A user's risk in the context of IAM is hard to grasp. Not just elevated IT priviliges are determining this score. Also the business critcality of a user's entitlement and his overall set of access rights must be considered.The presentation is giving an overview on concepts for a risk scoring metrix and illustrates use cases for the daily business benefit coming from a risk-driven IAM.