Typical security risk tracking is based upon individual employee compliance with risk policies instituted by a company, which provides an incomplete and dated view of the security risks to the company. Also, employee compliance is often determined through use of disparate risk criteria without any investigation into the threat posed by such risks, the likelihood of such threats occurring, and the impact of such threats on the operations of the company. In addition, security risks are generally not evaluated from an organizational perspective to enable a company to understand the overall security health of its divisions, business units, and the like.
Further, the security risks associated with transactions submitted to a company's computing system do not consider the business-level context or execution priority of the transactions as it relates to the security risk of the transactions.