Saturday, May 27, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • BSidesSF 2023 - Alexis Hancock - HSMs in Plain Envelopes: A Code Signing Story
  • Is Your SIEM Strategy Failing You? Here’s Why AI-Powered XDR Might Be The Answer
  • Live phishing tests not getting the results you want? Here’s what to do.
  • BSidesSF 2023 - Leif Dreizler - Tracking Meaningful Security Product Metrics
  • The Developer’s Guide to Mobile Authentication
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » Vulnerability Management Metrics: The Final Frontier

SBN

Vulnerability Management Metrics: The Final Frontier

by Irfahn Khimji on April 2, 2019

In Part 1 of this series, we looked at some of the metrics that an executive team would want to see to identify how the business risk is trending. It is very important to keep in mind that if the business does not see the information security program as effective and efficient, they will not continue to invest in information security projects.

DevOps ConnectSponsorships Available

In this part, we will look at the operational level reports that can assist in focusing efforts to reduce the risk to the business.

Operational Vulnerability Reports

An alarming yet common trend among organizations is to run a report that contains all the vulnerabilities under a particular system-owner and send them a very large report. Some organizations have matured beyond this point to provide reports that include everything with a “High” score. The main question then becomes: what defines a high-scoring vulnerability? To answer this, security analysts have typically said anything that is a CVSS 7 or above should be remediated. The PCI compliance standard, for example, says that a CVSS score of 7.0-10.0 is High, 4.0-6.9 is Medium, and 0.0 to 3.9 is Low.

In common practice, system administrators have said that there are far too many vulnerabilities that are a CVSS score of 10 and above to remediate within a reasonable time frame. Depending on the organization, system administrators are committed to remediating anywhere from one to ten vulnerabilities per month. So the first question they pose to the security analysts is: which of these CVSS 10 scoring vulnerabilities is the most severe?

Vulnerability Management Risk Scoring

The Tripwire Vulnerability Risk Score alleviates this problem. By providing specific details about the ease of exploit, the privilege gained, and the age of the vulnerability, security analysts have a simple, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Irfahn Khimji. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-metrics-final-frontier/

April 2, 2019April 2, 2019 Irfahn Khimji Featured Articles, remediation, security, Vulnerability Management
  • ← Post-Brexit Cybersecurity – Implications on Risk and Uncertainty
  • Successful Software Security Training Lessons Learned →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Sat 27

Simplify, Secure, Strengthen: Implementing Zero-Trust Across Your Endpoints

May 17 @ 1:00 pm - July 12 @ 2:00 pm
Tue 30

Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities

May 30 @ 1:00 pm - 2:00 pm
Jun 05

Securing Open Source

June 5 @ 1:00 pm - 2:00 pm
Jun 08

ActiveState Workshop: Building Secure and Reproducible Open Source Runtimes

June 8 @ 1:00 pm - 2:00 pm
Jun 13

Uncovering the Hidden Cybersecurity Threat in Your Organization

June 13 @ 1:00 pm - 2:00 pm
Jun 14

Enrich Security Investigations With ServiceNow Asset Data in Snowflake

June 14 @ 3:00 pm - July 24 @ 4:00 pm
Jun 15

Securing Containers & Kubernetes With AWS And Calico

June 15 @ 3:00 pm - 4:30 pm
Jun 22

Strange Bedfellows: Software, Security and the Law

June 22 @ 11:00 am - 12:00 pm
Jun 22

Sneak Peek: Cloud Security Prioritized With Sonrai

June 22 @ 1:00 pm - 2:00 pm
Jun 22

Unleash the Potential of Your Log and Event Data, Including AI’s Growing Impact

June 22 @ 3:00 pm - 4:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

‘BrutePrint’ Unlocks Android Phones — Chinese Researchers
3 Ways to Streamline Auth, Access & Security for Oracle EBS
Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift
The Security Maturity Improvement Imperative
Three Biggest Issues Driving Cybersecurity
Shopify Stores Privacy Policy: What you need to know?
SuperMailer Abuse Explodes, Now Responsible for 14% of All Credential Phish Discovered in Inboxes
Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services
GUEST ESSAY: A primer on NIST 207A — guidance for adding ZTNA to cloud-native platforms
Critical Vulnerability in Zyxel Network Appliances Exploited, PoC Scripts Circulating

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift
Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Industry Spotlight News Security Boulevard (Original) Spotlight 

Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift

May 23, 2023 Michael Vizard | 4 days ago 0
Facebook Fined $1.3B — Zuckerberg Furious in GDPR Fight
Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threats & Breaches 

Facebook Fined $1.3B — Zuckerberg Furious in GDPR Fight

May 22, 2023 Richi Jennings | May 22 0
Google Chrome 3rd Party Cookies Crumbling — Finally!
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Spotlight Threat Intelligence Threats & Breaches 

Google Chrome 3rd Party Cookies Crumbling — Finally!

May 19, 2023 Richi Jennings | May 19 0

Top Stories

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT
Analytics & Intelligence API Security Cloud Security Cyberlaw Cybersecurity Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response IOT IoT & ICS Security Malware Most Read This Week Network Security News Popular Post Security Boulevard (Original) Security Operations Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT

May 26, 2023 Richi Jennings | 1 day ago 0
Federal Appellate Court Approves ‘Pretext’ Border Search
Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) 

Federal Appellate Court Approves ‘Pretext’ Border Search

May 26, 2023 Mark Rasch | 1 day ago 0
U.S.-South Korea Forge Strategic Cybersecurity Framework
Cybersecurity Featured Governance, Risk & Compliance News Security Boulevard (Original) Spotlight Threat Intelligence 

U.S.-South Korea Forge Strategic Cybersecurity Framework

May 25, 2023 Christopher Burgess | 2 days ago 0

Security Humor

Daniel Stori's ‘# $ To Devops Or Not To Devops’

Daniel Stori’s ‘# $ To Devops Or Not To Devops’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.