How Risk score is calculated? When the below are changed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2018 03:57 AM
How Risk score is calculated? When the below are changed?
- Business impact on the Affected Users related list
- Business impact on the Affected Services related list
- Business impact on vulnerabilities on the Vulnerable items related list
- Labels:
-
Security Incident Response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2018 03:02 PM
Hi Sathiz,
There is a business rule on Security Incident called "Update risk score". I believe this is what you're looking for?
It runs when Severity, Priority, Business Impact or Risk Score Override changes - state is not "Closed" - and Risk Score Override is "False".
In order to change how this risk score is updated, see the following nav menu item: Security Incident > Setup > Risk Score Configuration
Basically this is a list of scenarios that add to a risk score - up to a max score of 100.
Best regards,
Alex

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2018 07:48 PM
Sathiz,
It appears you are looking for more details on the Risk Score feature, within Vulnerability Response?
This is controlled by a 'Vulnerability Calculator Group" found by navigating to:
- Vulnerability | Administration | Vulnerability Calculator Group | Risk Score | Basic Risk Score
Within this Calculator Group - the Risk Score calculations are controlled by a scripted logic.
The context of how script operates is best reviewed from the current documentation for your version (Kingston versus London).
Here is a reference to the Kingston docs on this topic: