Fabio Dantas Dashboard

Critical Control Formulas
Unauthorized Avg Days Device

Critical Control 1 Hardware Device Total on Network Threat Weight
High Threat = 5 2 6 5
Medium Threat = 3 2 4 3
Low Threat = 2 5 5 2
Avg Days
Unauthorized Software on
Critical Control 2 Software Software Total Network Threat Weight
High Threat = 5 3 1.7 5
Medium Threat = 3 7 2.4 3
Low Threat = 2 15 3.6 2
Critical Control 3 Insecure Configs Avg Days to Fix Threat Weight

Servers (High Threat) = 5 2 2 5
Laptops (Medium Threat) = 3 6 6 3
Workstations (Low Threat) = 2 11 7 2
Critical Control 4 Insecure Configs Avg Days to Fix Threat Weight

Switches (High Threat) = 5 4 2 5
Routers (Medium Threat) = 3 3 3 3
Firewalls (Low Threat) = 2 1 1 2
Boundary Defense
Critical Control 5 Score Avg Days to Fix Threat Weight
High Threat Potential = 5 3 1 5
Medium Threat Potential = 3 1 2 3
Low Threat Potential = 2 2 2 2
Logging Analysis
Critical Control 6 Score Threat Weight
High Threat System = 5 5
Medium Threat System= 3 3
Low Threat System = 2 2
Total Malicious
Critical Control 7 Packets Found Threat Weight
Application Software Security
Avg Time to Fix

Critical Control 8 Total Quantity (days) Threat Weight
Passwords off Policy 8 2 3
Accounts with Inproper Privileges 5 3 5
Average Time to
Total Unauthorized Neutralize Total Unauthorized
Critical Control 9 Account Access Account (days) Group Memberships
July 5 3.6 2
August 4 2.7 1
September 4 3.5 4
Number of Number of
Critical Control 10 mitigated servers scanned Threat Weight
Continous Vulnerability Assessment
and Remediation 2 12 4.7
Critical Control 11 Total Vulnerable Total Scanned Threat Weight

Account Monitoring and Control
Workstations 15 151 2.1
Servers 5 12 4.1
Network Devices 2 11 4.7
Total Malware Downtime

Critical Control 12 Found Incidents
Email 100
Web Download 50
Physically (USB/CD) 12
Other 15
Critical Control 13
Limitation and Control of ports,
protocols, and services
Unauthorized
Critical Control 14 Wireless Devices
Sept 12
Oct 14
Nov 15
Number of
Insecure Unusual activity authorized account
Critical Control 15 Workstations instances access
Data Loss Prevention 5 2 4
Percentage of
Internet Entry verified Percentage of hosts
Critical Control 16 Points connections using DNSSEC
Current 90 0.90 0.80
New 1
Original 100
Avg Time to Fix Criticality of

Critical Control 17 (days) Expoitation
Full IP data theft 4 5
Administrative Rights attained 3 3
Non Admin Rights attained 5 2
Avg Time to
Avg Time to Eradication Avg Time to
Critical Control 18 Detection (Hours) (Hours) Recovery (Hours)
Incident Response Capability 8.1 4.1 3.2
Critical Control 19 % Data Backed Up Time To Restore

High
Medium
Low
Critical Control 20
Security Skills Assessment and
Training
Threat Score Threat Level 4
16.00 Risk Score 164.00
10.00 Goal <175
15.00 Cost of Check $
Frequency of Scans 1 day 1

16.70 Risk Score 515.90
23.40 Goal <525
33.60 Cost of Check $
Frequency of Scans 1 day 4

12 Overall Risk Score 455.00
24 Goal <450
29 Cost of Check $$
Frequency of Checks

22 Overall Risk Score 333
12 Goal <350
3 Cost of Check $$
Frequency of Checks

5 Goal <250
6 Cost of Check $$$$
Frequency of Check
Threat Level 3
Overall Risk Score
Cost of Check $
Frequency of Check
Threat Level
Overall Risk Score
Goal
Cost of Check
Frequency of Check

28 Goal <450
Cost of Check $$
Frequency of Check
Score Threat Level

Overall Risk Score
Goal
Cost of Check
Frequency of Check
Assessment Score Threat Level 4.7
Overall Risk Score 0.78

Goal <1.0
Cost of Check
Frequency of Checks
Assessment Score Threat Level
Overall Risk Score
Goal
Cost of Check
Frequency of Checks
Threat Level 8.9

Overall Risk Score
Goal
Cost of Check
Frequency of Checks
Threat Level
Overall Risk Score

Goal
Cost of Check
Frequency of Checks
Threat Level 8.2

Overall Risk Score
Goal
Cost of Check
Frequency of Checks
Risk Level Score Threat Level

11 Overall Risk Score
Goal <10
Cost of Check
Frequency of Checks
Risk Level Score Threat Level 7.5
4.224 Overall Risk Score 31.68
Goal >30
Cost of Check
Frequency of Checks
Threat Level
Overall Risk Score
Goal
Cost of Check
Frequency of Checks
Avg Loss of Data (GB) Threat Level

20.2 Overall Risk Score 15.4
Goal 15
Cost of Check
Frequency of Checks
Risk Level Score Threat Level

Overall Risk Score
Goal
Cost of Check
Frequency of Checks
Threat Level
Overall Risk Score

Goal
Cost of Check
Frequency of Checks
Inventory *estimated *estimated
Sept Oct Nov
Servers 16.00 3 4.00
Laptops 10.00 15.1 17.2
Workstations 15.00 20.2 18.78
Software Level 3 16.7 17.6 19.10
Wireless AP's 12 14 15
Configurations *estimated *estimated

Sept Oct Nov
Servers 12 9 10
Laptops 24 19 21
Workstations 29 22 23
Switches 22 25 19
Routers 12 14 10
Firewalls 3 2 1
Boundary Defense
Score
Proxy Server 2.8
IPS 3.7
IDS 4.1
VPN 3.2
Access Points 4.3
User Access
Count
Accounts w/ Inproper Privileges 5
Insecure Passwords 8
Workstation Vulnerabilities 15
Server Vulnerabilities 5
Network Device Vulnerabilities 2
Data Recovery Capability

Sept Oct Nov
Malware Found
Sept Oct Nov
Email 100 78 83
Web Download 50 75 24
Physically (USB/CD) 12 8 5
Other 15 12 10
Incident Response Capability

Avg Time to Avg Time to Avg Time to
Detect (hrs) Eradicate (hrs) Recover (hrs)
Sept 6.1 5.2 4.6
Oct 5.2 4.9 4.7
Nov 5.3 5.4 4.9
Logging
Sept Oct Nov
% Logs Notifying Correctly 2.3 1.2 3.3
Sept Oct Nov

% Data Backed up Successfully 96.2 97.1 94.3
% Fortune Cookies Found Protected 98.3 97.3 98.1
Metrics Dashboard
4. Malware Sources and Quantity 5. Boundary Defense Scores
5. Data Loss Possibility 6. Incident Response Capability

99
98 16
14
97
12
% Data Backed up
96 Successfully 10 Avg Time to Recover (hrs)
% Fortune 8 Avg Time to Eradicate
95 Cookies Found (hrs)
Protected 6
94 Avg Time to Detect (hrs)
4
93 2
0
92 Sept Oct Nov
Sept Oct Nov
7. Log Analysis 8. Overall Scores and Trends Goals

Control Overall Score Goal Trend
Device Inventory 164.00 <175
Software Inventory 515.90 <525
Hardware/Software
Configurations 455.00 <450
Network Device
Configurations 333 <350
Boundary Defense 243 <250
Sept
Controlled Use of
Oct
% Logs Notfying Correctly
Administrative Privileges 432 <450

Nov
Continous Vulnerability
Assessment 0.78 <1.0
Secure Network Engineering 31.68 >30

Data Loss Prevention 11 <10
0 0.5 1 1.5 2 2.5 3 3.5
Incident Response Capability 15.4 15

Fabio Dantas Dashboard

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Fabio Dantas Dashboard

Enviado por

Direitos autorais:

Formatos disponíveis

Critical Control Formulas

Unauthorized Avg Days Device

Critical Control 3 Insecure Configs Avg Days to Fix Threat Weight

Critical Control 4 Insecure Configs Avg Days to Fix Threat Weight

Avg Time to Fix

Critical Control 11 Total Vulnerable Total Scanned Threat Weight

Total Malware Downtime

Avg Time to Fix Criticality of

Critical Control 19 % Data Backed Up Time To Restore

Frequency of Scans 1 day 1

Threat Score Threat Level 7

Frequency of Scans 1 day 4

Threat Score Threat Level 7

Threat Score Threat Level 9

Threat Score Threat Level 9

Threat Score Threat Level 8

Score Threat Level

Assessment Score Threat Level 4.7

Overall Risk Score 0.78

Threat Level 8.9

Overall Risk Score

Threat Level 8.2

Risk Level Score Threat Level

Avg Loss of Data (GB) Threat Level

Risk Level Score Threat Level

Overall Risk Score

Configurations *estimated *estimated

Data Recovery Capability

Incident Response Capability

Sept Oct Nov

4. Malware Sources and Quantity 5. Boundary Defense Scores

5. Data Loss Possibility 6. Incident Response Capability

7. Log Analysis 8. Overall Scores and Trends Goals

Administrative Privileges 432 <450

Secure Network Engineering 31.68 >30

Você também pode gostar

Configurations estimated estimated