Академический Документы
Профессиональный Документы
Культура Документы
5 3 2
Threat Weight 5 3 2
Critical Control 3 Servers (High Threat) = 5 Laptops (Medium Threat) = 3 Workstations (Low Threat) = 2
Insecure Configs 2 6 11
Threat Weight 5 3 2
Critical Control 4 Switches (High Threat) = 5 Routers (Medium Threat) = 3 Firewalls (Low Threat) = 2
Insecure Configs 4 3 1
Threat Weight 5 3 2
Critical Control 5 High Threat Potential = 5 Medium Threat Potential = 3 Low Threat Potential = 2
5 3 2
Critical Control 6 High Threat System = 5 Medium Threat System= 3 Low Threat System = 2
Threat Weight 5 3 2
Threat Weight
Total Quantity 8 5
Threat Weight 3 5
Average Time to Total Unauthorized Neutralize Total Unauthorized Account Access Account (days) Group Memberships 5 3.6 2 4 2.7 1 4 3.5 4
Number of mitigated 2
Critical Control 11 Account Monitoring and Control Workstations Servers Network Devices
Total Vulnerable 15 5 2
Critical Control 12 Email Web Download Physically (USB/CD) Other Critical Control 13 Limitation and Control of ports, protocols, and services
Downtime Incidents
Insecure Workstations 5
Critical Control 16
90 1 100
0.90
0.80
Critical Control 17 Full IP data theft Administrative Rights attained Non Admin Rights attained
Criticality of Expoitation 5 3 2
% Data Backed Up
Time To Restore
Threat Score
Threat Level 16.00 Risk Score 10.00 Goal 15.00 Cost of Check Frequency of Scans 1 day
4 164.00 <175 $ 1
Threat Score
Threat Level 16.70 Risk Score 23.40 Goal 33.60 Cost of Check Frequency of Scans 1 day
Threat Score
Threat Level 12 Overall Risk Score 24 Goal 29 Cost of Check Frequency of Checks Threat Level 22 Overall Risk Score 12 Goal 3 Cost of Check Frequency of Checks
Threat Score
9 333 <350 $$
Threat Score
Threat Level 16 Overall Risk Score 5 Goal 6 Cost of Check Frequency of Check
Threat Level Overall Risk Score Goal Cost of Check Frequency of Check
Threat Score
8 432 <450 $$
Frequency of Check
Score
Threat Level Overall Risk Score Goal Cost of Check Frequency of Check
Assessment Score
Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks
Assessment Score
Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks
8.9
Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks
8.2
Threat Level 11 Overall Risk Score Goal Cost of Check Frequency of Checks
<10
Threat Level
7.5
31.68 >30
Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks
Avg Loss of Data (GB) Threat Level 20.2 Overall Risk Score Goal Cost of Check Frequency of Checks Risk Level Score Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks
15.4 15
Inventory Sept Servers Laptops Workstations Software Level 3 Software Level 2 Software Level 1 Wireless AP's Configurations Sept Servers Laptops Workstations Switches Routers Firewalls Boundary Defense Score Proxy Server IPS IDS VPN Access Points User Access Count Accounts w/ Inproper Privileges Insecure Passwords Workstation Vulnerabilities Server Vulnerabilities Network Device Vulnerabilities Data Recovery Capability Sept 5 8 15 5 2 2.8 3.7 4.1 3.2 4.3 12 24 29 22 12 3 16.00 10.00 15.00 16.7 23.4 33.6 12
*estimated Nov 4.00 17.2 18.78 19.10 24.2 24.8 15 *estimated Nov 10 21 23 19 10 1
Oct
Nov
Malware Found Sept Email Web Download Physically (USB/CD) Other Incident Response Capability Avg Time to Avg Time to Avg Time to Detect (hrs) Eradicate (hrs) Recover (hrs) 6.1 5.2 4.6 5.2 4.9 4.7 5.3 5.4 4.9 100 50 12 15 Oct 78 75 8 12 Nov 83 24 5 10
Oct 1.2
Nov 3.3
Sept % Data Backed up Successfully % Fortune Cookies Found Protected 96.2 98.3
98 97
96
16
14
12
10 8 6
4
Avg Time to Recover (hrs) Avg Time to Eradicate (hrs) Avg Time to Detect (hrs)
95 94
93 92
7. Log Analysis
Control Device Inventory Software Inventory Hardware/Software Configurations % Logs Notifying Correctly Network Device Configurations Boundary Defense
Nov
Oct
Controlled Use of Administrative Privileges Continous Vulnerability Assessment Secure Network Engineering Data Loss Prevention
Sept