The purpose of findings is mitigate the risk and manage them in the operation. Thus, as the outstanding findings piles up, it increases your exposure to the risk and asset are more susceptible from threats. This is the reason why Finding Score is tracked and we include them in the below risk scores:
- Asset Risk Score
- Vendor Risk Score
The formula to calculate Finding Score is two dimensional. The Finding Score is based on:
- Priority
- Managed
- Unmanaged
- Status
Points by Priority:
3 pt = High
2 pt = Medium
1 pt = Low
Managed Finding is when a finding has a Risk Mitigation plan and the finding is within the Due Date SLA (e.g. Status = Open, Re-Open).
Unmanaged Finding is when finding does not have a Risk Mitigation plan or the finding is past the Due Date for SLA (e.g. Status = Expired). If a finding is unmanaged, add 1pt to the finding score.
Last, if a finding Status is Closed or Archived, we do not count them in the Finding Score.
See example to calculate Finding Score below example. Total Finding Score = 6pt.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article