From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Join today to access over 24,700 courses taught by industry experts.
Security scope in CVSS
From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Security scope in CVSS
- [Instructor] The concept of scope in CVSS addresses whether a vulnerability in one component impacts other resources beyond its security scope. It's represented by S in the vector string. Well, what is security scope then? Think about a house with several rooms. Likely, they're separated by walls or other defining architectural features. Each room is a distinct security scope. Typically, the activities and features of one room only affect that particular room. Typically, computing system components don't cross outside of their security scope boundaries. In essence, they stay in their own rooms. So, if the TV is on in the living room, you're probably not going to hear it in the bedroom. Exploiting a vulnerability that only affects the vulnerable component is reflected as unchanged or U. Unchanged scope has less impact on the overall risk calculation. If exploiting a vulnerability impacts other system components, then the…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
The CVSS base metric group2m 28s
-
(Locked)
The attack vector metric2m 47s
-
(Locked)
How attack complexity affects risk1m 10s
-
(Locked)
The effects of the privileges required metric on risk1m 15s
-
(Locked)
User interaction and vulnerability risk47s
-
(Locked)
Confidentiality, integrity, and availability impact metrics3m 37s
-
(Locked)
Security scope in CVSS1m 29s
-
(Locked)
Challenge1m 43s
-
(Locked)
Solution2m 32s
-
(Locked)
-
-
-
-