Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Importance Factor in Risk Score Calculations

SUMMARY The importance factor is used to calculate the risk score and define the number of results that are returned for a question.

The range is 1 (low importance) to 10 (high importance). The default is 5.

Table 1: Importance Factor Results Matrix
Importance Factor Returned Results for Asset Tests Returned Results for Device and Rule Tests
1 (low importance) 10,000 1,000
10 (high importance) 1 1

For example, a policy question that states have accepted communication from the Internet and include only the following networks (DMZ) would require a high importance factor of 10. This factor is warranted because any results to the question are unacceptable due to the high risk nature of the question. However, a policy question that states have accepted communication from the Internet and include only the following inbound applications (P2P) might require a lower importance factor. The lower factor demonstrates that the results of the question do not indicate high risk, but you might monitor this communication for informational purposes.