AnsweredAssumed Answered

Is it possible to perform Business Risk/Business Impact analysis by Server?

Question asked by Abner Almeida on May 10, 2016
Latest reply on Oct 20, 2016 by Cyrille Brahamcha

Hello, guys!


I'm taking  a look into Qualys' "Business Risk" Analysis section, and, if I didn't get anything wrong, I can only perform a risk analysis based on Asset Groups ( that is, I set up that "Business Impact X Security Risk" matrix in the Reports section and  those parameters will be applied to measure the business impact for each asset group when I generate a Report).

The question is: is it possible to perform a Business Risk analysis by Servers, instead of Asset Groups?


Let's say, for example, that I have a customer with 10 servers, of which 3 are plublic servers,  3 are Database Servers and 4 are development servers. A severity-5 vulnerability (if exploited) would have a greater business impact over the public servers than it would over the database or dev servers, you guys get me?