Scribd Logo
Importer

Bienvenue sur Scribd !

  • JWP Caincouture Dashboard

    Transféré par

    interemartinez
    45 vues9 pages
    Funcionalidad del Dashboard

    Titre original

    Jwp Caincouture Dashboard

    Copyright

    © © All Rights Reserved

    Formats disponibles

    XLS, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Funcionalidad del Dashboard

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme XLS, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    45 vues9 pages

    JWP Caincouture Dashboard

    Transféré par

    interemartinez
    Funcionalidad del Dashboard

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme XLS, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 9

    Critical Control Formulas

    Critical Control 1 Hardware


    High Threat = 5
    Medium Threat = 3
    Low Threat = 2

    Critical Control 2 Software


    High Threat = 5
    Medium Threat = 3
    Low Threat = 2

    Unauthorized
    Device Total
    2
    2
    5

    3
    7
    15
    Insecure Configs

    Critical Control 4
    Switches (High Threat) = 5
    Routers (Medium Threat) = 3
    Firewalls (Low Threat) = 2

    Insecure Configs

    Critical Control 6
    High Threat System = 5
    Medium Threat System= 3
    Low Threat System = 2

    Critical Control 7
    Application Software Security

    Critical Control 8
    Passwords off Policy
    Accounts with Inproper Privileges

    Threat Weight
    6
    4
    5

    Avg Days
    Software on
    Network

    Unauthorized
    Software Total

    Critical Control 3
    Servers (High Threat) = 5
    Laptops (Medium Threat) = 3
    Workstations (Low Threat) = 2

    Critical Control 5
    High Threat Potential = 5
    Medium Threat Potential = 3
    Low Threat Potential = 2

    Avg Days Device


    on Network

    Threat Weight
    1.7
    2.4
    3.6

    Avg Days to Fix


    2
    6
    11

    5
    3
    2
    Threat Weight

    2
    6
    7
    Avg Days to Fix

    4
    3
    1

    Boundary Defense
    Score

    5
    3
    2

    5
    3
    2
    Threat Weight

    2
    3
    1

    Avg Days to Fix


    3
    1
    2

    5
    3
    2

    Threat Weight
    1
    2
    2

    Logging Analysis
    Score

    5
    3
    2

    Threat Weight
    5
    3
    2

    Total Malicious
    Packets Found

    Threat Weight

    Avg Time to Fix


    (days)

    Total Quantity
    8
    5

    Threat Weight
    2
    3

    3
    5

    Critical Control 9
    July
    August
    September

    Average Time to
    Total Unauthorized Neutralize
    Total Unauthorized
    Account Access
    Account (days)
    Group Memberships
    5
    3.6
    2
    4
    2.7
    1
    4
    3.5
    4

    Number of
    Critical Control 10
    mitigated
    Continous Vulnerability Assessment
    and Remediation

    Critical Control 11
    Account Monitoring and Control
    Workstations
    Servers
    Network Devices

    Critical Control 12
    Email
    Web Download
    Physically (USB/CD)
    Other

    Number of
    servers scanned
    2

    Total Vulnerable

    Threat Weight

    12

    Total Scanned
    15
    5
    2

    Total Malware
    Found

    4.7

    Threat Weight
    151
    12
    11

    2.1
    4.1
    4.7

    Downtime
    Incidents
    100
    50
    12
    15

    Critical Control 13
    Limitation and Control of ports,
    protocols, and services

    Critical Control 14
    Sept
    Oct
    Nov

    Critical Control 15
    Data Loss Prevention

    Critical Control 16
    Current
    New
    Original

    Unauthorized
    Wireless Devices
    12
    14
    15

    Insecure
    Workstations
    5

    Internet Entry
    Points

    Number of
    authorized account
    access

    Unusual activity
    instances
    2

    Percentage of
    verified
    Percentage of hosts
    connections
    using DNSSEC
    90
    0.90
    0.80
    1
    100

    Avg Time to Fix


    (days)

    Critical Control 17
    Full IP data theft
    Administrative Rights attained
    Non Admin Rights attained

    Critical Control 18
    Incident Response Capability

    Critical Control 19
    High
    Medium
    Low
    Critical Control 20
    Security Skills Assessment and
    Training

    Criticality of
    Expoitation
    4
    3
    5

    Avg Time to
    Avg Time to
    Eradication
    Detection (Hours) (Hours)
    8.1

    % Data Backed Up

    5
    3
    2

    Avg Time to
    Recovery (Hours)
    4.1

    Time To Restore

    3.2

    Threat Score

    Threat Level
    16.00 Risk Score
    10.00 Goal
    15.00 Cost of Check
    Frequency of Scans 1 day

    4
    164.00
    <175
    $
    1

    Threat Score

    Threat Level
    16.70 Risk Score
    23.40 Goal
    33.60 Cost of Check
    Frequency of Scans 1 day

    7
    515.90
    <525
    $
    4

    Threat Score

    Threat Level
    12 Overall Risk Score
    24 Goal
    29 Cost of Check
    Frequency of Checks

    7
    455.00
    <450
    $$

    Threat Score

    Threat Level
    22 Overall Risk Score
    12 Goal
    3 Cost of Check
    Frequency of Checks

    9
    333
    <350
    $$

    Threat Score

    Threat Level
    16 Overall Risk Score
    5 Goal
    6 Cost of Check
    Frequency of Check

    9
    243
    <250
    $$$$

    Threat Level
    Overall Risk Score
    Cost of Check
    Frequency of Check

    3
    $

    Threat Level
    Overall Risk Score
    Goal
    Cost of Check
    Frequency of Check
    Threat Score

    Threat Level
    26 Overall Risk Score
    28 Goal
    Cost of Check
    Frequency of Check

    8
    432
    <450
    $$

    Score

    Threat Level
    Overall Risk Score
    Goal
    Cost of Check
    Frequency of Check

    Assessment Score

    Threat Level

    0.78
    <1.0

    Assessment Score

    Overall Risk Score


    Goal
    Cost of Check
    Frequency of Checks
    Threat Level
    Overall Risk Score
    Goal
    Cost of Check
    Frequency of Checks

    Threat Level
    Overall Risk Score
    Goal
    Cost of Check
    Frequency of Checks

    8.9

    4.7

    Threat Level
    Overall Risk Score
    Goal
    Cost of Check
    Frequency of Checks

    Threat Level
    Overall Risk Score
    Goal
    Cost of Check
    Frequency of Checks
    Risk Level Score

    Risk Level Score

    Threat Level
    11 Overall Risk Score
    Goal
    Cost of Check
    Frequency of Checks

    Threat Level
    4.224 Overall Risk Score
    Goal
    Cost of Check
    Frequency of Checks

    8.2

    <10

    7.5
    31.68
    >30

    Threat Level
    Overall Risk Score
    Goal
    Cost of Check
    Frequency of Checks

    Avg Loss of Data (GB)


    Threat Level
    20.2 Overall Risk Score
    Goal
    Cost of Check
    Frequency of Checks
    Risk Level Score

    Threat Level
    Overall Risk Score
    Goal
    Cost of Check
    Frequency of Checks
    Threat Level
    Overall Risk Score
    Goal
    Cost of Check
    Frequency of Checks

    15.4
    15

    Inventory

    *estimated
    Oct

    Sept
    Servers
    Laptops
    Workstations
    Software Level 3
    Software Level 2
    Software Level 1
    Wireless AP's

    16.00
    10.00
    15.00
    16.7
    23.4
    33.6
    12

    Configurations

    3
    15.1
    20.2
    17.6
    25.3
    23.2
    14
    *estimated
    Oct

    Sept
    Servers
    Laptops
    Workstations
    Switches
    Routers
    Firewalls

    *estimated
    Nov

    12
    24
    29
    22
    12
    3

    4.00
    17.2
    18.78
    19.10
    24.2
    24.8
    15
    *estimated
    Nov

    9
    19
    22
    25
    14
    2

    10
    21
    23
    19
    10
    1

    Boundary Defense
    Score
    Proxy Server
    IPS
    IDS
    VPN
    Access Points

    2.8
    3.7
    4.1
    3.2
    4.3

    User Access
    Count
    Accounts w/ Inproper Privileges
    Insecure Passwords
    Workstation Vulnerabilities
    Server Vulnerabilities
    Network Device Vulnerabilities

    5
    8
    15
    5
    2

    Data Recovery Capability


    Sept

    Oct

    Nov

    Malware Found
    Sept
    Email
    Web Download
    Physically (USB/CD)
    Other

    Oct
    100
    50
    12
    15

    Nov
    78
    75
    8
    12

    83
    24
    5
    10

    Incident Response Capability


    Sept
    Oct
    Nov

    Avg Time to Avg Time to


    Avg Time to
    Detect (hrs) Eradicate (hrs)
    Recover (hrs)
    6.1
    5.2
    4.6
    5.2
    4.9
    4.7
    5.3
    5.4
    4.9

    Logging
    Sept
    % Logs Notifying Correctly

    Oct
    2.3

    Nov
    1.2

    3.3

    Sept
    % Data Backed up Successfully
    % Fortune Cookies Found Protected

    Oct
    96.2
    98.3

    Nov
    97.1
    97.3

    94.3
    98.1

    Security Metrics Dashboard


    4. Malware Sources and Quantity

    5. Boundary Defense Scores

    5. Data Loss Possibility

    6. Incident Response Capability

    99
    98

    16
    14

    97

    12

    96

    % Data Backed
    up
    Successfully

    95
    94

    Avg Time to Recover


    (hrs)

    10

    Avg Time to
    Eradicate (hrs)

    8
    6

    Avg Time to Detect


    (hrs)

    4
    2

    93

    92
    Sept

    Oct

    Sept

    Nov

    7. Log Analysis

    Oct

    8. Overall Scores and Trends Goals


    Control

    Overall Score

    Goal

    164.00
    515.90

    <175
    <525

    455.00

    <450

    Network Device
    Configurations

    333

    <350

    Boundary Defense

    243

    <250

    432

    <450

    0.78
    31.68
    11
    15.4

    <1.0
    >30
    <10
    15

    % Logs Notifying Correctly

    Device Inventory
    Software Inventory
    Hardware/Software
    Configurations

    0.5

    1.5

    2.5

    Nov

    3.5

    Sep
    t
    Oct
    Nov

    Controlled Use of
    Administrative Privileges
    Continous Vulnerability
    Assessment
    Secure Network Engineering
    Data LossResponse
    Prevention
    Incident
    Capability

    Trend

    Vous aimerez peut-être aussi