Security Score
Scenario
SecMaster displays the overall security assessment results of your assets on the cloud in real time and evaluates your overall asset security health score.
The security score is automatically updated at 02:00 every day. You can also click Check Again to update it immediately.
This topic describes how your security score is calculated.
Security Score
SecMaster evaluates the over security posture of your assets based on the SecMaster edition you are using.
- There are six risk severity levels, Secure, Informational, Low, Medium, High, and Critical.
- The score ranges from 0 to 100. The higher the security score, the lower the risk severity level.
- The security score starts from 0 and the risk severity level is escalated up from Secure to the next level every 20 points. For example, for scores ranging from 40 to 60, the risk severity is Medium.
- The color keys listed on the right of the chart show the names of donut slices. Different color represents different risk severity levels. For example, the yellow slice indicates that your asset risk severity is Medium.
- If you have fixed asset risks and refreshed the alert status, you can click Check Again to update the security score.
After risks are fixed, manually ignore or handle alert incidents and update the alert incident status in the alert list. The risk severity can be down to a proper level accordingly.
Severity |
Security Score |
Description |
---|---|---|
Secure |
100 |
Congratulations. Your assets are secure. |
Informational |
80 ≤ Security Score < 100 |
Your system should be hardened as several security risks have been detected. |
Low |
60 ≤ Security Score < 80 |
Your system should be hardened in a timely manner as too many security risks have been detected. |
Medium |
40 ≤ Security Score < 60 |
Your system should be hardened, or your assets will be vulnerable to attacks. |
High |
20 ≤ Security Score < 40 |
Detected risks should be handled immediately, or your assets will be vulnerable to attacks. |
Critical |
0≤ Security Score <20 |
Detected risks should be handled immediately, or your assets may be attacked. |
Unscored Check Items
Table 2 lists the security check items and corresponding points.
Category |
Unscored Item |
Unsocred Point |
Suggestion |
Maximum Unscored Point |
---|---|---|---|---|
Enabling of security services |
Security-related services not enabled |
- |
Enable security-related services. |
30 |
Compliance Check |
Critical non-compliance items not fixed |
10 |
Fix compliance violations by referring recommended fixes and start a scan again. The security score will be updated. |
20 |
High-risk non-compliance items not fixed |
5 |
|||
Medium-risk non-compliance items not fixed |
2 |
|||
Low-risk non-compliance items not fixed |
0.1 |
|||
Vulnerabilities |
Critical vulnerabilities not fixed |
10 |
Fix vulnerabilities by referring corresponding suggestions and start a scan again. The security score will be updated. |
20 |
High-risk vulnerabilities not fixed |
5 |
|||
Medium-risk vulnerabilities not fixed |
2 |
|||
Low-risk vulnerabilities not fixed |
0.1 |
|||
Threat Alerts |
Critical alerts not fixed |
10 |
Fix the threats by referring to the suggestions. The security score will be updated accordingly. |
30 |
High-risk alerts not fixed |
5 |
|||
Medium-risk alerts not fixed |
2 |
|||
Low-risk alerts not fixed |
0.1 |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot