This article details risk factors and how to define and manage risk factors in a Brinqa Platform.
What are risk factors?
Risk scoring is an essential function in your Brinqa Platform. In previous versions of Brinqa, risk scores are implemented as calculated attributes in which users can adjust and modify. The most common examples of risk scores are for assets, findings, or vulnerabilities.
Although calculated attributes offer flexibility for scoring, ranging from simple to complex, they are typically difficult to understand or modify as they use a scripts for implementation and require programming knowledge. Also, risk scores currently do not provide visibility into various factors involved in computing the scores.
Risk factors is a configuration that allows you to modify or configure risk scores without preexisting knowledge of calculated attributes or scripts. Risk factors provide you with a way of assessing the likelihood and impact of different risk associated with your data. With Risk factors, you can track individual factors of a risk score for improved visibility, audit for significant deviations in risk scores, or answer questions like "Why is my asset ranked as critical?"
For example, if you have an asset marked as
Critical in severity, the following are some factors that can attribute to such a rating:
A discovered weakness is highly exploitable.
Assets are required to meet regulatory standards.
A finding contains an unidentified operating system.
CISA has identified a group of findings as exploitable.
Risk factors are based on industry-standard risk frameworks, such as NIST and CVSS, and can be customized to reflect the unique risk profile of your organization.
Create a new risk factor
You can create a new risk factor and apply it to a data model ensure accurate risk assessment and priorization. To create a new risk factor, follow these steps:
Navigate to Administration on the upper-right corner and under Data, select Models.
Locate the data model to which you want to add Risk factors.
Select Supports risk factors if not done so already and click Update. The risk factors option appears on the left-hand side.
Click Risk factors.
Name: The name of the risk factor.
Description: The description of the risk factor.
Icon: Select an icon, icon color, and background color of the icon that represents the risk factor when displayed in a list view.
Reason: The justification of the value used for adjusting the risk score of the data model.
Score: Specify a number to adjust the risk score of the data model. The risk score is on a 0-10 scale. For example, a -1 score for the vulnerability data model decreases all vulnerability risk scores by 1.
Conditions: The data model and criteria to apply the risk factor.
Target data model: Click the drop-down and select the data model you are applying the risk factor to.
Active: Indicate whether the condition is active.
Condition: The condition is similar to the syntax that appears in a
WHEREclause of a BQL query. For example:
status = "Active".note
The condition supports all BQL operators and attribute types.
Select Active to indicate whether the risk factor is active. Inactive risk factors are effectively archived and not in use.
Your new risk factor applies once a day through data orchestration. However, if you want the new risk factor to go into effect immediately, follow these steps:
Navigate to the data model to which you have added the risk factor.
Click the compute flow for your data model. For example, if you have added a new risk factor to the Vulnerability data model, click Vulnerability compute flow.