Device SCI is the summation of the severity for the failed controls divided by summation of the severity for the total controls (passed or failed) * 10.
Control | severity | result
c1 | 5 | pass
c2 | 8 | fail
c3 | 2 | pass
c4 | 2 | pass
c5 | 2 | fail
Sci = (8 + 2)/(5 + 8 + 2 + 2 + 2) * 10 = 5.3
So the higher the severity (a value from 0-9), the more impact the failure will have on sci.
Device SCI is the number of failed controls divided by total controls (passed or failed) * 10. So a ratio in the range of 0-10. At a management station level it is a summarization of the devices under it.
Regarding a change to SCI after an upgrade, if it was an upgrade from pre 8.14 to post 8.14, then we have seen changes like this in other customers due to some SiQL/controls being fixed. Specifically related to the zones functions.
Regarding communication of a min/max or tolerance for SCI. There normally shouldn't be a change on upgrade, but this one was unique as we fixed some of the SiQL controls.
SCI (Security Concern Index) is a FireMon term. Using the controls and assessments in place, we evaluate your network environment based on control failures and calculate a score based on the number of failures, the severity of the failures, and a few other characteristics. The lower your SCI score, the better. A lower score tends to imply that your network has few rules that allow risky access or have few expired rules (things along those lines).
That said, SCI is not an industry standard, so there is no way to directly compare your score compared to another. It is meant simply as a KPI (key performance indicator) on whether your network is becoming more secured or more risky over time.
Comments
0 comments
Article is closed for comments.