How is the risk score calculated for risk assessment policies?
The risk score calculation begins by evaluating all attributes of the risk assessment policy.
The attributes can have the following scores:
- No violation: If the condition of the attribute is met, the score of this attribute is zero.
- Violation: If the condition of the attribute is not met, the score of this attribute is the score assigned in Cloud.
- Undefined: If we cannot establish whether the condition is met or not, the score of this attribute is the score assigned in Cloud divided by 3.
For example:
- If the attribute checks for an installed antivirus, and an antivirus is found on the device, the score is 0.
- If the attribute checks for drive encryption, and the device has a non-encrypted drive, the score is as assigned in Cloud, for example, 60.
- If the attribute checks for installed applications, but the device reports no installed application, this is deemed suspicious by Cloud and therefore the score assigned in Cloud is divided by 3. For example, if you assigned 60 to this attribute, the value of the attribute for further risk calculation is 20.
After all attributes are calculated, Cloud finds the maximum value of all the attributes and that maximum is the final value for this risk assessment policy.
For example: If there are two attributes, one of value 40 and one of value 60, and both are found to be in violation, the final risk score is 60.
Additionally, the risk score calculated earlier for the same device influences the currently calculated risk score for the device according to the following formula: new_score = 0.95 * calculated_score + 0.05 * old_score