Skip to main content

How is the Compromised Systems Risk Category Calculated?



  • Chris Johnson

    An example in the duration section would be helpful. Thanks!

  • Ingrid

    Hello Chris. We've provided an example for how duration is determined.

  • Chris Johnson

    Hi Ingrid. Thanks for adding an example of duration. An example under the "following factors" section would also be helpful. For example, if a botnet infection is observed on June 1 and the overall score decreases 10 points, 25% of that (2.5 points) would be recovered after 30 days, another 25% would be recovered after 90 days, and the remaining 50% would be recovered after 400 days.

  • Thomas Huang

    Hi Chris.

    Does it mean even the issue has been fixed, the result will not reflect to the score immediately?

  • Lisa Johnson

    So if a one-day event occurs 1/1/2020, and a 20 point drop results. What will the score be in 6 months? And it will take 400 days to recap all of the 20 points lost? In 30 days 5 points (25% of 20) is recovered. After 90 days, 10 points are recovered? And how does that show if published score drops/increases are in 10-point increments? (is there rounding?)  And lastly, is the points recovery *always* noted in the Security Ratings highlights?

  • Megha

    Hi Ingrid,

    Now the decay period for Compromised system is 180 days, how the linear increase will happen.

    Explanation with an example would be great.



Please sign in to leave a comment.