Risk scoring is not an end in itself once it shows up color coded and normalized between 0 and 100 in a security operations center (SOC) dashboard. To provide real value it must be supplemented by a closed-loop response process that can automate defensive measures or responses with little or no human intervention. For maximum value, the risk scoring should come from both access and activity data sources versus simple field validations and ranges. Providing risk scores requires an API layer supporting bi-directional integration between complementary security solutions such as the MFA example above.”]
Source: https://www.csoonline.com/article/3168891/beyond-risk-scoring.html