Managing Risk Scores
Improving Asset Risk Score
There are two effective strategies to manage and reduce an Asset Risk Score:
1. Remediate Identified Findings (Recommended) The most impactful way to reduce an Asset Risk Score is by addressing the findings associated with the asset. You should:
- Focus on remediating the highest severity findings first as they have greater influence on the overall Asset Risk Score
- Systematically work through all identified issues to comprehensively reduce risk
2. Review and Exempt Detections In some cases, you may determine that certain findings do not apply to your specific environment. In these situations, you can:
- Exempt detections associated with the failed findings, using the exemption reasons of "False Positive" or "Compensating Control". Choosing "Accepted Risk" will not improve your risk score
Note: While exempting detections will lower your Asset Risk Score, it does not reduce the actual risk for the asset. We strongly recommend that you use this option carefully and only when you are confident that the finding does not represent a genuine risk in your environment.
Improving Integration Risk Score and Tenant Risk Score
Integration Risk Scores and Tenant Risk Scores are directly influenced by the Asset Risk Scores within them. To reduce your Integration or Tenant Risk Scores, you should:
- Identify the assets with the highest Asset Risk Scores within the integration or tenant
- Focus your remediation efforts on these assets
As you remediate these high-risk assets, you will see a corresponding decrease in your Integration Risk Score and Tenant Risk Score. Refer to this page for more information regarding the Integration and Tenant Risk Scores.
Managing risk is a continuous journey. Regularly review your Asset, Integration and Tenant Risk Scores and address your findings to maintain a strong security posture.