On This Page

Overview

A tracking group is a label (or category) that will be assigned to a file when a policy runs. A policy can contain multiple tracking groups, and each tracking group includes multiple pieces of information that determine everything from the criteria a file needs to meet to be a part of the tracking group to the actions that should be taken against the file in the tracking group. The tracking groups are the heart of the policy.

Understanding Tracking Groups

Tracking groups contain multiple pieces of information: priority, risk level, name, cost per incident, assignment rules, and actions.

Priority

DryvIQ evaluates the tracking groups in priority order--the order they are sorted within the policy. Although a file may match the rules for multiple tracking groups, a file can only exist in one tracking group, so it will be assigned to the first tracking group that is matched. Therefore, you should order your tracking groups from highest risk level to lowest risk level to ensure a file is always matched against the higher risk levels first.

Risk Level

The risk level identifies the sensitivity of the content within the file and how negatively the content could impact your organization if it were to remain in its current state. The risk level is defined at the tracking group level, so all files within the tracking group are classified as having that defined risk. For example, if you create a tracking group "Sensitive" and set the risk level to "High," any file that meets the criteria of the assignment rules for the tracking group is considered high-risk content and will be flagged accordingly.

Name

You assign a name to each tracking group. The name displays in all reporting for the tracking group. The group name should follow a logical labeling schema that helps identify the tracking group and the content the tracking group is designed to identify. The name is limited to 255 characters.

Cost per Incident

Each tracking group can be assigned a cost. This is the amount a file in the tracking group could cost the company in legal fees or penalties if it remains in its current state. For example, if a file contains sensitive data and is stored in a shared location (network shared drive, cloud storage platform, etc.), it could cost the company a set amount of money in fines if the company’s data were to be audited or if a security breach allowed that file to be exposed. The cost is included in the reporting for the tracking group so you can see the total cost for the tracking group (cost times the number of files in the tracking group).

Assignment Rules

Assignment rules are lists of entity types that should be run against a file. You can add multiple assignment rules to a tracking group, and each assignment rule can consist of multiple.

The list of entity types within a single assignment rule serves as an “and” condition. A file must match all the entity types listed for the file to be added to the tracking group.

Each individual assignment rule serves as an “or” condition. DryvIQ will compare each file to each assignment rule in a tracking group. If the file doesn’t match an assignment rule, DryvIQ will work through the subsequent assignment rules in priority order. As soon as the file matches one of the assignment rules, DryvIQ adds it to the corresponding tracking group.

Actions

The actions for a tracking group tell DryvIQ what to do with the files in each tracking group. Multiple actions can be applied to the tracking group to force the remediation through an approval workflow, or you can select to take a definitive action against the file as soon as it is assigned to the tracking group.