Download pdf - Jwp Caincouture Dashboard

8/12/2019 Jwp Caincouture Dashboard

1/9

Critical Control Formulas

Critical Control 1 Hardware

Unauthorized

Device Total

Avg Days Device

on Network Threat WeightHigh Threat = 5 2 6 5

Medium Threat = 3 2 4 3

Low Threat = 2 5 5 2

Critical Control 2 Software

Unauthorized

Software Total

Avg Days

Software on

Network Threat Weight

High Threat = 5 3 1.7 5Medium Threat = 3 7 2.4 3

Low Threat = 2 15 3.6 2

Critical Control 3 Insecure Configs Avg Days to Fix Threat WeightServers (High Threat) = 5 2 2 5

Laptops (Medium Threat) = 3 6 6 3

Workstations (Low Threat) = 2 11 7 2

Critical Control 4 Insecure Configs Avg Days to Fix Threat WeightSwitches (High Threat) = 5 4 2 5

Routers (Medium Threat) = 3 3 3 3

Firewalls (Low Threat) = 2 1 1 2

Critical Control 5

Boundary Defense

Score Avg Days to Fix Threat WeightHigh Threat Potential = 5 3 1 5

Medium Threat Potential = 3 1 2 3

Low Threat Potential = 2 2 2 2

Critical Control 6

Logging Analysis

Score Threat WeightHigh Threat System = 5 5

Medium Threat System= 3 3

Low Threat System = 2 2

Critical Control 7

Total Malicious

Packets Found Threat WeightApplication Software Security

Critical Control 8 Total Quantity

Avg Time to Fix

(days) Threat WeightPasswords off Policy 8 2 3

Accounts with Inproper Privileges 5 3 5


2/9

Critical Control 9

Total Unauthorized

Account Access

Average Time to

Neutralize

Account (days)

Total Unauthorized

Group MembershipsJuly 5 3.6 2

August 4 2.7 1

September 4 3.5 4

Critical Control 10

Number of

mitigated

Number of

servers scanned Threat Weight

Continous VulnerabilityAssessment and Remediation 2 12 4.7

Critical Control 11 Total Vulnerable Total Scanned Threat WeightAccount Monitoring and Control

Workstations 15 151 2.1

Servers 5 12 4.1

Network Devices 2 11 4.7

Critical Control 12

Total Malware

Found

Downtime

IncidentsEmail 100

Web Download 50

Physically (USB/CD) 12

Other 15

Critical Control 13Limitation and Control of ports,

protocols, and services

Critical Control 14

Unauthorized

Wireless DevicesSept 12

Oct 14Nov 15

Critical Control 15

Insecure

Workstations

Unusual activity

instances

Number of

authorized account

accessData Loss Prevention 5 2 4

Critical Control 16

Internet Entry

Points

Percentage of

verified

connections

Percentage of hosts

using DNSSEC


3/9

Current 90 0.90 0.80

New 1

Original 100

Critical Control 17

Avg Time to Fix

(days)

Criticality of

ExpoitationFull IP data theft 4 5

Administrative Rights attained 3 3

Non Admin Rights attained 5 2

Critical Control 18

Avg Time to

Detection (Hours)

Avg Time toEradication

(Hours)

Avg Time to

Recovery (Hours)Incident Response Capability 8.1 4.1 3.2

Critical Control 19 % Data Backed Up Time To RestoreHigh

Medium

Low

Critical Control 20Security Skills Assessment and

Training


4/9

Threat Score Threat Level 416.00 Risk Score 164.0010.00 Goal


5/9

Frequency of Check

Score Threat LevelOverall Risk ScoreGoalCost of CheckFrequency of Check

Assessment Score Threat Level 4.7

Overall Risk Score 0.78Goal


6/9

4.224 Overall Risk Score 31.68Goal >30

Cost of Check

Frequency of Checks

Threat LevelOverall Risk ScoreGoal

Cost of CheckFrequency of Checks

Avg Loss of Data (GB) Threat Level20.2 Overall Risk Score 15.4

Goal 15Cost of CheckFrequency of Checks

Risk Level Score Threat LevelOverall Risk Score

GoalCost of CheckFrequency of Checks

Threat Level

Overall Risk Score

GoalCost of Check

Frequency of Checks


7/9

Inventory *estimated *estimated

Sept Oct Nov

Servers 16.00 3 4.00

Laptops 10.00 15.1 17.2Workstations 15.00 20.2 18.78Software Level 3 16.7 17.6 19.10Software Level 2 23.4 25.3 24.2Software Level 1 33.6 23.2 24.8Wireless AP's 12 14 15

Configurations *estimated *estimated

Sept Oct Nov

Servers 12 9 10Laptops 24 19 21Workstations 29 22 23Switches 22 25 19

Routers 12 14 10Firewalls 3 2 1

Boundary DefenseScore

Proxy Server 2.8

IPS 3.7IDS 4.1

VPN 3.2Access Points 4.3

User AccessCount

Accounts w/ Inproper Privileges 5Insecure Passwords 8

Workstation Vulnerabilities 15Server Vulnerabilities 5Network Device Vulnerabilities 2

Data Recovery CapabilitySept Oct Nov

Malware FoundSept Oct Nov

Email 100 78 83Web Download 50 75 24Physically (USB/CD) 12 8 5Other 15 12 10

Incident Response CapabilityAvg Time to

Detect (hrs)

Avg Time to

Eradicate (hrs)

Avg Time to

Recover (hrs)Sept 6.1 5.2 4.6

Oct 5.2 4.9 4.7Nov 5.3 5.4 4.9

LoggingSept Oct Nov

% Logs Notifying Correctly 2.3 1.2 3.3


8/9

Sept Oct Nov% Data Backed up Successfully 96.2 97.1 94.3

% Fortune Cookies Found Protected 98.3 97.3 98.1


9/9

Security Metrics Dashboard

Control Overall Score Goal Trend

Device Inventory 164.00