Scribd Logo
Importer

Bienvenue sur Scribd !

  • JWP Caincouture Dashboard

    Transféré par

    arlekinoburatino
    65 vues9 pages
    Project dashboard

    Titre original

    Jwp Caincouture Dashboard

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    XLS, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Project dashboard

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme XLS, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    65 vues9 pages

    JWP Caincouture Dashboard

    Transféré par

    arlekinoburatino
    Project dashboard

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme XLS, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 9

    Critical Control Formulas Critical Control 1 Hardware High Threat = 5 Medium Threat = 3 Low Threat = 2 Unauthorized Device Total

    Avg Days Device on Network Threat Weight 2 6 2 4 5 5

    5 3 2

    Critical Control 2 Software High Threat = 5 Medium Threat = 3 Low Threat = 2

    Unauthorized Software Total 3 7 15

    Avg Days Software on Network 1.7 2.4 3.6

    Threat Weight 5 3 2

    Critical Control 3 Servers (High Threat) = 5 Laptops (Medium Threat) = 3 Workstations (Low Threat) = 2

    Insecure Configs 2 6 11

    Avg Days to Fix 2 6 7

    Threat Weight 5 3 2

    Critical Control 4 Switches (High Threat) = 5 Routers (Medium Threat) = 3 Firewalls (Low Threat) = 2

    Insecure Configs 4 3 1

    Avg Days to Fix 2 3 1

    Threat Weight 5 3 2

    Critical Control 5 High Threat Potential = 5 Medium Threat Potential = 3 Low Threat Potential = 2

    Boundary Defense Score Avg Days to Fix Threat Weight 3 1 1 2 2 2

    5 3 2

    Critical Control 6 High Threat System = 5 Medium Threat System= 3 Low Threat System = 2

    Logging Analysis Score

    Threat Weight 5 3 2

    Critical Control 7 Application Software Security

    Total Malicious Packets Found

    Threat Weight

    Critical Control 8 Passwords off Policy Accounts with Inproper Privileges

    Total Quantity 8 5

    Avg Time to Fix (days) 2 3

    Threat Weight 3 5

    Critical Control 9 July August September

    Average Time to Total Unauthorized Neutralize Total Unauthorized Account Access Account (days) Group Memberships 5 3.6 2 4 2.7 1 4 3.5 4

    Critical Control 10 Continous Vulnerability Assessment and Remediation

    Number of mitigated 2

    Number of servers scanned 12

    Threat Weight 4.7

    Critical Control 11 Account Monitoring and Control Workstations Servers Network Devices

    Total Vulnerable 15 5 2

    Total Scanned 151 12 11

    Threat Weight 2.1 4.1 4.7

    Critical Control 12 Email Web Download Physically (USB/CD) Other Critical Control 13 Limitation and Control of ports, protocols, and services

    Total Malware Found 100 50 12 15

    Downtime Incidents

    Critical Control 14 Sept Oct Nov

    Unauthorized Wireless Devices 12 14 15

    Critical Control 15 Data Loss Prevention

    Insecure Workstations 5

    Unusual activity instances 2

    Number of authorized account access 4

    Critical Control 16

    Internet Entry Points

    Percentage of verified connections

    Percentage of hosts using DNSSEC

    Current New Original

    90 1 100

    0.90

    0.80

    Critical Control 17 Full IP data theft Administrative Rights attained Non Admin Rights attained

    Avg Time to Fix (days) 4 3 5

    Criticality of Expoitation 5 3 2

    Critical Control 18 Incident Response Capability

    Avg Time to Avg Time to Eradication Detection (Hours) (Hours) 8.1

    Avg Time to Recovery (Hours) 4.1 3.2

    Critical Control 19 High Medium Low

    % Data Backed Up

    Time To Restore

    Critical Control 20 Security Skills Assessment and Training

    Threat Score

    Threat Level 16.00 Risk Score 10.00 Goal 15.00 Cost of Check Frequency of Scans 1 day

    4 164.00 <175 $ 1

    Threat Score

    Threat Level 16.70 Risk Score 23.40 Goal 33.60 Cost of Check Frequency of Scans 1 day

    7 515.90 <525 $ 4 7 455.00 <450 $$

    Threat Score

    Threat Level 12 Overall Risk Score 24 Goal 29 Cost of Check Frequency of Checks Threat Level 22 Overall Risk Score 12 Goal 3 Cost of Check Frequency of Checks

    Threat Score

    9 333 <350 $$

    Threat Score

    Threat Level 16 Overall Risk Score 5 Goal 6 Cost of Check Frequency of Check

    9 243 <250 $$$$

    Threat Level Overall Risk Score Cost of Check Frequency of Check $

    Threat Level Overall Risk Score Goal Cost of Check Frequency of Check

    Threat Score

    Threat Level 26 Overall Risk Score 28 Goal Cost of Check

    8 432 <450 $$

    Frequency of Check

    Score

    Threat Level Overall Risk Score Goal Cost of Check Frequency of Check

    Assessment Score

    Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks

    4.7 0.78 <1.0

    Assessment Score

    Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks

    8.9

    Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks

    8.2

    Risk Level Score

    Threat Level 11 Overall Risk Score Goal Cost of Check Frequency of Checks

    <10

    Risk Level Score

    Threat Level

    7.5

    4.224 Overall Risk Score Goal Cost of Check Frequency of Checks

    31.68 >30

    Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks

    Avg Loss of Data (GB) Threat Level 20.2 Overall Risk Score Goal Cost of Check Frequency of Checks Risk Level Score Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks Threat Level Overall Risk Score Goal Cost of Check Frequency of Checks

    15.4 15

    Inventory Sept Servers Laptops Workstations Software Level 3 Software Level 2 Software Level 1 Wireless AP's Configurations Sept Servers Laptops Workstations Switches Routers Firewalls Boundary Defense Score Proxy Server IPS IDS VPN Access Points User Access Count Accounts w/ Inproper Privileges Insecure Passwords Workstation Vulnerabilities Server Vulnerabilities Network Device Vulnerabilities Data Recovery Capability Sept 5 8 15 5 2 2.8 3.7 4.1 3.2 4.3 12 24 29 22 12 3 16.00 10.00 15.00 16.7 23.4 33.6 12

    *estimated Oct 3 15.1 20.2 17.6 25.3 23.2 14 *estimated Oct 9 19 22 25 14 2

    *estimated Nov 4.00 17.2 18.78 19.10 24.2 24.8 15 *estimated Nov 10 21 23 19 10 1

    Oct

    Nov

    Malware Found Sept Email Web Download Physically (USB/CD) Other Incident Response Capability Avg Time to Avg Time to Avg Time to Detect (hrs) Eradicate (hrs) Recover (hrs) 6.1 5.2 4.6 5.2 4.9 4.7 5.3 5.4 4.9 100 50 12 15 Oct 78 75 8 12 Nov 83 24 5 10

    Sept Oct Nov Logging

    Sept % Logs Notifying Correctly 2.3

    Oct 1.2

    Nov 3.3

    Sept % Data Backed up Successfully % Fortune Cookies Found Protected 96.2 98.3

    Oct 97.1 97.3

    Nov 94.3 98.1

    Security Metrics Dashboard


    4. Malware Sources and Quantity 5. Boundary Defense Scores

    5. Data Loss Possibility


    99

    6. Incident Response Capability

    98 97
    96

    16
    14

    % Data Backed up Successfully


    % Fortune Cookies Found Protected

    12

    10 8 6
    4

    Avg Time to Recover (hrs) Avg Time to Eradicate (hrs) Avg Time to Detect (hrs)

    95 94
    93 92

    0 Sept Oct Nov


    Sept Oct Nov

    7. Log Analysis
    Control Device Inventory Software Inventory Hardware/Software Configurations % Logs Notifying Correctly Network Device Configurations Boundary Defense

    8. Overall Scores and Trends Goals


    Overall Score 164.00 515.90 455.00 333 243 432 0.78 31.68 11 15.4 Goal <175 <525 <450 <350 <250 <450 <1.0 >30 <10 15 Trend

    Nov
    Oct

    Controlled Use of Administrative Privileges Continous Vulnerability Assessment Secure Network Engineering Data Loss Prevention

    Sept

    Incident Response Capability

    Vous aimerez peut-être aussi