Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Nessus Risk Factors

from [Jerry Heidtke] Network Security [Permanent Link]
Subject: Re: Nessus Risk Factors
Date: Mon, 23 Jan 2006 15:07:44 -0600 
Don't know where it's documented, but I believe the mapping in the nessus 
plugins is as follows:

CVSS    Risk
0       None
1-3     Low
4-6     Medium
7-9     High
10      Critical

In my opinion, these should only be viewed as guidelines or suggestions. 
In particular, this just reflects the CVSS base score, not the temporal or 
environmental adjustments that are necessary to gauge relative risk in you 
environment. CVSS scores then need to be mapped to remediation 
guidelines/deadlines based on your organizations risk tolerance and 
available resources. For example, we rate everything with a CVSS of 5 or 
higher as critical, and have a defined response timeline for each severity 
level in our vulnerability management policy.

Jerry Heidtke


nessus-bounces@list.nessus.org wrote on 01/23/2006 02:56:45 PM:


Thanks, that list helps define how they score various risks, but is 
there documentation on how they correlate to the Nessus risk 
factors?  And is there a list of all of the currently used risk 
factors (by Nessus)?

Thanks,
Chris




On 1/23/06, Josh Zlatin-Amishav <josh@tkos.co.il> wrote:
On Mon, 23 Jan 2006, sawall wrote:


Can anyone tell me if there's documentation stating what the Risk 

Factors

are in Nessus 3.x?


The risk factors are based on CVSS. Take a look at:
http://www.first.org/cvss/cvss-guide.html

--
  - Josh
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Nessus Risk Factors, sawall
Next by Date:  Re: Nessus Risk Factors, George A. Theall
Previous by Thread:  Re: Nessus Risk Factors, sawall
Next by Thread:  Re: Nessus Risk Factors, George A. Theall
Indexes:  [Date] [Thread] [Top] [All Lists]