Configuring Environmental Risk for an Asset
Use the CVSS Environmental Score to manipulate and prioritize the risk score on selected assets. If you configure the CVSS, Weight & Compliance parameters for an asset, you can apply higher risk scores to assets that are more important or critical.
If you have important or critical assets and less important assets with the same vulnerabilities, you can configure the CVSS Environmental Score on the important assets or critical assets to have a higher risk score than the less important assets. By applying a higher risk score to your most important assets, you highlight these important assets in your scan results.
- Click the Assets tab.
- On the navigation menu, click Asset Profiles.
- Double-click the asset that you want to edit, and then click Edit Asset.
- Click CVSS, Weight & Compliance in the Edit Asset Profile window.
- Configure the parameters in the CVSS, Weight &
The following table lists the parameters for the CVSS, Weight & Compliance pane.
Collateral Damage Potential
The potential for loss of life or physical assets through damage or theft of this asset, or economic loss of productivity or revenue. If you raise the Collateral Damage Potential, for example, from Low to High, the calculated value for the CVSS Score increases.
The Collateral Damage Potential parameter is directly linked with the Weight parameter. If you change one parameter the other parameter is impacted.
The impact to confidentiality for this asset when a vulnerability is exploited. If you raise the confidentiality requirement, for example, from Low to High, the calculated value for the CVSS Score increases.
The impact to the asset's availability when a vulnerability is successfully exploited. Attacks that consume network bandwidth, processor cycles, or disk space impact the availability of an asset. If you raise the availability requirement setting, for example, from Low to High, the calculated value for the CVSS Score increases.
The impact to the asset's integrity when a vulnerability is successfully exploited. Integrity refers to the trustworthiness and guaranteed veracity of information. If you raise the integrity requirement, for example, from Low to High, the calculated value for the CVSS Score increases.
The Weight is linked with the Collateral Damage Potential setting. If you select 10 for the Weight parameter the Collateral Damage Potential changes to High.
- Click Save.