Base metric group

These are the main characteristics of the vulnerability, which are consistent over time, and the environment that the systems reside on. These are typically assigned by vulnerability bulletin analysts, security product vendors, or application vendors.

The base metric group consists of six sections, which are as follows:

  • Access Vector (AV): Determines how the vulnerability is exploited:
    • Local
    • Adjacent network
    • Network
  • Access Complexity (AC): Measures the types/difficulty of actions required to exploit the vulnerability:
    • High
    • Medium
    • Low
  • Authentication (Au): Measures the number of times that an adversary must authenticate a system/network so that they can exploit a vulnerability:
    • Multiple
    • Single
    • None
  • Confidentiality Impact (C): Determines the level of impact to the confidentiality of the system once the vulnerability has been exploited:
    • None
    • Partial
    • Complete
  • Integrity Impact (I): Determines the level of impact to the integrity of the system once the vulnerability has been exploited:
    • None
    • Partial
    • Complete
  • Availability Impact (A): Determines the level of impact to the availability of the system once the vulnerability has been exploited:
    • None
    • Partial
    • Complete
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.129.67.26