Security risk score is derived from exposure and likelihood of risk and asset’s criticality. In the assessment details, the security risk page of the charts tab displays the security risk score for an entity.
Configure the following settings in .properties file to display the security risk score:
Set the following property to enable the security risk score:
com..risk.security.enabled=true
Specify an integer value in the following property to calculate the desired total percentile results for confidentiality, integrity and availability.
com..risk.high.risk=<integer_value>
The total percentile is calculated as the percentage of confidentiality, integrity, or availability divided by the integer value specified in the com..risk.high.riskproperty.
[(confidentiality or integrity or availability)/com..risk.high.risk=<integer_value>]*100
Where confidentiality, integrity and availability values are derived by aggregating the confidentiality risk, integrity risk and availability risk scores of risk(s) that are associated with an assessment.
When you finish configuring the properties, it is recommended to reload the server configuration within the Commands tab of Administration > Server Administration menu to reflect the changes.
Example:
If an assessment has three risks, with each risk having the confidentiality risks (5, 6, and 7), integrity risks (8, 9, and 10) and availability risks scores (11, 12, and 13), and com..risk.high.risk=300. In this case, the confidentiality is calculated by adding each risk's confidentiality risk score as:
5+6+7=18
and the total percentile value is calculated as:
(18/300)*100 = 6