For example, consider an asset A and a standard S that contains five checks (C1, C2, C3, C4, and C5). When the asset A is evaluated against the standard S, only checks C4 and C5 are passed. The checks C1, C2, and C3 are failed.
To determine the risk score of asset A, calculate the adjusted base score of every failed check in the standard S with respect to asset A.
Assume that the following values are obtained:
Adjusted base score for check C1 with reference to asset A = 1
Adjusted base score for check C2 with reference to asset A = 2
Adjusted base score for check C3 with reference to asset A = 3
The average of the adjusted base score = (1 + 2 +3) / 3 = 2
This average adjusted base score value is the Risk score of the asset A with reference to a standard S.
Control Compliance Suite performs the following calculations in the scoring process: