Thursday, February 25, 2021
  • New Lacework CEO Takes the Helm
  • Announcing the First-Ever Veracode Hacker Games
  • Attackers collaborate to exploit CVE-2021-21972 and CVE-2021-21973
  • Reducing Signup & Login Friction
  • Industrial Control Systems: The New Target of Malware

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » Vulnerability Management Metrics: The Final Frontier

Vulnerability Management Metrics: The Final Frontier

by Irfahn Khimji on April 2, 2019

In Part 1 of this series, we looked at some of the metrics that an executive team would want to see to identify how the business risk is trending. It is very important to keep in mind that if the business does not see the information security program as effective and efficient, they will not continue to invest in information security projects.

In this part, we will look at the operational level reports that can assist in focusing efforts to reduce the risk to the business.

Operational Vulnerability Reports

An alarming yet common trend among organizations is to run a report that contains all the vulnerabilities under a particular system-owner and send them a very large report. Some organizations have matured beyond this point to provide reports that include everything with a “High” score. The main question then becomes: what defines a high-scoring vulnerability? To answer this, security analysts have typically said anything that is a CVSS 7 or above should be remediated. The PCI compliance standard, for example, says that a CVSS score of 7.0-10.0 is High, 4.0-6.9 is Medium, and 0.0 to 3.9 is Low.

In common practice, system administrators have said that there are far too many vulnerabilities that are a CVSS score of 10 and above to remediate within a reasonable time frame. Depending on the organization, system administrators are committed to remediating anywhere from one to ten vulnerabilities per month. So the first question they pose to the security analysts is: which of these CVSS 10 scoring vulnerabilities is the most severe?

Vulnerability Management Risk Scoring

The Tripwire Vulnerability Risk Score alleviates this problem. By providing specific details about the ease of exploit, the privilege gained, and the age of the vulnerability, security analysts have a simple, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Irfahn Khimji. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-metrics-final-frontier/

April 2, 2019April 2, 2019 Irfahn Khimji Featured Articles, remediation, security, Vulnerability Management
  • ← Post-Brexit Cybersecurity – Implications on Risk and Uncertainty
  • What is a Zero-Day Attack? →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Think Macs Don’t Get Malware? Think Again.
How to Secure Your Cloud Investment
Mitigating Third-Party Supply Chain Breaches
What’s Scarier Than the SolarWinds Breach?
Making the Right Cloud Security Investments
6 Security Methods to Protect You and Your Customers
Surge in ZLoader Attacks Observed
From Zero to Zero Trust: Five Tips to Simplify Your Journey
Ransomware Attacks Remain Persistent and Pervasive
Industrial Cybersecurity and the Florida Water Supply Attack with Dale Peterson

Upcoming Webinars

Mar 09

Zero Trust Journey – A Security Leader’s Story

March 9 @ 11:00 am - 12:00 pm
Mar 15

Don’t Get Attached to Your Attachment!

March 15 @ 9:00 am - 10:00 am
Mar 15

Managing Security in a Decentralized World

March 15 @ 1:00 pm - 2:00 pm
Mar 17

API Security: Everything You Need to Know To Protect Your APIs

March 17 @ 1:00 pm - 2:00 pm
Mar 22

The Main Application Security Technologies to Adopt in 2021

March 22 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

XDR: Next-Level Prevention and Detection
Analytics & Intelligence Cybersecurity Endpoint Incident Response Industry Spotlight Security Boulevard (Original) 

XDR: Next-Level Prevention and Detection

February 25, 2021 Eyal Gruner | 11 hours ago 0
Breach Clarity Data Breach Report: Week of Feb. 22
Cloud Security Cybersecurity Data Security Endpoint Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Breach Clarity Data Breach Report: Week of Feb. 22

February 24, 2021 Kyle Marchini | Yesterday 0
What’s Scarier Than the SolarWinds Breach?
Cloud Security Cybersecurity Data Security Industry Spotlight Network Security Security Awareness Security Boulevard (Original) Threats & Breaches 

What’s Scarier Than the SolarWinds Breach?

February 23, 2021 Yuval Elddad | 2 days ago 0

Top Stories

Think Macs Don’t Get Malware? Think Again.
Analytics & Intelligence Cloud Security Cybersecurity Endpoint Featured Incident Response Malware News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Think Macs Don’t Get Malware? Think Again.

February 22, 2021 Richi Jennings | 3 days ago 0
SolarWinds Hack: ‘All is Well,’ Microsoft Shrugs
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

SolarWinds Hack: ‘All is Well,’ Microsoft Shrugs

February 19, 2021 Richi Jennings | Feb 19 0
Oracle is Said to Help China Find Dissidents and Jail Minorities
Analytics & Intelligence Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response News Security Boulevard (Original) Social Engineering Spotlight 

Oracle is Said to Help China Find Dissidents and Jail Minorities

February 18, 2021 Richi Jennings | Feb 18 0

Security Humor

via     the comic delivery system monikered   Randall Munroe   resident at   XKCD  !

XKCD ‘Mars Landing Video’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.