"TruRisk is designed to aggregate vulnerability data at the asset level and convert it into a measurable, business-aligned cyber risk score. Rather than evaluating vulnerabilities in isolation, TruRisk calculates a consolidated risk value per asset by helping security teams understand which systems pose the greatest operational and strategic risk."
"The TruRisk score is built on three primary elements: the Qualys Detection Score (QDS), the Asset Criticality Score (ACS) and a weighted aggregation algorithm. Together, these components integrate technical severity with business context to produce a structured and quantifiable risk score."
"The Qualys Detection Score (QDS) measures the severity of vulnerabilities detected on an asset. It ranges from 1 to 100 and is categorized into four levels: Critical (90-100), High (70-89), Medium (40-69) and Low (1-39). QDS is derived from vulnerability technical details such as CVSS, temporal characteristics and remediation information."
Qualys TruRisk is a scoring model that quantifies asset-level cyber risk by integrating technical vulnerability data with business context. Unlike vulnerability-focused approaches, TruRisk aggregates multiple vulnerabilities per asset into a single measurable risk score. The model operates on three core variables: vulnerability severity, vulnerability quantity, and asset criticality to the organization. The Qualys Detection Score (QDS) measures vulnerability severity on a 1-100 scale across four categories: Critical (90-100), High (70-89), Medium (40-69), and Low (1-39). QDS incorporates CVSS scores, temporal characteristics, and remediation information to provide contextual severity assessment. The Asset Criticality Score (ACS) represents business importance, while a weighted aggregation algorithm combines these elements to produce consolidated risk values that help security teams identify systems posing the greatest operational and strategic risk.
Read at Medium
Unable to calculate read time
Collection
[
|
...
]