From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Confidentiality, integrity, and availability requirement
From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Confidentiality, integrity, and availability requirement
- [Instructor] Security requirements are where we can tailor the risk calculations to specific systems. Security requirements let us specify what matters most in the context of the CIA triad of confidentiality, integrity, and availability. The whole CIA triad is important, but we'll look at a few examples where one of the elements is more important than the others. These factors play into the risk calculations by matching up the security impacts with the security requirements. If a vulnerability primarily impacts confidentiality, but availability is the most important security requirement for the system it's found on, then the risk is going to be lower. But if the same vulnerability is found on a system where confidentiality is the most important, the risk is higher. This is measured in CVSS with four possible values, high, medium, low, and not defined. Not defined and medium leave the scores unchanged, but high…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.