Executive Age Summary Report

by Cody Dumont
October 24, 2013


Using a series of charts, tables, and graphs, this overview report provides a summary for an executive to gain a high level understanding of the vulnerability management status of the network environment.

This report contains valuable information, including Top 10 Summaries of Assets, Networks and Systems that are vulnerable, as well as useful trend information on vulnerabilities and how long they have existed within the network environment.

The report is available in the SecurityCenter 4.7 Report app feed, an app store of dashboards, reports and assets.  The report requirements are:

  • SecurityCenter 4.7
  • Nessus 5.2.1

Chapters

Vulnerability Trend (Critical, High, Medium) Last 90 Days - This chapter contains a trend analysis for medium, high and critical severity vulnerabilities over the past 90 days. This method of analysis allows executives to see how risk to the organization has changed during the previous 90 days.

Vulnerability Age - This chapter contains a single matrix component displaying vulnerability age. The columns identify new hosts (within the past 24 hours), and vulnerabilities from low to critical severities. The rows are labeled by the number of days the vulnerabilities have existed within the environment from the first discovery date, sorted by less than 7, 30, 90 days, and greater than 90 days.

Top 10 Summary - This chapter contains three tables and two bar charts. Two of the tables summarize the vulnerabilities by assets and networks. The third table provides a summary of Microsoft Bulletins by assets. All three tables are sorted by the highest number of critical severity vulnerabilities. The two bar charts contain the most vulnerable hosts and networks both ranked by the highest number of critical findings. The bar charts contain vulnerabilities with critical, high, and medium severity.

Severity Summary - This chapter contains a single pie chart displaying a summary of the vulnerabilities by severity level. The chart is separated in critical, high, medium and low severities.

CVSS Scoring - The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. The CVSS quantitative model facilities a repeatable and accurate measurement of vulnerabilities and provides the ability to analyze the characteristics that were used to generate the scores. CVSS is generally accepted as the standard measurement system for vulnerability impact scores. Two common uses of CVSS are for prioritization of vulnerability remediation activities and calculating the severity of discovered vulnerabilities. Source: NIST (http://nvd.nist.gov/cvss.cfm)