How is the overall business risk calculated?

Business risk is calculated based on the severity of the vulnerability in relation to the business impact set on the asset or a related tag.

  1. Business impact levels
  • High
  • Medium
  • Neutral (default if not changed manually)
  • Low

This value is set on the host under Assets in the main menu. Click edit on the asset and change the Business impact under the General Information tab. 

  1. Vulnerability severity levels
  • Critical
  • High
  • Medium
  • Low

Using these values in a fixed chart going from low to critical depending on the combined levels, as shown below:


Hierarchy for business impact

Hierarchy for business impact in relation to assets and tags.

  • Business impact set on the asset have the highest priority.
  • If no business impact is set on the asset the highest business impact set on related tags is used.  
Have more questions? Submit a request


Please sign in to leave a comment.