Skip to main content

How is the Compromised Systems Risk Category Calculated?

Feedback

6 comments

  • Chris Johnson

    An example in the duration section would be helpful. Thanks!

    3
  • Ingrid

    Hello Chris. We've provided an example for how duration is determined.

    1
  • Chris Johnson

    Hi Ingrid. Thanks for adding an example of duration. An example under the "following factors" section would also be helpful. For example, if a botnet infection is observed on June 1 and the overall score decreases 10 points, 25% of that (2.5 points) would be recovered after 30 days, another 25% would be recovered after 90 days, and the remaining 50% would be recovered after 400 days.

    -3
  • Thomas Huang

    Hi Chris.

    Does it mean even the issue has been fixed, the result will not reflect to the score immediately?

    -1
  • Lisa Johnson

    So if a one-day event occurs 1/1/2020, and a 20 point drop results. What will the score be in 6 months? And it will take 400 days to recap all of the 20 points lost? In 30 days 5 points (25% of 20) is recovered. After 90 days, 10 points are recovered? And how does that show if published score drops/increases are in 10-point increments? (is there rounding?)  And lastly, is the points recovery *always* noted in the Security Ratings highlights?

    -1
  • Megha

    Hi Ingrid,

    Now the decay period for Compromised system is 180 days, how the linear increase will happen.

    Explanation with an example would be great.

     

    -1

Please sign in to leave a comment.