Thesis Is Cvss Score Enough For Determine The Company It-Security Risk
Volvo Business Services AB / Datajobb / Göteborg
2022-10-05
Observera att sista ansökningsdag har passerat.
➡️ Klicka här för den senare publicerade platsannonsen "Thesis Is Cvss Score Enough For Determine The Company It-Security Risk" (publicerad 2022-10-10) ⬅️
Visa alla datajobb i Göteborg,
Mölndal,
Partille,
Kungälv,
Lerum eller i
hela Sverige Visa alla jobb hos Volvo Business Services AB i Göteborg,
Mölndal,
Kungsbacka,
Borås,
Trollhättan eller i
hela Sverige The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat. Scores are calculated based on a formula that depends on several metrics that approximate ease and impact of an exploit. Scores range from 0 to 10, with 10 being the most severe. While many utilize only the CVSS Base score for determining severity, temporal and environmental scores also exist, to factor in availability of mitigations and how widespread vulnerable systems are within an organization, respectively. Security Operation Center and VM team often use CVSS score to determine the company IT-security risk. But how good is it to use CVSS score, does it really show the actual risk?
Short description of the thesis:
This is a literature study.
There are multiple remediation prioritization strategies that can be examined and evaluated. Below is a list of common strategies that can act as inspiration and be a starting point for further investigations:
CVSS score. Prioritize remediations starting with the vulnerabilities with the highest score.
https://www.first.org/cvss/Vulnerabilities per asset. Prioritize remediations starting with the assets with the greatest number of vulnerabilities.
Prediction. Use a prediction algorithm for prioritization, e.g.
https://cvetrends.com/Exploit Predicting Scoring System (EPSS)
https://www.first.org/epss/Vulnerability lists. Prioritize actively exploited vulnerabilities found on security lists CISA,
https://www.cisa.gov/known-exploited-vulnerabilities-catalogThe outcome from this thesis is a risk-based analysis and recommendation of IT vulnerability remediation strategies suitable for a large international transport company.
Contact information:
Monica Andersson,
monica.andersson@volvo.comPubliceringsdatum2022-10-05Så ansöker duSista dag att ansöka är 2022-11-05
FöretagVolvo Business Services AB
Omfattning Detta är ett heltidsjobb.
Arbetsgivare Volvo Business Services AB (org.nr 556029-5197)
405 08 GÖTEBORG
Ansökan .
Arbetsplats Group IT
Jobbnummer 7044502
Observera att sista ansökningsdag har passerat.