A common threshold range criteria must be established for assessment, finding, and risk objects related to the vulnerability objectincident object. When assessments are run, the risk vulnerability incident scores are derived according to the scale that you define for a range. Before you run any assessments, ensure that the threshold range is configured to meet the auditing guidelines and policies of the assessment objectives.
Each configuration range allows the user to adjust the threshold range by specifying the numeric value, unique name, color, and the option to display text or a score.
In order to adjust the configurations, you must have the Tenant Configure permission.
To set up Assessment Configuration:
In the RiskVision, go to Configuration > Assessment Configuration. The Assessment Configuration page, displaying the Ranges tab appears.
Select Assessment Risk Scale and click Edit.
The Configure Threshold dialog appears. Click + or - to add or remove a threshold range. For any assessment configuration, you can add a maximum of five threshold ranges. At a minimum, any configuration range contains two threshold ranges.
To modify a range, enter a numerical value in the threshold range field.
To change the threshold display name, enter a name in the label field.
To assign a color for a threshold, click the color icon, choose a desired color, and click close.
Choose the Text or Score option to display the threshold label or the value for the risk after the assessment is run.
- Click Revert to ignore all the changes or click OK to save the configuration.
Similarly, set up Individual Risk Scale, Program Risk Scale, and Entity Compliance Configuration.
To set up Findings Configuration:
In the RiskVision, go to Configuration > Findings Configuration. The Findings Configuration page, displaying the Ranges tab appears.
Select Inherent Impact Score and click Edit.
The Configure Threshold dialog appears. Click + or - to add or remove a threshold range. For any assessment configuration, you can add maximum of up to five threshold ranges. At a minimum, any configuration range contains two threshold ranges.
To modify a range, enter a numerical value in the threshold range field.
To change the threshold display name, enter a name in the label field.
To assign a color for a threshold, click the color icon, choose the desired color, and click close.
Choose the Text or Score option to display the threshold label or the value for the risk after the assessment is run.
- Click Revert to ignore all the changes or click OK to save the configuration.
Similarly, set up Inherent Likelihood Score, Inherent Risk Score, Residual Impact Score, Residual Likelihood Score, and Residual Risk Score.
To set up Vulnerability Risk Configuration:
In the RiskVision, go to Configuration > Vulnerability Risk Configuration. The Vulnerability Risk Configuration page opens, displaying the Ranges tab .
Select Vulnerability Risk Configuration and click Edit.
The Configure Threshold dialog appears. Click + or - to add or remove a threshold range. For any assessment configuration, you can add a maximum of five threshold ranges. At a minimum, any configuration range contains two threshold ranges.
To modify a range, enter a numerical value in the threshold range field.
To change the threshold display name, enter a name in the label field.
To assign a color for a threshold, click the color icon, choose the desired color, and click close.
Choose the Text or Score option to display the threshold label or the value for the risk after the assessment is run.
- Click Revert to ignore all the changes or click OK to save the configuration.
To set up Incident Configuration:
In the RiskVision, go to Configuration > Incident Configuration. The Incident Configuration page opens, displaying the Ranges tab.
Select Incident Impact Score and click Edit.
The Configure Threshold dialog appears. Click + or - to add or remove a threshold range. For any assessment configuration, you can add a maximum of five threshold ranges. At a minimum, any configuration range contains two threshold ranges.
To modify a range, enter a numerical value in the threshold range field.
To change the threshold display name, enter a name in the label field.
To assign a color for a threshold, click the color icon, choose the desired color, and click close.
Choose the Text or Score option to display the threshold label or the value for the risk after the assessment is run.
- Click Revert to ignore all the changes or click OK to save the configuration.
Similarly, set up Incident Likelihood Score and Incident Risk Level Configuration.
The table below lists the configuration ranges that are available on the Configuration menu of the RiskVision application and indicates the application page where the score is affected when a threshold range is set and assessment results are viewed.
Configuration | Range | Score Navigation |
---|---|---|
Assessment | Assessment Risk Scale | Risk score in the Summary tab of Assessment details. |
Program Risk Scale | In ERM, inherent risk and residual risk score at the top-right corner of program details. | |
Individual Risk Scale | In ERM, inherent risk column in Home > Risk Register page or inherent risk column on Risk Management tab of Assessments details. | |
Entity Compliance Configuration | Overall Compliance score in the Summary tab of Assessments details | |
Findings | Inherent Impact Score | For information about how these ranges calculate inherent and residual risk scores, see Finding Analysis. |
Inherent Likelihood Score | ||
Residual Impact Score | ||
Residual Likelihood Score | ||
Inherent Risk Score | Risk Assessment tab of Findings details. | |
Residual Risk Score | Risk Assessment tab of Findings details. | |
Vulnerability Risk | Vulnerability Risk Configuration | Risk column in the Vulnerabilities Lists tab of Entities details. |
Incident | Incident Impact | Risk Summary section in the Risk Assessment tab of Incident details. |
Incident Likelihood | ||
Incident Risk Level Configuration |