Versions Compared

Old Version 5

changes.mady.by.user Vrushali Parkar

Saved on

compared with

New Version 6

changes.mady.by.user Vrushali Parkar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

🔹 Risk Score Grade: B (40 - 45):
  B represents Low (Issues are present and the value ranges from 40-45, however, significant issues have been taken care of).

...

  • The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities.

  • CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritise responses and resources according to the threat.

  • Scores are calculated based on a formula that depends on several metrics that approximate ease of exploit and the impact of exploit. Scores range from 0 to 10, with 10 being the most severe. While many utilize only the CVSS Base score for determining severity, temporal and environmental scores also exist, to factor in the availability of mitigations and how widespread vulnerable systems are within an organisation, respectively.

  • Navigate to Vulnerabilities on a company level and click on any Severity numbers (Critical, High, Medium, or Low) for mentioned OS to get more details about that Vulnerability. These numbers are the total of that category of vulnerabilities.

...

  • Further, you need to select any of the vulnerability vulnerabilities from the Product name and you can get the details of the Base Score, Impact Score, and Exploitability Score per CVE as shown below.

  • Here the maximum Base score and the maximum exploitability score will be considered while calculating the Vulnerability Risk Score.

  • In the edit device page, you get the Severity importance, which is, ‘Low’ by default for all Assets. You can set the value as Low, Medium, High, Or Critical depending on the importance of that asset in your network.

...

  • For CyberCNS, the CVSS is used to map the vulnerability score to an asset and then we compute the overall vulnerability score based on the weights of different vulnerabilities. 

  • Also, we use a weighted table of:

CVSS Base score 50 percent.
CVSS Exploitability Score 20 percent.
Asset Importance Score 10 percent.
Impact based on actual malware being released 10 percentper cent.
Impact score 10 percent.

...

  • It’s then computed for each asset and then we compute a mode and mean and give the higher of the two as a risk score. So if you had no vulnerabilities you get zero risks. A risk of 100 is you do something or you will land up with issues.

How to Improve the Risk Grade of any asset:

Please act on the recommendations provided in the Remediation Plan.

  • Update a version of an Application/OS to the latest version.

  • Uninstall an application that is not supported, e.g. End of Support.

  • Use EPSS Categorization to decide which actions should be taken first on a priority basis.

HeatMap ( Graphical representation)

...

  • The Risk Score is a value from 1 to 100, where 100 represents significant risk and potential issues.

  • The risk score is computed based on a number of several factors such as the number and severity of vulnerabilities and importance that is assigned to an asset and the ability of an attacker to exploit the vulnerability remotely or with little or no knowledge of the credentials.

  • In the HeatMap the vulnerability score is represented Graphically.

  • A vulnerability Risk score is categorised using four colors. They are:

...