Risk management overview

Context-based access policy decisions can be based on the risk score. The risk score is calculated based on the active risk profile attributes that are retrieved from the user. The system allows for multiple risk profiles to be defined, but only one is active at run time. Each attribute included on a risk profile has an assigned weight to be used while calculating the risk score of a given request. The active risk profile attributes are evaluated to determine Whether a user should be granted access to a protected resource. A policy author can rely on the risk score to enforce stronger authentication mechanisms or to perform device registration.

To get started work with:

Attributes	ISAM provides a predefined set of attributes that are ready to use without any customization. Optionally, we can add attributes that can come from: Standard HTTP headers HTTP FORM parameters Client-side JavaScript files collected into the attribute collection service Custom attributes defined by writing custom JavaScript files
Obligations	ISAM provides a predefined set of obligations that are ready to use without any customization. Optionally, we can update or define our own obligations.
Risk profiles	ISAM provides a predefined set of risk profiles that are ready to use without any customization. Optionally, we can update or define our own risk profiles to calculate the risk score. A default risk profile is set as active when we configure the appliance. This risk profile is not intended to be used in a production environment. Set a different risk profile before using risk profiles in the production environment.
Policies	Create policies that evaluate requests based on attributes and obligations that we defined and the risk decisions that we want to make.

See also

• Risk score calculation
  
• Risk reports
  
• Configure risk reports
  
• Accessing risk reports
  

Parent topic: Advanced Access Control administration