Updated TruRisk Formula and TruRisk Calculation

The updated TruRisk formula for externally managed and unmanaged assets uses Asset Context and Threat Context to calculate the TruRisk Score. With the updated formula you can identify and prioritize assets based on the security context such as network, services dependencies and business value to the organization. 

The updated formula is also applicable for Qualys CyberSecurity Asset Management (CSAM) 2.17 application. 

This section answers the following questions:

How do Asset and Threat Context factors help?

The Asset Context records the Asset Criticality Score (ACS) of an asset. The Threat Context records the ACS and the Critical, High, Medium, and Low vulnerability detections. The Threat Context to each asset can be added by integrating these vulnerability detections.

Are there any changes in the TruRisk Score parameters?

No. The calculation of the TruRisk Score involves the existing parameters Asset Criticality Score (ACS), Qualys Detection Score (QDS), and Qualys Vulnerability Score (QVS).

What is the updated TruRisk Formula for Managed Asset?

TruRisk™ Score = MIN( [ACS] * [ MaxQDS * g(MaxQDS) + count(QDSc) * Wc + count(QDSh) * Wh + count(QDSm) * Wm + count(QDSl) * Wl ]), 1000)

What is the updated TruRisk formula for Unmanaged Asset?

TruRisk™ Score = MIN( [ACS * External] * [ MaxQDS * g(MaxQDS) + count(QDSc) * Wc + count(QDSh) * Wh + count(QDSm) * Wm + count(QDSl) * Wl ]), 1000)

Currently, the updated TruRisk Formula is implemented only for the newly scanned assets. If the assets are not scanned, the old TruRisk Formula is implemented. 

How does the updated TruRisk Formula work?

Consider, there are two Assets A and B. Asset A has 100 Critical vulnerabilities. Each vulnerability has the QDS as 100. Asset B has 1 Critical vulnerability with QDS 100, and 1 High vulnerability with QDS 89. 

After incorporating the values to the formula, the Asset A will have the TruRisk score as 1000 and Asset B will have the TruRisk Score as 655. 

Additional Resources