R Y S K V I E W

Please Wait For Loading

Preloader Loading Cancel.

How Can We Help?
< All Topics
Print

Rysk Score

Posted
Updated
Byjustin

The Rysk Score is a core component of Ryskview. The intent of the Rysk Score is provide a context-informed severity rating for Assets and Systems. While vulnerability assessment tools typically provide severity ratings with no regard to the computing environment, Ryskview’s Rysk Score incorporates many environmental variables into the algorithm. These include:

  • Impact of Exploitation
  • Confidentiality, Integrity, Availability Requirements
  • Asset Type
  • Public Internet Exposure of Asset/System

Manipulating any of these attributes within Ryskview will alter the Rysk Score.

The Rysk Score is communicated as a percentile score, based on a scale of 0-100, where 100 is the most risky (least secure) and 0 is the least risky (most secure). Because the Rysk Score is a percentile, it is representative of the risk as compared to other Assets/Systems in Ryskview (ie System 1 with Rysk Score of 90 is riskier than System 2 with Rysk Score of 40). There will always be a percentile distribution of 0-100, so there will always be Assets and Systems with 50th or higher percentile, even if risk is low (as compared to organizational risk tolerance).

The Rysk Score is perfect for prioritizing resources to the riskiest Assets and Systems, as well as determining strategy. The more data Ryskview has to analyze, the more useful the Rysk Score.

Asset Rysk Score

The Asset Rysk Score is a computation of the vulnerabilities on an Asset. This includes vulnerabilities that are showing in Scan Data as well as any open POAMs*. The vulnerabilities are combined with the environmental variables to rank the Asset in terms of percentile relative to the other Assets in the System. Asset Rysk Scores will be between 0-100, with 100 being the highest risk Asset in the enterprise.

A user can easily sort Assets based on Rysk Scores by going to the Assets Page (click on Assets in the menu bar) and then sorting by the column Rysk Score.

System Rysk Score

The System Rysk Score is an average of the Asset Rysk Scores comprising the System. In order to accurately compare Systems with varying numbers of Assets, the average provides the most appropriate metric. It is possible for a System with just 1 or 2 Assets to have a higher Rysk Score than a System with hundreds of Assets.

A user can easily sort Systems based on Rysk Scores by going to the System Page (click on System in the menu bar) and then sorting by the column Rysk Score.

*Open POAMS have status of Open, Remediated, Pending Verification, and Risk Acceptance Requested. Closed or Terminal POAMs have status of Closed, Risk Accepted, or False Positive

Table of Contents

Contact Us

10411 Motor City Drive
Suite 685
Bethesda, MD 20817

(410) 696-1680

info@ryskview.com

©  Ryskview, LLC