3 rating scale in more detail

0 comments 7.140 views

Previous postings:

CyTRAP Labs 5-points risk barometer
low elevated moderately
critical
critical severe
1 2 3 4 5

CyTRAP Labs has developed a general ranking system for CASEScontact.org advisories that indicates the severity of known threats and vulnerabilities and impact business operations, home users’ and mobile workers’ systems.

_Fact sheet – ranking threat, vulnerability and impact to arrive at the overall risk assessment

Level threat, vulnerability,
& impact
condition
facts color coding
1 low Basic security posture.There is neither a specific threat being massively distributed nor a discernible network incident activity. low
2 elevated There is no direct threat to systems that have been patched.

Remain vigilant.

elevated
3 moderately critical
or high
An unpatched or recently patched vulnerability can be exploited by malware or a hacker.Systems and information assets are at risk being targeted.

Virus = MyLife, Klef

moderately
critcial
4 critical Organizations and home-users require immediate defensive or preventive actions.Remotely exploitable flaws that may require user interaction.

Windows, Microsoft = zero-day vulnerability – exploit code spreading & being actively exploited by hackers

critical
5 severe – take cover Severe risk of a threat attack or critical threat .Remotely exploitable flaws, which could lead to system compromise without user interaction.

Virus = Nimda, Loveletter

severe

Every threat and vulnerability is assessed and ranked using the above CyTRAP Labs advisory system. It allows the ranking of threats, vulnerabilities according to their level of criticality and determinining of their impact on business operations, mobile workers and home-users.

CyTRAP Labs 5-points risk barometer
low elevated moderately
critical
critical severe
1 2 3 4 5

Please also read:

risk barometer – what threat, vulnerability and impact on business operations are we exposed to