Calculating the Security rating
This topic explains how the Security rating is calculated.
The Security rating is a percentage calculated according to the following formula:
Security rating = 100 x (1 - (W1X1 + W2X2 + W3X3 + W4X4) / (W1T1 + W2T2 + W3T3 + W4T4))
where:
|
This variable... |
Represents... |
|---|---|
|
W1 |
The weight of Critical risks = 10. |
|
W2 |
The weight of High risks = 4. |
|
W3 |
The weight of Medium risks = 2. |
|
W4 |
The weight of Low risks = 1. |
|
X1 |
The number of Critical risks with at least one risk trigger detected. |
|
X2 |
The number of High risks with at least one risk trigger detected. |
|
X3 |
The number of Medium risks with at least one risk trigger detected. |
|
X4 |
The number of Low risks with at least one risk trigger detected. |
|
T1 |
The maximum number of Critical risks possible for the security element. |
|
T2 |
The maximum number of High risks possible for the security element. |
|
T3 |
The maximum number of Medium risks possible for the security element. |
|
T4 |
The maximum number of Low risks possible for the security element. |
Note: CloudFlow allows you to suppress risk definitions as well as individual risk triggers. Suppressing a risk definition or risk trigger will affect the Security risk calculation as follows:
-
Suppressing a risk definition: The risk is no longer included in the calculation of the maximum number of possible risks (T) nor is it included in the number of risks detected in the device policy (X).
-
Suppressing a risk trigger: Suppressing a risk trigger may affect calculating the number of risks detected in the device policy (X).
Clear your browser's cache