Understanding Asset Risk Score

Asset Risk Score (ARS) is the overall risk score assigned to the asset based on the following contributing factors:

a) Asset Criticality Score (ACS)

b) QDS scores for each QID level

c) Auto-assigned weighting factor (w) for each criticality level of QIDs

The following formula is used to calculate the ARS:

ARS = ACS * {wc(Avg(QDc)) + wh(Avg(QDSh)) + wm(Avg(QDSm)) + wl(Avg(QDSl))}

In the above formula:

ACS - Asset Criticality Score

w - weighing factor for each severity level of QIDs [critical(c), high(h), medium(m), low(l)]

Avg(QDS) - Average of Qualys risk score for each severity level of QIDs

If an asset does not have a critical vulnerability, the next available QDS will be used to calculate the ARS. To understand how QDS is calculated, see Understanding the Qualys Detection Score