The building block for a Risk Score is a METRIC that measures the raw quantity of a policy violation, vulnerability, configuration, exposed service or administrative complexity in a Digital Footprint of External Facing Assets.
METRICs are then used to calculate a FACTOR that provides a relative measure of the issues identified.
We use different mathematical models in the FACTOR calculation that are appropriate to the component METRICs based on the scale.
An example would be that the marginal impact of the 1000th website with a High CVE would be much less than the 1st.
A SCORE is then calculated at the OVERVIEW, CATEGORY , SUB-CATEGORY level based on the component METRICs and FACTORs using a weighted sum of FACTORs.
The WEIGHTs are what determine the flavour of the Risk Profile and while there will be a standard profile to start, each Footprint can have its own custom profile by adjusting the weighting of the METRICs.