Vulnerability Management: Assessing the Risks with CVSS v3.1
1h 15mIntermediate2020-10-06
Authors

Lora Vaughn
Cybersecurity Executive in Financial Services
Course details
Vulnerability management can be difficult, and understanding the risks that vulnerabilities pose in your own environment is key to determining how (and in what order) to tackle them. The Common Vulnerability Scoring System (CVSS) was developed to address this. In this course, explore the essential metrics in the CVSS methodology, as well as how to apply CVSS scores to assess risk and determine what to fix first. Instructor Lora Vaughn takes a deep dive into CVSS version 3.1, examining the characteristics it measures, the scoring formula, and how to apply CVSS scores to your environment. Using practical examples, she covers the three most essential aspects of CVSS: Base, Temporal, and Environmental metrics. Upon wrapping up this course, you'll be equipped with the essential knowledge you need to use CVSS scores to prioritize remediation efforts.
Skills covered
Security TestingVulnerability ManagementCybersecurityDeep Dive (X:Y)
Concepts
0. Introduction
- 01 - Welcome to this course
- 02 - Case study - Red30 technology
1. Vulnerability Basics
- 03 - Vulnerability risk assessment
- 04 - Vulnerability types and their causes
- 05 - Methods for fixing vulnerabilities
- 06 - Common terms in vulnerability management
2. CVSS Overview
- 07 - Intro to the Common Vulnerability Scoring System (CVSS)
- 08 - Core elements of CVSS v3.1
- 09 - CVSS v3.1 formula
- 10 - Making sense of the CVSS vector string
3. Base Metric Group
- 11 - The CVSS base metric group
- 12 - The attack vector metric
- 13 - How attack complexity affects risk
- 14 - The effects of the privileges required metric on risk
- 15 - User interaction and vulnerability risk
- 16 - Confidentiality, integrity, and availability impact metrics
- 17 - Security scope in CVSS
- 18 - Challenge
- 19 - Solution
4. Temporal Metrics Group
- 20 - How exploit code maturity affects risk
- 21 - How remediation level affects risk
- 22 - How report confidence affects risk
5. Environment Metrics Group
- 23 - Confidentiality, integrity, and availability requirement
- 24 - Modified base metrics in CVSS
6. Putting CVSS into Practice
- 25 - Using CVSS scores
- 26 - CVSS severity rating scale
- 27 - Using CVSS scoring in the enterprise
- 28 - Remediating vulnerabilities
- 29 - Accepting vulnerability risks
- 30 - Challenge
- 31 - Solution
Conclusion
- 32 - Next steps
Related courses
- Vulnerability Management: Assessing the Risks with CVSS, CISA KEV, EPSS, and SSVC
- Implementing Zero Trust for 5G and Open RAN
- CompTIA CySA+ (CS0-002) Cert Prep: 1 Threat Management
- OWASP Top 10: #5 Security Misconfiguration and #6 Vulnerable and Outdated Components
- Vulnerability Management in Cybersecurity: The Basics
- Vulnerability Management with Nessus
- Security Testing: Vulnerability Management with Nessus
- Implementing a Vulnerability Management Lifecycle
Related learn paths
- Become an Ethical Hacker
- Prepare for the CompTIA Cybersecurity Analyst + (CySA+) (CS0-002) Certification Exam
- Working with Data: Collecting, Processing, and Storing Data for AI
- Prepare for the CompTIA Cybersecurity Analyst (CySA+) (CS0-003) Certification
- Become an IT Security Specialist
- Prepare for the CompTIA Security+ (SY0-701) Certification
- Leverage AI as a Cybersecurity Analyst
- Communication Skills for Senior Managers