Title here
Summary here
Exposure Score Weights
The exposure score is a 0–100 risk score computed for every Confluence page. It is driven by six weighted factors. The weight of each factor controls how much it influences the total score.
The Six Factors
| Factor | Default Weight | What Triggers It |
|---|---|---|
| Anonymous Access | 35% | The page or space is accessible without Confluence login |
| External / Guest Users | 20% | Non-organizational email domains or Confluence guest accounts appear in the access list |
| Broad Group Access | 15% | One or more groups with 100+ members are in the access list |
| Restriction Weakness | 10% | The page has no custom page-level restrictions (only inherits space permissions) |
| Active Findings | 15% | One or more open or triaged findings are linked to this page |
| Sensitivity Label | 5% | The page has a classification label set (higher sensitivity = higher contribution) |
The total of all weights does not need to equal exactly 100. The system uses them as relative weights. A page where every factor is fully triggered will score min(100, sum).
Risk Bands
| Score Range | Risk Level |
|---|---|
| 0–24 | Low |
| 25–49 | Moderate |
| 50–74 | High |
| 75–100 | Critical |
When to Adjust Weights
The default weights are calibrated for a general-purpose compliance posture. Consider adjusting when:
- Financial services or healthcare: Increase “External / Guest Users” (to 30–35%), external data access is the primary risk vector.
- Engineering-heavy orgs: Increase “Active Findings” (to 20–25%) if finding resolution rate is a key KPI.
- Highly classified environments: Increase “Sensitivity Label” (to 15–20%) to make classification the dominant factor.
- Strict internal sharing policies: Increase “Broad Group Access” if even internal broad groups represent significant risk.
- Reducing noise: If your org has broad groups everywhere by design (e.g., “All Employees” on every page), decrease “Broad Group Access” to prevent every page scoring High.
How to Change Weights
- Adjust the numeric values in the text fields next to each factor label.
- Click Save Weights.
- A success banner confirms “Score weights updated successfully”.
New weights take effect on the next exposure score computation (via the re-analyze button on a page byline, or the next hourly permission scan job run).