From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Confidentiality, integrity, and availability impact metrics
From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Confidentiality, integrity, and availability impact metrics
- [Instructor] Impact is actually three separate elements in the base metric group. In the vector string, each of these impacts is represented by the letters C for confidentiality, I for integrity, and A for availability. Impact is a critical component of determining the risk of a vulnerability. In the context of the base metric group, this is the impact exploitation of a vulnerability would have on confidentiality, integrity, and/or availability. A vulnerability can have impact on some or all of these components. If an attacker exploits a vulnerability, and as a result, she can get access to files or resources that she shouldn't have access to. That's a confidentiality impact. That's kind of like a guest snooping in your medicine cabinet. Confidentiality impact ranges from high to none. High means that a successful attack results in total loss of confidentiality, or the attack results in the attacker having access…
Contents
-
-
-
-
-
(Locked)
The CVSS base metric group2m 28s
-
(Locked)
The attack vector metric2m 47s
-
(Locked)
How attack complexity affects risk1m 10s
-
(Locked)
The effects of the privileges required metric on risk1m 15s
-
(Locked)
User interaction and vulnerability risk47s
-
(Locked)
Confidentiality, integrity, and availability impact metrics3m 37s
-
(Locked)
Security scope in CVSS1m 29s
-
(Locked)
Challenge1m 43s
-
(Locked)
Solution2m 32s
-
(Locked)
-
-
-
-