Our Risk score is not a linear sum of the other scores. The calculation follows a power law, so depending on the individual scores, the risk score can be above the sum of the other scores.
The current formula we use is shown in the image below, where X are the scores sorted from largest to smallest:
This formula is applied to each score category (Software, Operating System, Configuration). So, if there is only one value, the resulting score is lower than the original value.
Example Calculations
Example 1:
The organization Miller Davis received a new Monthly Risk Report with the following category scores:
- Software scores: [50, 40, 30]
- This would result in a Software Score of 39 (using the formula above).
- OS scores: [70, 10]
- This would result in an OS Score of 37 (using the formula above).
- Configuration scores: [50]
- This would result in a Configuration Score of 25 (using the formula above).
These scores [39, 37, 10] contributed to the organization's resulting Risk Score of 57.
Example 2:
The organization M. Murphy & Co. received a new Monthly Risk Report with the following category scores:
- Software scores: [5, 5]
- This would result in a Software Score of 4.
- OS scores: [100, 100]
- This would result in an OS Score of 75.
- Configuration scores: [10]
- This would result in a Configuration Score of 5.
These scores [4, 75, 5] contributed to the organization's resulting Risk Score of 77.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article