Rysk Score

The Rysk Score is a core component of Ryskview. The intent of the Rysk Score is provide a context-informed severity rating for Assets and Systems. While vulnerability assessment tools typically provide severity ratings with no regard to the computing environment, Ryskview’s Rysk Score incorporates many environmental variables into the algorithm. These include:

• Impact of Exploitation
• Confidentiality, Integrity, Availability Requirements
• Asset Type
• Public Internet Exposure of Asset/System

 

Manipulating any of these attributes within Ryskview will alter the Rysk Score.

The Rysk Score is categorized into three categories: low medium and high. The following is a numerical breakdown of the categories: 

• Low Rysk: 0 – 2000
• Medium Rysk: 2001 – 4000
• High Rysk: 4000+

 

The Rysk Score is perfect for prioritizing resources to the riskiest Assets and Systems, as well as determining strategy. The more data Ryskview has to analyze, the more useful the Rysk Score.

Asset Rysk Score

The Asset Rysk Score is a computation of the vulnerabilities on an Asset. This includes vulnerabilities that are showing in Scan Data as well as any open POAMs. The vulnerabilities are combined with the environmental variables to determine the Rysk Score. A user can easily sort Assets based on Rysk Scores by going to the Assets Page (click on Assets in the menu bar) and then sorting by the column Rysk Score.

System Rysk Score

The System Rysk Score is an average of the Asset Rysk Scores comprising the System. In order to accurately compare Systems with varying numbers of Assets, the average provides the most appropriate metric. It is possible for a System with just 1 or 2 Assets to have a higher Rysk Score than a System with hundreds of Assets. A user can easily sort Systems based on Rysk Scores by going to the System Page (click on System in the menu bar) and then sorting by the column Rysk Score.