Change severities are used to gauge the severity of change and for setting alert thresholds, particularly for the risk vector grades, security ratings, and NIST CSF grades alert categories.
Alert Categories are used in the following applications:
- For a Decrease and Critical Decrease, an alert is generated when the values are reached or cross below the level.
- For Increase threshold alerts, an alert is generated when the values are reached or cross above the level.
| Severity | Description |
|---|---|
| Informational | |
|
|
Indicates the company's cybersecurity risk is decreasing and their security posture is improving. |
|
|
Indicates when a company is starting to have trouble responding to security issues. Their security rating slightly decreased, so their risk started to increase. |
|
|
Indicates the company needs to significantly improve their response times to new issues or has a history of delayed risk preparedness (low Diligence scores over time). Data breaches can cause a critical decrease in a company's security rating. |
- September 9, 2024: Specified availability.
- March 28, 2022: Published.
Feedback
0 comments
Please sign in to leave a comment.