CPC H04L 63/1416 (2013.01) [G06Q 10/06398 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01)] | 20 Claims |
1. A computing system comprising one or more processors configured to:
receive, via a data channel from an agentless monitoring data source, user activity data associated with a first computing device of a first user;
determine a policy violation based on the user activity data;
compare employee-related information associated with the first user to a threshold;
determine a baseline level of risk based on the employee-related information exceeding the threshold;
determine a user score based on an impact dimension and at least one of a threat dimension or an exposure dimension, wherein the impact dimension comprises a permissions component defining a number of active accounts accessible by the first user and an access component defining a number of inactive accounts associated with the first user, the threat dimension comprises a relative component, and the exposure dimension comprises a technical component;
determine a probability of an adverse event based on the baseline level of risk and the user score;
generate a user-interactive electronic notification comprising an indication of the probability of the adverse event; and
transmit the user-interactive electronic notification to a second computing device.
|