A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; associating a human factor with the entity; identifying an event of analytic utility, the event of analytic utility being derived from the observable from the electronic data source; analyzing the event of analytic utility, the analyzing the event of analytic utility taking into account the human factor associated with the entity enacting the event of analytic utility; generating a risk score in response to the analyzing, the risk score taking into account the human factor associated with the entity; and, performing the security operation when the risk score meets a security risk parameter.