Vulnerability Management: Assessing the Risks with CVSS v3.1

Vulnerability Management: Assessing the Risks with CVSS v3.1

English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 1h 14m | 210 MB

Vulnerability management can be difficult, and understanding the risks that vulnerabilities pose in your own environment is key to determining how (and in what order) to tackle them. The Common Vulnerability Scoring System (CVSS) was developed to address this. In this course, explore the essential metrics in the CVSS methodology, as well as how to apply CVSS scores to assess risk and determine what to fix first. Instructor Lora Vaughn takes a deep dive into CVSS version 3.1, examining the characteristics it measures, the scoring formula, and how to apply CVSS scores to your environment. Using practical examples, she covers the three most essential aspects of CVSS: Base, Temporal, and Environmental metrics. Upon wrapping up this course, you’ll be equipped with the essential knowledge you need to use CVSS scores to prioritize remediation efforts.

Table of Contents

1 Welcome to this course
2 Case study Red30 technology
3 Vulnerability risk assessment
4 Vulnerability types and their causes
5 Methods for fixing vulnerabilities
6 Common terms in vulnerability management
7 Intro to the Common Vulnerability Scoring System (CVSS)
8 Core elements of CVSS v3.1
9 CVSS v3.1 formula
10 Making sense of the CVSS vector string
11 The CVSS base metric group
12 The attack vector metric
13 How attack complexity affects risk
14 The effects of the privileges required metric on risk
15 User interaction and vulnerability risk
16 Confidentiality, integrity, and availability impact metrics
17 Security scope in CVSS
18 Challenge
19 Solution
20 How exploit code maturity affects risk
21 How remediation level affects risk
22 How report confidence affects risk
23 Confidentiality, integrity, and availability requirement
24 Modified base metrics in CVSS
25 Using CVSS scores
26 CVSS severity rating scale
27 Using CVSS scoring in the enterprise
28 Remediating vulnerabilities
29 Accepting vulnerability risks
30 Challenge
31 Solution
32 Next steps