icasuserguide

2.2. Scoring 

The ICAS® scoring system is central to the ICAS® application and provides a succinct overview of data compiled from the Control level all the way up to the Organisational level. The Assurance page is a clear example of the how the scoring can be presented at a high level for a concise representation of how the Organisation is performing and any areas of security related weakness it might display.

 

The terminology related to scoring within the ICAS® application is detailed in the sections below.

2.2.1. SAI Score

The Caveris ICAS Security Assurance Index (SAI) is the quantitative rating used to provide an assessment of an Organisation’s Information Security posture. Every time a Control Instance completes, it is given a score (1 for a  good completion & 0 for a bad completion). These scores are used to calculate the SAI for each Control. The SAI scores are then propagated up through the hierarchy using the Caveris ICAS weightings to give a quantitative assessment at each level.

2.2.2. Weighted Score

Found within the ICAS® application is the concept of weighted scoring. By determining the importance of certain Disciplines, Activities and Controls to the Organisation the User can weight them accordingly. Therefore, providng the most accurate representational scoring to be seen at each level of the hierarchy.  

2.2.3. SLA Status

The Service Level Agreement (SLA) is a commitment between a service provider and a client and within the ICAS® application has a status assigned accordingly.

 

The SLA Status of a Control can be either of the following: 

 

  • GOOD (for a successfully cleared Control)
  • BREACHED (for an unsuccessful terminated Control) 
 
powered by tomehost