-
Notifications
You must be signed in to change notification settings - Fork 2
/
using.txt
20 lines (12 loc) · 1.23 KB
/
using.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Using Crisk
===========
Analyzing servers and computers
-------------------------------
This is the most direct way to use Crisk. Assign each server/computer an owner on the asset screen, and make sure to include its value. You can consider the hardware value only or add the value of the information stored on that asset.
You can also add other assets like network appliances, routers, etc. and consider the value as how important those items are for the network as a whole.
Analyzing information
---------------------
This works the same way as above, but consider information only while adding to the assets. This way of working is more independent of hardware and computers and can facilitate analysis of processes.
The Risk Matrix
---------------
The Vulnerabilities report includes a Risk Matrix. The risk matrix is a scatter graphic that shows where the risks are concentrated on the analysis. The bigger the circle, the most vulnerabilities are concentrated on that point. The green area shows where vulnerabilities are hard to occur (low probability) and/or have less impact (low severity). On the other hand, the red area shows where the vulnerabilities are more likely to happen (high probability) and/or have more impact (high severity).