The Asset Risk Matrix assesses the importance of individual assets (hostname/domain and IP addresses) and severity of associated security findings. It includes findings that were observed within the last 60 days.
Available for your My Company and SPM Subsidiaries.
Not applicable to Mobile Application Security assets.
Use the Asset Risk Matrix to quickly assess the importance of individual assets (asset importance) and severity of associated security findings (finding severity). Click on the cells to look into the presented findings.
If the card is not available, use the Edit Dashboard button at the top-right to add the Asset Risk Matrix card.
Asset Importance (Vertical Axis)
The vertical axis in the Asset Risk Matrix features asset importance, which estimates the importance of the underlying IP or domain/host to the organization. Set your own importance on any asset to replace the Bitsight-calculated importance.
Asset Importance of a 3x3 Matrix
- Low
- Medium/High
- Critical
Asset Importance of a 4x4 Matrix
- Low
- Medium
- High
- Critical
Finding Severity (Horizontal Axis)
The horizontal axis in the Asset Risk Matrix features finding severity, which measures the amount of risk that a given security finding introduces.
The categories vary depending on the size of the matrix.
Finding Severity of a 3x3 Matrix
Finding severity categories if the Asset Risk Matrix is configured to a 3x3 matrix:
Finding Severity | Risk Type | Finding Grade |
---|---|---|
Minor | Diligence findings. | GOOD |
NEUTRAL | ||
FAIR | ||
Moderate | Diligence findings. | WARN |
Material/Severe | Compromised Systems | N/A |
Diligence findings. | BAD | |
File Sharing findings. | N/A |
Finding Severity of a 4x4 Matrix
Finding severity categories if the Asset Risk Matrix is configured to a 4x4 matrix:
Severity | Risk Type | Finding Grade |
---|---|---|
Minor | Diligence findings. | GOOD |
NEUTRAL | ||
FAIR | ||
Moderate | Diligence findings. | WARN |
Material | Potentially Exploited findings. | N/A |
Diligence findings, including:
|
BAD | |
File Sharing findings. | N/A | |
Severe |
Compromised Systems findings, including:
|
N/A |
Diligence findings, including:
|
BAD |
Options
Configure Card
- Title: Rename this card to distinguish multiple Asset Risk Matrix cards.
- Remediation Status: Filter assets by remediation status.
- Finding Grade: Filter assets by finding grade.
Save as Image
Save the card as an image (PNG) to share with your peers and stakeholders.
Customization
Updates made to Asset Risk Matrix customization apply to all users on the account.
- Configure the matrix into 3 or 4 columns and rows. A 4x4 matrix is especially useful for organizations with a large number of findings.
- Customize the color palette. Choose between:
The categories vary depending on the size of the matrix.
Finding Severity of a 3x3 Matrix
Finding severity categories if the Asset Risk Matrix is configured to a 3x3 matrix:
Finding Severity | Risk Type | Finding Grade |
---|---|---|
Minor | Diligence findings. | GOOD |
NEUTRAL | ||
FAIR | ||
Moderate | Diligence findings. | WARN |
Material/Severe | Compromised Systems | N/A |
Diligence findings. | BAD | |
File Sharing findings. | N/A |
Finding Severity of a 4x4 Matrix
Finding severity categories if the Asset Risk Matrix is configured to a 4x4 matrix:
Severity | Risk Type | Finding Grade |
---|---|---|
Minor | Diligence findings. | GOOD |
NEUTRAL | ||
FAIR | ||
Moderate | Diligence findings. | WARN |
Material | Potentially Exploited findings. | N/A |
Diligence findings, including:
|
BAD | |
File Sharing findings. | N/A | |
Severe |
Compromised Systems findings, including:
|
N/A |
Diligence findings, including:
|
BAD |
- September 6, 2022: New Options section with instructions for configuring the card and saving the matrix as an image.
- April 13, 2021: Updated navigation for the SPM Application.
Feedback
0 comments
Please sign in to leave a comment.