Topic 8D Flashcards
vulnerability feed
An automated scanner needs to be kept up to date with information about known vulnerabilities.
Nessus tool refers to these feeds as plug-ins, and OpenVAS refers to them as network vulnerability tests (NVTs).
Security Content Automation Protocol (SCAP)
A NIST framework that outlines various accepted practices for automating vulnerability scanning.
Used to obtain feed or plug-in updates
defines ways to compare the actual configuration of a system to a target-secure baseline plus various systems of common identifiers. These identifiers supply a standard means for different products to refer to a vulnerability or platform consistently.
Common Vulnerabilities and Exposures (CVE)
is a dictionary of vulnerabilities in published operating systems and applications software (cve.mitre.org))
The elements that make up a vulnerability’s entry in the CVE include:
An identifier in the format: CVE-YYYY-####, where YYYY is the year the vulnerability was discovered and #### is at least four digits that indicate the order in which the vulnerability was discovered.
A brief description of the vulnerability.
A reference list of URLs that supply more information on the vulnerability.
The date the vulnerability entry was created.
CVSS metrics
generate a score from 0 to 10 based on the characteristics of the vulnerability, such as whether it can be triggered remotely or needs local access, whether user intervention is required, and so on.
The scores are banded into descriptions as follows:
0.1+
Low
4.0+
Medium
7.0+
High
9.0+
Critical
Common Vulnerability Scoring System (CVSS)
A risk management approach to quantifying vulnerability data and then taking into account the degree of risk to different types of systems or information.
Vulnerability analysis is critical in supporting several key aspects of an organization’s cybersecurity strategy, including what?
prioritization, vulnerability classification, considerations of exposure, organizational impact, and risk tolerance contexts
Exposure factor (EF)
represents the extent to which an asset is susceptible to being compromised or impacted by a specific vulnerability, and it helps assess the potential impact or loss that could occur if the vulnerability is exploited
Factors might include weak authentication mechanisms, inadequate network segmentation, or insufficient access control methods.
environmental variables
In vulnerability assessment, factors or metrics due to local network or host configuration that increase or decrease the base likelihood and impact risk level.
One of the primary environmental factors is the organization’s IT infrastructure which includes the hardware, software, networks, and systems in use.
The external threat landscape is another crucial environmental factor. The prevalence of certain types of attacks or the activities of specific threat actors can affect the likelihood of exploitation of particular vulnerabilities. For example, if ransomware attacks are rising within the medical industry, that sector can prioritize those vulnerabilities.
Remediation practices
Patching
Cybersecurity insurance can provide financial protection in case of a security breach resulting from a vulnerability. It is another factor in vulnerability response.
Examples include coverage for data breach response costs, business interruption, ransomware attacks, third-party liability, cyber extortion
Segmentation involves dividing a network into separate segments to contain potential security breaches. If an attacker exploits a vulnerability and gains access to one segment they are confined to that segment.
Compensating controls refer to measures put in place to mitigate the risk of a vulnerability when security teams cannot directly eliminate it or when direct remediation is not immediately possible. Examples include additional monitoring, secondary authentication mechanisms, or enhanced encryption.
Exceptions and exemptions describe scenarios where specific vulnerabilities cannot be remediated due to business criticality, technical constraints, or cost constraints. In these cases, the senior leadership teams accept the risk and document the rationale for the decision along with an established timeline for reassessment.
Validating vulnerability remediation
Re-scanninginvolves performing additional vulnerability scans after remediation actions have been implemented. The re-scan aims to determine if the vulnerabilities identified in the initial scan have been resolved.
Auditing involves an in-depth examination of the remediation process by reviewing the steps taken to address the vulnerability and ensuring they align with the organization’s policies and best practices
Verificationis the process of confirming the results of the remediation actions and involves various methods, including manual checks, automated testing, or reviews of system logs or other records.
