Strategy: Understanding Severity and Criticality in Threat Reporting
Understanding Severity and Criticality in Threat Reporting
Vendors and threat management companies are forever coming out with lists of new threats — threats that may or may not affect your organization. And for each one of these threats, another hundred that don’t make vendors’ lists but could potentially impact your company are discovered. Indeed, companies are bombarded with different rating systems, different publication standards and differing opinions as to what a “real” threat entails.
In the end, there’s only one severity and criticality rating system that makes sense for your organization — the one you develop yourself. This is the one that will take into account your business operations and partners, and determine whether and how much new security vulnerabilities will put your organization at risk. In this Dark Reading report, we recommend ways in which companies can effectively interpret and communicate risk within the organization and ultimately act upon that intelligence. (S7461013)