Phase B

Similar to phase B in the reporting Capability Maturity Model of vulnerability management, we begin to see the scope increase to the medium impact systems and applications. Another important change here is the introduction of the CVSS v3.0 critical category.

It is another prioritization indicator to the stakeholder that critical means fix now:

Here is an example of how we can utilize this on top of the work that we've done in phase A.

For example:

  • Critical severity:
    • Red: Average of 3 vulnerabilities per system
    • Amber: Average of 1-2 vulnerabilities per system
    • Green: Average of 0 vulnerabilities per system
  • High severity:
    • Red: Average of 5 vulnerabilities per system
    • Amber: Average of 3-4 vulnerabilities per system
    • Green: Average of 0-2 vulnerabilities per system
  • Medium severity:
    • Red: Average of 10 vulnerabilities per system
    • Amber: Average of 8-9 vulnerabilities per system
    • Green: Average of 0-7 vulnerabilities per system
  • Low severity:
    • Red: Average of 15 vulnerabilities per system
    • Amber: Average of 10-14 vulnerabilities per system
    • Green: Average of 0-9 vulnerabilities per system
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.191.44.23