About the SCI Calculation
The Security Concern Index (SCI) is a metric that tracks the ratio of failed control severity in a network. You can use the SCI to analyze whether you have a relatively high number of failed controls, or a relatively low number of failed controls.
| Indicator | Level | Range |
|---|---|---|
|
Low | Between 0 and 2 (inclusive) (0-2) |
|
Medium | Greater than 2 and less than or equal to 5 (3-5) |
|
High | Greater than 5 and less than or equal to 7 (5-7) |
|
Critical | Greater than 7 (8-9) |
Device SCI
Given all unique controls associated to a given device, the SCI is the sum of all unique controls' severity value that resulted in a failed status over all unique controls' severity values that passed or failed multiplied by 10 rounded to two decimal places, half up.
Device Group SCI
The device group SCI is the average of all the device SCI scores for a given device group.
Trending
SCI scores are kept one per UTC day and type (domain, device group, device).
Data
The current and previous SCI is stored with each revision. Each device is updated with the current SCI and the last SCI compute date. There is a security concern index entity that stores the SCI at the domain, device group and device level for each modified Julian day and associates to either a domain, device, device group and/or assessment.