# Risk Assessment source: https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/index.md ## Risk Assessment Overview {#risk-assessment-overview} The RiskRecon cybersecurity ratings platform enables people to confidently make risk decisions rapidly, providing ratings that assess real-world cybersecurity risk management quality. It is founded on RiskRecon's unique ability to automatically risk prioritize issues based on issue severity and the value at risk of the system in which each issue exists. This yields a risk-responsive model that provides you with useful ratings and actionable insights by providing to each issue [a severity rating](https://developer.mastercard.com/riskrecon-api/documentation/glossary/index.md#severity-rating) and [an asset value](https://developer.mastercard.com/riskrecon-api/documentation/glossary/index.md#asset-value) that pinpoint risk in your ecosystem. ## Ratings and Risk Prioritization {#ratings-and-risk-prioritization} RiskRecon then combines the asset value and severity to determine the priority of the issues on a scale of 1-6, 1 representing critical priority and 6 representing low priority. The rating model also assigns a numeric rating on a scale of 0.0-10, 10 being the highest, to each [security domain](https://developer.mastercard.com/riskrecon-api/documentation/glossary/index.md#security-domain) and [security criteria](https://developer.mastercard.com/riskrecon-api/documentation/glossary/index.md#security-criteria) as well as an [overall rating](https://developer.mastercard.com/riskrecon-api/documentation/glossary/index.md#overall-rating) to the performance of the organization. RiskRecon further categorizes the ratings on an A-F grading scale which helps to separate your performance into five bands. Companies in the "F" rating tier have a higher breach event frequency than companies in the "A" rating tier. | Grade | Rating Range | |-------|--------------| | A | 8.5 -- 10 | | B | 7.0 -- 8.4 | | C | 5.5 -- 6.9 | | D | 4.0 -- 5.4 | | F | 0.0 -- 3.9 | The **Issue Priority Matrix** in the **RiskRecon web portal** provides a pictorial representation of the severity and asset value of the issues across all vendors in your portfolio: ![](https://static.developer.mastercard.com/content/riskrecon-api/uploads/issue-priority-matrix.png) With the above data in hand, you can now risk-prioritize your issues using tools, such as action plans and alerting which are discussed in the [Risk Management and Issue Remedification](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-mgmt-issue-rmdfn/index.md) section. RiskRecon allows you to access the ratings, review the findings, the current and historical analysis, the performance trend, data breaches, compliance, and hosting providers from the APIs discussed in these sections: * [Retrieve the Current Analysis Summary of a TOE or TOEs](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/analysis-summary/index.md) * [Retrieve the Ratings and Trending Data of a TOE](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/analysis/index.md) * [Retrieve Findings](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/findings/index.md) * [Retrieve Data Loss Events](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/datalossevent/index.md) * [Retrieve Compliance Assessments](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/compliance/index.md) * [Retrieve Hosts](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/hosts/index.md) * [Retrieve TOEs by their CVE IDs](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/toe-by-cve-id/index.md)