the categories
  Add tags with category to the data assets
  Remove tags with category from the data assets
  Governance
  Find all data assets
  Add/delete purposes
  Assign data owner for a data asset
  Add/delete consent, data subject type and location for a data asset
  Add/update retention time for a data asset
  Add/update minor data for a data asset
  Generate Compliance Reports
  ROPA (Records of Processing Activities)
  DPIA (Data Protection Impact Assessment)

Powered by GitBook

On this page

Risk Identification: Key Definitions

PreviousCompliance User Guide NextUnderstanding Risks

Last updated 1 year ago

Here is a quick overview of the key definitions of Protecto.

General

User Types

Data Types

Data Assets

Data tables or data objects.

Security Risk or Breach Risk

Estimated security risk based on the type of Personal Information (PI/PII/Sensitive), size of the table, and extent of access privileges.

Risk Level - Breach Risk

Based on the calculated breach risk, we categorize the severity of breach risk into 4 types:

Severe
High
Medium
Low

Excessive Access Privileges

Good: Many users have access to the data asset, and more than 20% are active users.

Broad: Many users have access to the data asset, but only 5% to 20% of users are actively using the data.

Excess: Many users have access to the data asset, but less than 5% are active users.

Stale Data by Risk

Estimated risk based on the number of unused data assets in the past 90 days.

Privacy Risk Data

Estimated privacy risk of a data asset based on the type of personal data (PI/PII/Sensitive), size of the table, and activities.

Privacy Risk (Data Usage)

Estimated privacy risk of a data asset based on the type of personal data (PI/PII/Sensitive), size of the table, and activities in the past 90 days.

Risk level - Privacy Risk

V High: High risk of data privacy violations. The data likely contains PII and may not have the necessary controls or accountability.

High: Above average risk of data privacy violations. The data may contain PII and may not have the necessary controls or accountability.

Medium: Moderate risk of data privacy violations. The data may contain some personal data, likely non-identifiable.

Low: Low risk of data privacy violations.

Active Stale Infrequent

Active: Data assets that were accessed multiple times in the last 90 days.

Stale: Data assets that were never accessed in the last 90 days.

Infrequent: Data assets that were accessed once the last 90 days.

Activities Count

The number of times the data asset was accessed.

Data Catalog

The data governance team can view the list of data assets, where they can add consent, data subject type, data subject location, and tags for the data assets.

Purposes

The data governance team can add new purpose, data subject type, and consent so that it will get reflected in the Data Catalog page.

Data Governance / Compliance Manager

The governance team identifies risks and tracks governance metadata needed for compliance from data teams. Security team can login as governance manager to view high risk data, overexposed data and inactive access privileges.

Data – Business Owner

They provide the governance team with privacy and compliance metadata such as data subject type, location, retention, consent, etc.

Data Users, Applications

Users or applications that access and use the data.

Data Types

PI: Personal Information. You cannot identify the individual only with PI data (e.g., person country, DOB)

PII: Personally Identifiable Information. You can identify the individual with PII data (e.g., name, email)

Sensitive: e.g., race, genetics, religious preferences