Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

Mastering CVSSv3

Software, hardware and firmware vulnerabilities pose a critical risk to any organization operating a computer network, and can be difficult to categorize and mitigate. The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability, and produce a numerical score reflecting its severity, as well as a textual representation of that score. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.
In short, CVSS affords three important benefits. First, it provides standardized vulnerability scores. When an organization uses a common algorithm for scoring vulnerabilities across all IT platforms, it can leverage a single vulnerability management policy defining the maximum allowable time to validate and remediate a given vulnerability. Next, it provides an open framework. Users may be confused when a vulnerability is assigned an arbitrary score by a third party. With CVSS, the individual characteristics used to derive a score are transparent. Finally, CVSS enables prioritized risk. When the environmental score is computed, the vulnerability becomes contextual to each organization, and helps provide a better understanding of the risk posed by this vulnerability to the organization.
This training programme will help the participants to learn the following:
  • Articulate tactical and business benefits of CVSS
  • Describe relevant changes from CVSS v2.0 to CVSS v3.0
  • Distinguish among Base, Temporal, and Environmental Metrics
  • Identify CVSS scoring rubrics and how to use them
  • Make calculations for the various types of CVSS metrics
  • Apply CVSS metrics to case studies about real-world vulnerabilities
Who can Attend
  • Information Security Consultants
  • Information Security Officers/Analyst/Engineers
  • IT Managers
  • Cybercrime Investigators
  • Incident Handlers
  • System Administrators
  • Network Administrators
  • Database Administrators
Participants should bring their own laptop. Wi-Fi connection will be provided.
One full day