4.3.2 Analysis
CVSS, CVE, false positives, prioritization.
Analysis in cybersecurity is the systematic evaluation of data, risks, and vulnerabilities to prioritize response efforts and improve defensive posture.
Vulnerability Identification and Management - CVE (Common Vulnerabilities and Exposures): A standardized list of publicly disclosed cybersecurity vulnerabilities. Each entry provides a unique identifier (e.g., CVE-2023-1234) to ensure distinct naming across different security tools. - CVSS (Common Vulnerability Scoring System): A numerical framework (0.0 to 10.0) used to assess the severity of a vulnerability. It considers factors like Attack Vector, Complexity, and Privileges Required to help organizations prioritize patching. - False Positives: Occurs when a security tool incorrectly flags legitimate activity as malicious. High false positive rates lead to alert fatigue and can hide actual threats. - False Negatives: The most dangerous outcome, where a security tool fails to detect an actual threat or vulnerability.
Risk Analysis Methods - Qualitative Analysis: Uses subjective rankings (Low, Medium, High) based on expert judgment and experience. This is often preferred when data is incomplete or assets are difficult to quantify monetarily. - Quantitative Analysis: Uses numerical data and dollar values to calculate risk. While data-driven, it can be flawed if the underlying numerical values are based on "educated guesses" or subjective interpretations. - Predictive Analysis: Employs AI and machine learning to analyze historical trends and anticipate future incidents, such as imminent hardware failures or abnormal network loads.
Technical Analysis Types - Cryptanalysis: The practice of breaking encryption to restore ciphertext to plaintext without authorized access to keys. This is used by both attackers and security researchers to find weaknesses in algorithms. - Biometric Efficacy: Measured by the False Acceptance Rate (FAR/Type II), where unauthorized users are granted access, and the False Rejection Rate (FRR/Type I), where valid users are blocked. - Crossover Error Rate (CER): The point where FAR and FRR are equal; it is the primary metric for measuring the overall accuracy and effectiveness of a biometric system.
Exam Tips - Trigger: If a question asks about the "standardized name" of a bug, the answer is CVE. - Trigger: If a question asks about "calculating severity" or "prioritization," look for CVSS. - Recall: FAR (Type II) is a security failure; FRR (Type I) is a user convenience/utility failure. - Recall: Use Qualitative analysis when you lack specific financial data or "hard numbers."