Lumension® Endpoint Intelligence Center

Intelligence Center » About the IT Risk Posture

The Current IT Risk Posture graphic presented in the Lumension® Endpoint Intelligence Center is based on three (3) components, which are normalized to a 0-to-10 range, then averaged and finally grouped into one of four (4) categories: Normal, Elevated, High, or Severe.

In the interest of transparency, we are providing the interested reader with some background on how the IT Risk level is calculated. The three (3) components are:

  1. Threats. This is calculated by looking at a number of threat levels from other trusted sources (e.g., IT Security institutes, Governmental agencies, other vendors) and giving them a weighting.
  2. Vulnerabilities. This is calculated by looking at the criticality (scoring) of all vulnerabilities reported to the National Vulnerability Database (NVD) over the last 45 days.
  3. Patches. This is calculated by looking at the impact (critical to optional) of all released patches (both OS and 3rdparty apps) over the last 45 days.

Calculation:

We end up with three (3) factors normalized in the 0-to-10 range; we get the IT Risk level by averaging them together. So, as an example, we might end up with something like this:

Threats 3.820513
Vulnerabilities 6.605063
Patches 7.359743
Current IT Risk 5.928440

This number is, by itself, not terribly useful, so we want to group the risk level into four (4) easy-to-understand categories: NORMAL (0 to 2.5), ELEVATED (2.5 to 5.0), HIGH (5.0 to 7.5), or SEVERE (7.5 to 10). Thus, in the example above, the category would be set to HIGH.

The underlying data used in this calculation is collected continuously, and the rating itself updated several times a day. Thus you are assured of having a good idea of the Current IT Risk Posture at any given moment.


Last Updated: 31 Aug 2014 10:07:05