Risk Exposure Score calculation
Arctic Wolf® calculates the Risk Exposure Score of an organization based on the number of risks, scan results based on the Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog, and the manually set Asset Criticality of assets.
Note: This calculation is for the new risk exposure score. For the legacy risk score calculation, see Legacy Risk Exposure Score calculation.
Arctic Wolf calculates risk exposure scores using these formulas:
Where:
- res is the risk exposure score.
- aes is the asset exposure score.
- eri is the exploited risk indicator. This value is 1 if any exploited risk exists for your organization and 0 if no exploited risks exist.
- as is the asset score.
- aw is the asset weight.
- uas is the unweighted asset score.
- K is 250.
- rs is the risk score.
- rw is the risk weight. A critical or high weight is 50, a medium weight is 10, and no weight is 0.