Software, hardware and firmware vulnerabilities pose a critical risk to any organization operating a computer network, and can be difficult to categorize and mitigate. The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability, and produce a numerical score reflecting its severity, as well as a textual representation of that score. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.
In short, CVSS affords three important benefits. First, it provides standardized vulnerability scores. When an organization uses a common algorithm for scoring vulnerabilities across all IT platforms, it can leverage a single vulnerability management policy defining the maximum allowable time to validate and remediate a given vulnerability. Next, it provides an open framework. Users may be confused when a vulnerability is assigned an arbitrary score by a third party. With CVSS, the individual characteristics used to derive a score are transparent. Finally, CVSS enables prioritized risk. When the environmental score is computed, the vulnerability becomes contextual to each organization, and helps provide a better understanding of the risk posed by this vulnerability to the organization.
This training programme will help the participants to learn the following:
Articulate tactical and business benefits of CVSS
Describe relevant changes from CVSS v2.0 to CVSS v3.0
Distinguish among Base, Temporal, and Environmental Metrics
Identify CVSS scoring rubrics and how to use them
Make calculations for the various types of CVSS metrics
Apply CVSS metrics to case studies about real-world vulnerabilities
Who can Attend
Participants should bring their own laptop. Wi-Fi connection will be provided.
One full day