RE: mapping vulnerabilities into high medium low risk

From: Cure, Samuel J (scure@kpmg.com)
Date: Wed Oct 08 2003 - 14:51:33 EDT

• Next message: Gary Everekyan: "RE: Web Application Penetration Testing Tools"
• Previous message: pak: "Re: Web Application Penetration Testing Tools"
• Maybe in reply to: thomasng@bigfella.is-a-geek.net: "mapping vulnerabilities into high medium low risk"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I would also be sure to dilute or strengthen the rating by adding in the
Asset factor to the equation (such as: High risk, BUT, it is a print server,
therefore Low risk).

-scure

-----Original Message-----
From: Brian E [mailto:brian_anon@hotmail.com]
Sent: Tuesday, October 07, 2003 9:35 PM
To: pen-test@securityfocus.com
Subject: Re: mapping vulnerabilities into high medium low risk

In-Reply-To:
<Pine.LNX.4.44.0309180945040.21682-100000@bigfella.is-a-geek.net>

Another model I like is from SANS,
http://www.sans.org/newsletters/cva/#process.

This uses a critical, high, moderate, and low scale.

I'd love to hear what your research has found.

---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------

*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************

---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------

• Next message: Gary Everekyan: "RE: Web Application Penetration Testing Tools"
• Previous message: pak: "Re: Web Application Penetration Testing Tools"
• Maybe in reply to: thomasng@bigfella.is-a-geek.net: "mapping vulnerabilities into high medium low risk"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:41 EDT