Risk score calculation example for Vulnerability Response
Summarize
Summary of Risk Score Calculation Example for Vulnerability Response
This content provides a practical example of how to calculate risk scores for vulnerabilities using specific risk rule calculators tailored to an organization’s unique data. Understanding this calculation is essential for effectively managing vulnerabilities within ServiceNow.
Show less
Key Features
- Risk Rule Calculator Configuration: The example showcases a risk rule calculator that utilizes two key fields: Vulnerability Severity and Vulnerability Exploit Exists, each weighted at 50%.
- Severity Weight Breakdown: The severity levels are categorized with corresponding weights: Critical (100), High (80), Medium (60), Low (40), and None (20).
- Exploit Existence: The exploit existence is binary, with weights of Yes (100) and No (0).
- Risk Score Formula: The formula used to calculate the risk score is: Risk Score = (W(severity) FV(severity) + W(exploit exists) FV(exploit exists)) / 100.
Key Outcomes
Using the provided configuration, the risk scores for several vulnerabilities are calculated, showing how different severity levels and exploit statuses affect the overall risk assessment. For instance:
- VIT00001 (Critical, Exploit Exists): Risk Score = 100
- VIT00002 (High, Exploit Exists): Risk Score = 90
- VIT00003 (Medium, No Exploit): Risk Score = 30
- VIT00005 (None, No Exploit): Risk Score = 10
Additionally, adjustments to the weightage of risk factors (such as reducing the weight for High severity) lead to updated risk scores, reflecting the dynamic nature of risk assessment in vulnerability management.
You can determine the risk score calculators to generate risk scores that use the vulnerability and asset data unique to your organization.
Example of determining risk rule calculators scores
The following example demonstrates how scores for risk rule calculators are determined.
| Field | Weightage | Weight breakdown |
|---|---|---|
| Vulnerability.Severity | 50 | Default: 20 1 - Critical: 100 2 - High: 80 3 - Medium: 60 4 - Low: 40 5 - None: 20 |
| Vulnerability.Exploit Exists | 50 | Default: 50 Yes: 100 No: 0 |
| ID | Vulnerability severity | Vulnerability exploit exists |
|---|---|---|
| VIT00001 | 1 - Critical | 1 - Yes |
| VIT00002 | 2 - High | 1 - Yes |
| VIT00003 | 3 - Medium | 2 – No |
| VIT00004 | 4 - Low | 2 – No |
| VIT00005 | 5 - None | 2 – No |
Risk Score = (W(severity) * FV (severity). + W(exploitexists) * FV(exploit exists))
/ 100
where W is the weight and FV is the weight percentage of the field value.
The resulting risk score for these vulnerable items is described in this table:
| ID | Vulnerability severity (50%) | Vulnerability exploit exists (50%) | Resultant risk score |
|---|---|---|---|
| VIT00001 | 1 – Critical (50% x 100) | 1 – Yes (50% x 100) | 100 |
| VIT00002 | 2 – High (50% x 80) | 1 – Yes (50% x 100) | 90 |
| VIT00003 | 3 – Medium (50% x 60) | 2 – No (50% x 0) | 30 |
| VIT00004 | 4 – Low (50% x 40) | 2 – No (50% x 0) | 20 |
| VIT00005 | 5 - None (50% x 20) | 2 – No (50% x 0) | 10 |
If the weightage percentage is changed for one of the field values, see this table for the results:
| Field | Weightage | Weight breakdown |
|---|---|---|
| Vulnerability.Severity | 50 |
|
| Vulnerability.Exploit Exists | 50 |
|
The risk score for the vulnerable items after reapplying the calculator is shown in this table:
| ID | Vulnerability severity (50%) | Vulnerability exploit exists (50%) | Resultant risk score |
|---|---|---|---|
| VIT00001 | 1 – Critical (50% x 100) | 1 – Yes (50% x 100) | 100 |
| VIT00002 | 2 – High (50% x 70)
*revised value |
1 – Yes (50% x 100) | 85
*revised value |
| VIT00003 | 3 – Medium (50% x 60) | 2 – No (50% x 0) | 30 |
| VIT00004 | 4 – Low (50% x 40) | 2 – No (50% x 0) | 20 |
| VIT00005 | 5 - None (50% x 20) | 2 – No (50% x 0) | 10 |