- Common Vulnerabilities and Exposures
- National vulnerability Database (NVD) is the database that holds the CVE data and its severity rating
- List of known vulnerabilities
- Common Weakness Enumeration
- Community developed list of soft and hardware weaknesses.
- List of known weaknesses that can be leveraged by threat actors
- risk = likelihood x impact
- Quantative risk
- Risks that can be judged and prioritized based on verified and specific data
- Qualitive Risk
- Risks based on perception and judgement and not on specified data
- Risk Management Strategies
- Acceptance
- When an organization accepts that the risk exists, but is not going to implement a mitigation strategy
- Avoidance
- Taking steps to reduce exposure to risk by avoiding activities that can introduce those risks.
- Transference
- Shifting risk from one org or area to another.
- Mitigation
- Limiting the impact that a risk would have if it happened. Fixing bugs etc
- Discretionary Access Control