From the course: Vulnerability Management: Assessing the Risks with CVSS, CISA KEV, EPSS, and SSVC
Join today to access over 25,300 courses taught by industry experts.
Risk assessment basics
From the course: Vulnerability Management: Assessing the Risks with CVSS, CISA KEV, EPSS, and SSVC
Risk assessment basics
- [Instructor] At the most basic level, risk is the likelihood that a threat actor will exploit a vulnerability combined with the potential impact if the vulnerability were to be exploited. We'll use three elements to determine the risk that a particular vulnerability poses. The first element to determine risk is severity. Vulnerability severity scores represent the potential impact or harm that a vulnerability could cause if exploited, but they don't provide enough detail for us to prioritize our efforts in the most effective and efficient way. The second element is exploitability. Exploitability helps us determine the likelihood that a vulnerability may be exploited. By referencing the CISA KEV or EPSS scores, vulnerabilities that are actively being exploited or are likely to be exploited soon can be identified. Finally, asset categorization helps us discern the real risk a vulnerability presents. Asset categorization allows us to identify which systems matter the most in our…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.