Continuous Monitoring
NIST CA-7 covers configuration management (CM-6) and vulnerability management (RA-5). Let’s see how monitoring these will make your system safer.
-
“CVSS is not a measure of Risk.” -NIST
Can you Spot the Difference? A vulnerability’s Severity is important, but its Risk to your business is a more valuable metric when resources to fix are limited. When talking vulnerabilities….Are all Criticals….critical? When should you accept the CVSS Severity rating as the actual Risk to your system and when should you not? How do you…