Scores and severities of events

Events and incidents in Kaspersky Industrial CyberSecurity for Networks are scored on a scale from 0.0 to 10.0.

If an event is linked to a device, the application calculates a numerical value for the score based on available information about the device. When calculating a score in this case, the application considers the level of importance of the device and the risks associated with this device.

The starting value used for calculating the score is the base score defined for the specific type of event in the event types table or defined when configuring Process Control rules (only for events that are registered when Process Control rules are triggered).

If an event is not linked to a device, the score of this event is equal to the base score.

This score determines the severity of the event. Depending on the numerical value of its score, an event can have one of the following severities:

• Low (scores 0.0–3.9).

  Low-severity events normally do not require an immediate response.

• Medium (scores 4.0–7.9).

  Medium-severity events contain information that requires attention. These events may require a response.

• High (scores 8.0–10.0).

  High-severity events contain information that may have a critical impact on the industrial process. These events require an immediate response.

To ensure compatibility with the severity levels of events that were used in previous versions of the application, the current version of Kaspersky Industrial CyberSecurity for Networks converts those severity levels into the following scores:

• Events with Informational severity are assigned a score of 3.0.
• Events with Warning severity are assigned a score of 6.0.
• Events with Critical severity are assigned a score of 9.0.