Asset Risk Score (ARS) is the overall risk score assigned to the asset based on the following contributing factors:
a) Asset Criticality Score (ACS)
b) QDS scores for each QID level
c) Auto-assigned weighting factor (w) for each criticality level of QIDs
The following formula is used to calculate the ARS:
ARS = ACS * {wc(Avg(QDc)) + wh(Avg(QDSh)) + wm(Avg(QDSm)) + wl(Avg(QDSl))}
In the above formula:
ACS - Asset Criticality Score
w - weighing factor for each severity level of QIDs [critical(c), high(h), medium(m), low(l)]
Avg(QDS) - Average of Qualys risk score for each severity level of QIDs
If an asset does not have a critical vulnerability, the next available QDS will be used to calculate the ARS. To understand how QDS is calculated, see Understanding the Qualys Detection Score