The Understanding Risk Ratings and Scores section of the Symantec ICA Administrator Guide contains a subsection titled About Risk Vector Scores on Entity Pages that explains, at a high level, the methodology used to calculate entity risk scores.

According to the release notes for Information Centric Analytics (ICA) version 6.6, the risk scoring algorithm changed with 6.6:

With the release of ICA 6.6 and DLP 16.0, a new feature has been added to more tightly integrate the two products. DLP Policies can now utilize the ICA User Risk Score for policy enforcement.

As a result, the User Risk Scoring algorithm has been altered to provide a bounded absolute score instead of a percentile-based score. The goal of the new algorithm is to score entities such that those scores can be used as part of a policy enforcement strategy.

In the new approach to User Risk Scoring, risk is defined as a measure of the likelihood of an entity getting a score for a particular vector, compared to what the impact of scoring on that vector means.

A comparison of the Understanding Risk Ratings and Scores section of the 6.5.4 and 6.6 versions of the administrator guide shows no difference in the risk scoring algorithm and methodology.

Version : 6.6

Component : Risk Scores

The Understanding Risk Ratings and Scores section in version 6.6 of the Symantec ICA Administrator Guide will be updated with the release of version 6.7 to reflect the new risk scoring algorithm that was introduced with the release of version 6.6.