Measuring Vulnerability in Threat Modeling With Risk Matrix
Keywords:Threat modeling, CVSS, Likelihood, Attack Vector, Metrics
Threat modeling is one of the most important parts when it comes to security in development of programing product. The main challenges for that are time and prioritization of the scope of work. Risk matrix is effective tool for making clear what should be done first and which consequences can be. There are few levels of consequences which are ranged by the influence on business. With help of vulnerability assessment threats can be measured by impact on confidentiality, integrity, and availability. The Common Vulnerability Scoring System is appropriate tool for catching the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.
OWASP [Electronic resource]. – https://owasp.org/www-community/Application_Threat_Modeling
Hubbard, Douglas W.; Seiersen, Richard (2016). How to Measure Anything in Cybersecurity Risk. Wiley. pp.
Science direct [Electronic resource]. –https://www.sciencedirect.com/topics/engineering/consequence-category
Balbix [Electronic resource]. – https://www.balbix.com/ insights/base-cvss-scores/
First [Electronic resource]. – https://www.first.com