- September 6, 2022: New Options section with instructions for configuring the card and saving the matrix as an image.
- April 13, 2021: Updated navigation for the SPM Application.
The Asset Risk Matrix assesses the importance of individual assets (hostname/domain and IP addresses) and severity of associated security findings. It includes findings that were observed within the last 60 days.
Available for your My Company and SPM Subsidiaries.
Not applicable to Mobile Application Security assets.
Navigation Options
SPM App: Dashboards ➔ Issue Tracking
Use the Asset Risk Matrix to quickly assess the importance of individual assets (asset importance) and severity of associated security findings (finding severity). Click on the cells to look into the presented findings.
If the card is not available, use the Edit Dashboard button at the top-right to add the Asset Risk Matrix card.
Asset Importance (Vertical Axis)
Asset importance estimates the importance of the underlying IP or domain/host to the organization. Users can set their own importance on any asset to replace the Bitsight- calculated importance.
Asset Importance of a 3x3 Matrix
- Low
- Medium/High
- Critical
Asset Importance of a 4x4 Matrix
- Low
- Medium
- High
- Critical
Finding Severity (Horizontal Axis)
Severity measures the amount of risk that a given security finding introduces.
- The finding severities of Compromised Systems and User Behavior findings depends on the risk vector.
- The finding severities of Diligence findings (except Patching Cadence and Mobile Application Security) depends on their finding grades.
- Patching Cadence finding severity is based on the vulnerability’s Bitsight severity.
- The Asset Risk Matrix is not applicable to Mobile Application Security assets.
Finding Severity of a 3x3 Matrix
Finding severity categories if the Asset Risk Matrix is configured to a 3x3 matrix:
| Finding Severity | Risk Type | Finding Grade |
|---|---|---|
| Minor | Diligence findings. | GOOD |
| NEUTRAL | ||
| FAIR | ||
| Moderate | Diligence findings. | WARN |
| Material/Severe | Compromised Systems | N/A |
| Diligence findings. | BAD | |
| File Sharing findings. | N/A |
Finding Severity of a 4x4 Matrix
Finding severity categories if the Asset Risk Matrix is configured to a 4x4 matrix:
| Severity | Risk Type | Finding Grade |
|---|---|---|
| Minor | Diligence findings. | GOOD |
| NEUTRAL | ||
| FAIR | ||
| Moderate | Diligence findings. | WARN |
| Material | Potentially Exploited findings. | N/A |
Diligence findings, including:
|
BAD | |
| File Sharing findings. | N/A | |
| Severe | Compromised Systems findings, including:
|
N/A |
Diligence findings, including:
|
BAD |
Options
Select the Options button at the top-right to configure the Asset Risk Matrix card or save an image of the card.
Configure Card
- Title: Rename this card to distinguish multiple Asset Risk Matrix cards.
- Remediation Status: Filter assets by remediation status.
- Finding Grade: Filter assets by finding grade.
Save as Image
Save the card as an image (PNG) to share with your peers and stakeholders.
Customization
Updates made to Asset Risk Matrix customization apply to all users on the account.
Navigation Options
SPM App: Go to the Asset Risk Matrix Preferences section of the User Preferences tab in your Account page [ Settings ➔ Account].
- Configure the matrix into 3 or 4 columns and rows. A 4x4 matrix is especially useful for organizations with a large number of findings.
- Customize the color palette. Choose between:
Stoplight Colors (red, orange, yellow, green)
Bitsight Gradient (shades of violet)