Security Overview and Situation Overview

Security Risk

A security risk is a comprehensive evaluation of your assets, reflecting the security level of your assets within a period of time by a security score. A security score is for your reference to learn about the security situation of your assets.

Security Score

SecMaster displays the overall security assessment results of your assets on the cloud in real time and evaluates your overall asset security health score.

The security score is automatically updated at 02:00 every day. You can also click Check Again to update it immediately.

This following part describes how your security score is calculated.

• Security Score

  SecMaster evaluates the over security posture of your assets based on the SecMaster edition you are using.

  • There are six risk severity levels, Secure, Informational, Low, Medium, High, and Critical.
  • The score ranges from 0 to 100. The higher the security score, the lower the risk severity level.
  • The security score starts from 0 and the risk severity level is escalated up from Secure to the next level every 20 points. For example, for scores ranging from 40 to 60, the risk severity is Medium.
  • The color keys listed on the right of the chart show the names of donut slices. Different color represents different risk severity levels. For example, the yellow slice indicates that your asset risk severity is Medium.
  • If you have fixed asset risks and refreshed the alert status, you can click Check Again to update the security score.
    NOTE:

    After risks are fixed, manually ignore or handle alert incidents and update the alert incident status in the alert list. The risk severity can be down to a proper level accordingly.

  Table 1 Security score table

  Severity	Security Score	Description
  Secure	100	Congratulations. Your assets are secure.
  Informational	80 ≤ Security Score < 100	Your system should be hardened as several security risks have been detected.
  Low	60 ≤ Security Score < 80	Your system should be hardened in a timely manner as too many security risks have been detected.
  Medium	40 ≤ Security Score < 60	Your system should be hardened, or your assets will be vulnerable to attacks.
  High	20 ≤ Security Score < 40	Detected risks should be handled immediately, or your assets will be vulnerable to attacks.
  Critical	0≤ Security Score <20	Detected risks should be handled immediately, or your assets may be attacked.

• Unscored check items

  The following table lists the security check items and corresponding points.

  Table 2 Unscored check items

  Category	Unscored Item	Unscored Point	Suggestion	Maximum Unscored Point
  Enabling of security services	Security-related services not enabled	No points deducted	Enable security-related services.	30
  Compliance Check	Critical non-compliance items not fixed	10	Fix compliance violations by referring recommended fixes and start a scan again. The security score will be updated.	20
  	High-risk non-compliance items not fixed	5
  	Medium-risk non-compliance items not fixed	2
  	Low-risk non-compliance items not fixed	0.1
  Vulnerabilities	Critical vulnerabilities not fixed	10	Fix vulnerabilities by referring corresponding suggestions and start a scan again. The security score will be updated.	20
  	High-risk vulnerabilities not fixed	5
  	Medium-risk vulnerabilities not fixed	2
  	Low-risk vulnerabilities not fixed	0.1
  Threat Alerts	Critical alerts not fixed	10	Fix the threats by referring to the suggestions. The security score will be updated accordingly.	30
  	High-risk alerts not fixed	5
  	Medium-risk alerts not fixed	2
  	Low-risk alerts not fixed	0.1