Updated on 2024-09-20 GMT+08:00

Security Score

Scenario

SecMaster assesses the overall security situation of your cloud assets in real time and scores your assets based on the SecMaster edition you are using.

The security score is automatically updated at 02:00 every day. You can also click Check Again to update it immediately.

This topic describes how your security score is calculated.

Security Score

SecMaster evaluates the over security posture of your assets based on the SecMaster edition you are using.

  • There are six risk severity levels, Secure, Informational, Low, Medium, High, and Critical.
  • The score ranges from 0 to 100. The higher the security score, the lower the risk severity level.
  • The security score starts from 0 and the risk severity level is escalated up from Secure to the next level every 20 points. For example, for scores ranging from 40 to 60, the risk severity is Medium.
  • The color keys listed on the right of the chart show the names of donut slices. Different color represents different risk severity levels. For example, the yellow slice indicates that your asset risk severity is Medium.
  • If you have fixed asset risks and refreshed the alert status, you can click Check Again to update the security score.

    After risks are fixed, manually ignore or handle alert incidents and update the alert incident status in the alert list. The risk severity can be down to a proper level accordingly.

Table 1 Security score table

Severity

Security Score

Description

Secure

100

Congratulations. Your assets are secure.

Informational

80 ≤ Security Score < 100

Your system should be hardened as several security risks have been detected.

Low

60 ≤ Security Score < 80

Your system should be hardened in a timely manner as too many security risks have been detected.

Medium

40 ≤ Security Score < 60

Your system should be hardened, or your assets will be vulnerable to attacks.

High

20 ≤ Security Score < 40

Detected risks should be handled immediately, or your assets will be vulnerable to attacks.

Critical

0≤ Security Score <20

Detected risks should be handled immediately, or your assets may be attacked.

Unscored Check Items

Table 2 lists the security check items and corresponding points.

Table 2 Unscored check items

Category

Unscored Item

Unsocred Point

Suggestion

Maximum Unscored Point

Enabling of security services

Security-related services not enabled

-

Enable security-related services.

30

Compliance Check

Critical non-compliance items not fixed

10

Fix compliance violations by referring recommended fixes and start a scan again. The security score will be updated.

20

High-risk non-compliance items not fixed

5

Medium-risk non-compliance items not fixed

2

Low-risk non-compliance items not fixed

0.1

Vulnerabilities

Critical vulnerabilities not fixed

10

Fix vulnerabilities by referring corresponding suggestions and start a scan again. The security score will be updated.

20

High-risk vulnerabilities not fixed

5

Medium-risk vulnerabilities not fixed

2

Low-risk vulnerabilities not fixed

0.1

Threat Alerts

Critical alerts not fixed

10

Fix the threats by referring to the suggestions. The security score will be updated accordingly.

30

High-risk alerts not fixed

5

Medium-risk alerts not fixed

2

Low-risk alerts not fixed

0.1