Use Risk Assessment settings to customize risk calculations and display risks in other dashboards. The weight and formula information listed below is also available from the Risk Assessment Settings dialog under Risk Assessment Info in the upper right corner.
-
Exposure Level Weight:
-
Low = 0
-
Medium = 33
-
High = 66
-
Critical = 100
-
-
Exploit Exists Weight
-
False = 0 (exploit does not exist)
-
True = 100 (exploit exists)
-
-
Product Criticality Rating Weight
Use the default setting or set custom criticality by product. See Custom Risk Settings.
The Risk Assessment Score calculation uses the following formula:
((ExposureLevelValue * ExposureLevelWeight) + (ExploitExistsValue * ExploitExistsWeight) + (CriticalityValue * CriticalityWeight)) / (ExposureLevelWeight + ExploitExistsWeight + CriticalityWeight)
Use these settings to create settings that override the default settings defined in the metadata for Product Criticality settings or to create Custom Risk Scores.
-
Select + Create Custom Product Criticality in the Custom Risk Settings box. This opens the Create Custom Product Criticality dialog.
-
Select Browse to search for the product you want to customize.
-
Select the product to modify, and then click Add Software Product.
-
This adds a table to Custom Product Criticalities.
-
Each time you add another product, the added information appears in this tabl
-
-
Enter the number that corresponds to the criticality weight you want to set for this product, and then click Create Custom Product Criticality.
-
Select + Create Custom Risk Score in the Custom Risk Settings box of Risk Assessment Settings. This opens the Create Custom Risk Score dialog.
-
Select Browse to open the Add Installable Software dialog.
-
Enter the number that corresponds to the risk score you want to set for this product, and then click Create Custom Risk Score.
-
This adds a table to Custom Risk Scores.
-
Each time you add another product, the added information appears in this table.
-
-
Select Save Settings.
Comments
0 comments
Article is closed for comments.