8/12/2019 Jwp Caincouture Dashboard
1/9
Critical Control Formulas
Critical Control 1 Hardware
Unauthorized
Device Total
Avg Days Device
on Network Threat WeightHigh Threat = 5 2 6 5
Medium Threat = 3 2 4 3
Low Threat = 2 5 5 2
Critical Control 2 Software
Unauthorized
Software Total
Avg Days
Software on
Network Threat Weight
High Threat = 5 3 1.7 5Medium Threat = 3 7 2.4 3
Low Threat = 2 15 3.6 2
Critical Control 3 Insecure Configs Avg Days to Fix Threat WeightServers (High Threat) = 5 2 2 5
Laptops (Medium Threat) = 3 6 6 3
Workstations (Low Threat) = 2 11 7 2
Critical Control 4 Insecure Configs Avg Days to Fix Threat WeightSwitches (High Threat) = 5 4 2 5
Routers (Medium Threat) = 3 3 3 3
Firewalls (Low Threat) = 2 1 1 2
Critical Control 5
Boundary Defense
Score Avg Days to Fix Threat WeightHigh Threat Potential = 5 3 1 5
Medium Threat Potential = 3 1 2 3
Low Threat Potential = 2 2 2 2
Critical Control 6
Logging Analysis
Score Threat WeightHigh Threat System = 5 5
Medium Threat System= 3 3
Low Threat System = 2 2
Critical Control 7
Total Malicious
Packets Found Threat WeightApplication Software Security
Critical Control 8 Total Quantity
Avg Time to Fix
(days) Threat WeightPasswords off Policy 8 2 3
Accounts with Inproper Privileges 5 3 5
8/12/2019 Jwp Caincouture Dashboard
2/9
Critical Control 9
Total Unauthorized
Account Access
Average Time to
Neutralize
Account (days)
Total Unauthorized
Group MembershipsJuly 5 3.6 2
August 4 2.7 1
September 4 3.5 4
Critical Control 10
Number of
mitigated
Number of
servers scanned Threat Weight
Continous VulnerabilityAssessment and Remediation 2 12 4.7
Critical Control 11 Total Vulnerable Total Scanned Threat WeightAccount Monitoring and Control
Workstations 15 151 2.1
Servers 5 12 4.1
Network Devices 2 11 4.7
Critical Control 12
Total Malware
Found
Downtime
IncidentsEmail 100
Web Download 50
Physically (USB/CD) 12
Other 15
Critical Control 13Limitation and Control of ports,
protocols, and services
Critical Control 14
Unauthorized
Wireless DevicesSept 12
Oct 14Nov 15
Critical Control 15
Insecure
Workstations
Unusual activity
instances
Number of
authorized account
accessData Loss Prevention 5 2 4
Critical Control 16
Internet Entry
Points
Percentage of
verified
connections
Percentage of hosts
using DNSSEC
8/12/2019 Jwp Caincouture Dashboard
3/9
Current 90 0.90 0.80
New 1
Original 100
Critical Control 17
Avg Time to Fix
(days)
Criticality of
ExpoitationFull IP data theft 4 5
Administrative Rights attained 3 3
Non Admin Rights attained 5 2
Critical Control 18
Avg Time to
Detection (Hours)
Avg Time toEradication
(Hours)
Avg Time to
Recovery (Hours)Incident Response Capability 8.1 4.1 3.2
Critical Control 19 % Data Backed Up Time To RestoreHigh
Medium
Low
Critical Control 20Security Skills Assessment and
Training
8/12/2019 Jwp Caincouture Dashboard
4/9
Threat Score Threat Level 416.00 Risk Score 164.0010.00 Goal
8/12/2019 Jwp Caincouture Dashboard
5/9
Frequency of Check
Score Threat LevelOverall Risk ScoreGoalCost of CheckFrequency of Check
Assessment Score Threat Level 4.7
Overall Risk Score 0.78Goal
8/12/2019 Jwp Caincouture Dashboard
6/9
4.224 Overall Risk Score 31.68Goal >30
Cost of Check
Frequency of Checks
Threat LevelOverall Risk ScoreGoal
Cost of CheckFrequency of Checks
Avg Loss of Data (GB) Threat Level20.2 Overall Risk Score 15.4
Goal 15Cost of CheckFrequency of Checks
Risk Level Score Threat LevelOverall Risk Score
GoalCost of CheckFrequency of Checks
Threat Level
Overall Risk Score
GoalCost of Check
Frequency of Checks
8/12/2019 Jwp Caincouture Dashboard
7/9
Inventory *estimated *estimated
Sept Oct Nov
Servers 16.00 3 4.00
Laptops 10.00 15.1 17.2Workstations 15.00 20.2 18.78Software Level 3 16.7 17.6 19.10Software Level 2 23.4 25.3 24.2Software Level 1 33.6 23.2 24.8Wireless AP's 12 14 15
Configurations *estimated *estimated
Sept Oct Nov
Servers 12 9 10Laptops 24 19 21Workstations 29 22 23Switches 22 25 19
Routers 12 14 10Firewalls 3 2 1
Boundary DefenseScore
Proxy Server 2.8
IPS 3.7IDS 4.1
VPN 3.2Access Points 4.3
User AccessCount
Accounts w/ Inproper Privileges 5Insecure Passwords 8
Workstation Vulnerabilities 15Server Vulnerabilities 5Network Device Vulnerabilities 2
Data Recovery CapabilitySept Oct Nov
Malware FoundSept Oct Nov
Email 100 78 83Web Download 50 75 24Physically (USB/CD) 12 8 5Other 15 12 10
Incident Response CapabilityAvg Time to
Detect (hrs)
Avg Time to
Eradicate (hrs)
Avg Time to
Recover (hrs)Sept 6.1 5.2 4.6
Oct 5.2 4.9 4.7Nov 5.3 5.4 4.9
LoggingSept Oct Nov
% Logs Notifying Correctly 2.3 1.2 3.3
8/12/2019 Jwp Caincouture Dashboard
8/9
Sept Oct Nov% Data Backed up Successfully 96.2 97.1 94.3
% Fortune Cookies Found Protected 98.3 97.3 98.1
8/12/2019 Jwp Caincouture Dashboard
9/9
Security Metrics Dashboard
Control Overall Score Goal Trend
Device Inventory 164.00