Académique Documents
Professionnel Documents
Culture Documents
Unauthorized
Device Total
2
2
5
3
7
15
Insecure Configs
Critical Control 4
Switches (High Threat) = 5
Routers (Medium Threat) = 3
Firewalls (Low Threat) = 2
Insecure Configs
Critical Control 6
High Threat System = 5
Medium Threat System= 3
Low Threat System = 2
Critical Control 7
Application Software Security
Critical Control 8
Passwords off Policy
Accounts with Inproper Privileges
Threat Weight
6
4
5
Avg Days
Software on
Network
Unauthorized
Software Total
Critical Control 3
Servers (High Threat) = 5
Laptops (Medium Threat) = 3
Workstations (Low Threat) = 2
Critical Control 5
High Threat Potential = 5
Medium Threat Potential = 3
Low Threat Potential = 2
Threat Weight
1.7
2.4
3.6
5
3
2
Threat Weight
2
6
7
Avg Days to Fix
4
3
1
Boundary Defense
Score
5
3
2
5
3
2
Threat Weight
2
3
1
5
3
2
Threat Weight
1
2
2
Logging Analysis
Score
5
3
2
Threat Weight
5
3
2
Total Malicious
Packets Found
Threat Weight
Total Quantity
8
5
Threat Weight
2
3
3
5
Critical Control 9
July
August
September
Average Time to
Total Unauthorized Neutralize
Total Unauthorized
Account Access
Account (days)
Group Memberships
5
3.6
2
4
2.7
1
4
3.5
4
Number of
Critical Control 10
mitigated
Continous Vulnerability Assessment
and Remediation
Critical Control 11
Account Monitoring and Control
Workstations
Servers
Network Devices
Critical Control 12
Email
Web Download
Physically (USB/CD)
Other
Number of
servers scanned
2
Total Vulnerable
Threat Weight
12
Total Scanned
15
5
2
Total Malware
Found
4.7
Threat Weight
151
12
11
2.1
4.1
4.7
Downtime
Incidents
100
50
12
15
Critical Control 13
Limitation and Control of ports,
protocols, and services
Critical Control 14
Sept
Oct
Nov
Critical Control 15
Data Loss Prevention
Critical Control 16
Current
New
Original
Unauthorized
Wireless Devices
12
14
15
Insecure
Workstations
5
Internet Entry
Points
Number of
authorized account
access
Unusual activity
instances
2
Percentage of
verified
Percentage of hosts
connections
using DNSSEC
90
0.90
0.80
1
100
Critical Control 17
Full IP data theft
Administrative Rights attained
Non Admin Rights attained
Critical Control 18
Incident Response Capability
Critical Control 19
High
Medium
Low
Critical Control 20
Security Skills Assessment and
Training
Criticality of
Expoitation
4
3
5
Avg Time to
Avg Time to
Eradication
Detection (Hours) (Hours)
8.1
% Data Backed Up
5
3
2
Avg Time to
Recovery (Hours)
4.1
Time To Restore
3.2
Threat Score
Threat Level
16.00 Risk Score
10.00 Goal
15.00 Cost of Check
Frequency of Scans 1 day
4
164.00
<175
$
1
Threat Score
Threat Level
16.70 Risk Score
23.40 Goal
33.60 Cost of Check
Frequency of Scans 1 day
7
515.90
<525
$
4
Threat Score
Threat Level
12 Overall Risk Score
24 Goal
29 Cost of Check
Frequency of Checks
7
455.00
<450
$$
Threat Score
Threat Level
22 Overall Risk Score
12 Goal
3 Cost of Check
Frequency of Checks
9
333
<350
$$
Threat Score
Threat Level
16 Overall Risk Score
5 Goal
6 Cost of Check
Frequency of Check
9
243
<250
$$$$
Threat Level
Overall Risk Score
Cost of Check
Frequency of Check
3
$
Threat Level
Overall Risk Score
Goal
Cost of Check
Frequency of Check
Threat Score
Threat Level
26 Overall Risk Score
28 Goal
Cost of Check
Frequency of Check
8
432
<450
$$
Score
Threat Level
Overall Risk Score
Goal
Cost of Check
Frequency of Check
Assessment Score
Threat Level
0.78
<1.0
Assessment Score
Threat Level
Overall Risk Score
Goal
Cost of Check
Frequency of Checks
8.9
4.7
Threat Level
Overall Risk Score
Goal
Cost of Check
Frequency of Checks
Threat Level
Overall Risk Score
Goal
Cost of Check
Frequency of Checks
Risk Level Score
Threat Level
11 Overall Risk Score
Goal
Cost of Check
Frequency of Checks
Threat Level
4.224 Overall Risk Score
Goal
Cost of Check
Frequency of Checks
8.2
<10
7.5
31.68
>30
Threat Level
Overall Risk Score
Goal
Cost of Check
Frequency of Checks
Threat Level
Overall Risk Score
Goal
Cost of Check
Frequency of Checks
Threat Level
Overall Risk Score
Goal
Cost of Check
Frequency of Checks
15.4
15
Inventory
*estimated
Oct
Sept
Servers
Laptops
Workstations
Software Level 3
Software Level 2
Software Level 1
Wireless AP's
16.00
10.00
15.00
16.7
23.4
33.6
12
Configurations
3
15.1
20.2
17.6
25.3
23.2
14
*estimated
Oct
Sept
Servers
Laptops
Workstations
Switches
Routers
Firewalls
*estimated
Nov
12
24
29
22
12
3
4.00
17.2
18.78
19.10
24.2
24.8
15
*estimated
Nov
9
19
22
25
14
2
10
21
23
19
10
1
Boundary Defense
Score
Proxy Server
IPS
IDS
VPN
Access Points
2.8
3.7
4.1
3.2
4.3
User Access
Count
Accounts w/ Inproper Privileges
Insecure Passwords
Workstation Vulnerabilities
Server Vulnerabilities
Network Device Vulnerabilities
5
8
15
5
2
Oct
Nov
Malware Found
Sept
Email
Web Download
Physically (USB/CD)
Other
Oct
100
50
12
15
Nov
78
75
8
12
83
24
5
10
Logging
Sept
% Logs Notifying Correctly
Oct
2.3
Nov
1.2
3.3
Sept
% Data Backed up Successfully
% Fortune Cookies Found Protected
Oct
96.2
98.3
Nov
97.1
97.3
94.3
98.1
99
98
16
14
97
12
96
% Data Backed
up
Successfully
95
94
10
Avg Time to
Eradicate (hrs)
8
6
4
2
93
92
Sept
Oct
Sept
Nov
7. Log Analysis
Oct
Overall Score
Goal
164.00
515.90
<175
<525
455.00
<450
Network Device
Configurations
333
<350
Boundary Defense
243
<250
432
<450
0.78
31.68
11
15.4
<1.0
>30
<10
15
Device Inventory
Software Inventory
Hardware/Software
Configurations
0.5
1.5
2.5
Nov
3.5
Sep
t
Oct
Nov
Controlled Use of
Administrative Privileges
Continous Vulnerability
Assessment
Secure Network Engineering
Data LossResponse
Prevention
Incident
Capability
Trend