Business risk is calculated based on the severity of the vulnerability in relation to the business impact set on the asset or a related tag.
- Business impact levels
- Neutral (default if not changed manually)
This value is set on the host under Assets in the main menu. Click edit on the asset and change the Business impact under the General Information tab.
- Vulnerability severity levels
Using these values in a fixed chart going from low to critical depending on the combined levels, as shown below:
Hierarchy for business impact
Hierarchy for business impact in relation to assets and tags.
- Business impact set on the asset have the highest priority.
- If no business impact is set on the asset the highest business impact set on related tags is used.