Updated TruRisk Formula and TruRisk Calculation

The updated TruRisk formula for externally managed and unmanaged assets uses Asset Context and Threat Context to calculate the TruRisk Score. With the updated formula you can identify and prioritize assets based on the security context such as network, services dependencies and business value to the organization. 

The updated formula is also applicable for Qualys CyberSecurity Asset Management (CSAM) 2.17 application. 

This section answers the following questions:

How do Asset and Threat Context factors help?

The Asset Context records the Asset Criticality Score (ACS) of an asset. The Threat Context records the ACS and the Critical, High, Medium, and Low vulnerability detections. The Threat Context to each asset can be added by integrating these vulnerability detections.

Are there any changes in the TruRisk Score parameters?

No. The calculation of the TruRisk Score involves the existing parameters Asset Criticality Score (ACS), Qualys Detection Score (QDS), and Qualys Vulnerability Score (QVS).

What is the updated TruRisk Formula for Managed Asset?

TruRisk™ Score = MIN( [ACS] * [ MaxQDS * g(MaxQDS) + count(QDSc) * Wc + count(QDSh) * Wh + count(QDSm) * Wm + count(QDSl) * Wl ]), 1000)

  • ACS: Asset Criticality Score ranging from 1 to 5

  • MaxQDS: Maximum Qualys Detection Score (QDS) for the Asset in terms of Critical, High, and Low

  • w: Weighing factor for each severity level of QDS

  • g(MaxQDS): Base function to increase the score for Critical, High, and Low

  • (QDS)c = 1.3 when QDS is between 90 and 100

  • (QDS)h = 1.1 when QDS is between 70 and 89

  • (QDS)l = 1.0 when QDS is between 0 and 69

  • count: number of vulnerabilities in each Critical, High, Medium, and low detection

What is the updated TruRisk formula for Unmanaged Asset?

TruRisk™ Score = MIN( [ACS * External] * [ MaxQDS * g(MaxQDS) + count(QDSc) * Wc + count(QDSh) * Wh + count(QDSm) * Wm + count(QDSl) * Wl ]), 1000)

  • ACS: Asset Criticality Score ranging from 1 to 5

  • External: If an asset is externally facing, then its value is 1.2; else, it is 1

  • MaxQDS: Maximum Qualys Detection Score (QDS) for the Asset in terms of Critical, High, and Low

  • g(MaxQDS): Base function to increase the score for Critical, High, and Low

  • (QDS)c = 1.3 when QDS is between 90 and 100

  • (QDS)h = 1.1 when QDS is between 70 and 89

  • (QDS)l = 1.0 when QDS is between 0 and 69

Currently, the updated TruRisk Formula is implemented only for the newly scanned assets. If the assets are not scanned, the old TruRisk Formula is implemented. 

How does the updated TruRisk Formula work?

Consider, there are two Assets A and B. Asset A has 100 Critical vulnerabilities. Each vulnerability has the QDS as 100. Asset B has 1 Critical vulnerability with QDS 100, and 1 High vulnerability with QDS 89. 

After incorporating the values to the formula, the Asset A will have the TruRisk score as 1000 and Asset B will have the TruRisk Score as 655. 

Additional Resources

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.