Domain 4 · 4.3 Vulnerability Management

4.3.2 Analysis

CVSS, CVE, false positives, prioritization.

14 min

Analysis in cybersecurity is the systematic evaluation of data, risks, and vulnerabilities to prioritize response efforts and improve defensive posture.

Vulnerability Identification and Management - CVE (Common Vulnerabilities and Exposures): A standardized list of publicly disclosed cybersecurity vulnerabilities. Each entry provides a unique identifier (e.g., CVE-2023-1234) to ensure distinct naming across different security tools. - CVSS (Common Vulnerability Scoring System): A numerical framework (0.0 to 10.0) used to assess the severity of a vulnerability. It considers factors like Attack Vector, Complexity, and Privileges Required to help organizations prioritize patching. - False Positives: Occurs when a security tool incorrectly flags legitimate activity as malicious. High false positive rates lead to alert fatigue and can hide actual threats. - False Negatives: The most dangerous outcome, where a security tool fails to detect an actual threat or vulnerability.

Risk Analysis Methods - Qualitative Analysis: Uses subjective rankings (Low, Medium, High) based on expert judgment and experience. This is often preferred when data is incomplete or assets are difficult to quantify monetarily. - Quantitative Analysis: Uses numerical data and dollar values to calculate risk. While data-driven, it can be flawed if the underlying numerical values are based on "educated guesses" or subjective interpretations. - Predictive Analysis: Employs AI and machine learning to analyze historical trends and anticipate future incidents, such as imminent hardware failures or abnormal network loads.

Technical Analysis Types - Cryptanalysis: The practice of breaking encryption to restore ciphertext to plaintext without authorized access to keys. This is used by both attackers and security researchers to find weaknesses in algorithms. - Biometric Efficacy: Measured by the False Acceptance Rate (FAR/Type II), where unauthorized users are granted access, and the False Rejection Rate (FRR/Type I), where valid users are blocked. - Crossover Error Rate (CER): The point where FAR and FRR are equal; it is the primary metric for measuring the overall accuracy and effectiveness of a biometric system.

Exam Tips - Trigger: If a question asks about the "standardized name" of a bug, the answer is CVE. - Trigger: If a question asks about "calculating severity" or "prioritization," look for CVSS. - Recall: FAR (Type II) is a security failure; FRR (Type I) is a user convenience/utility failure. - Recall: Use Qualitative analysis when you lack specific financial data or "hard numbers."