Which is the BEST way to measure and prioritize aggregate risk deriving from a chain of linked system vulnerabilities?

Which is the BEST way to measure and prioritize aggregate risk deriving from a chain of linked
system vulnerabilities?

Which is the BEST way to measure and prioritize aggregate risk deriving from a chain of linked
system vulnerabilities?

A.
Vulnerability scans

B.
Penetration tests

C.
Code reviews

D.
Security audits

Explanation:

A penetration test is normally the only security assessment that can link vulnerabilities together by
exploiting them sequentially. This gives a good measurement and prioritization of risks. Other
security assessments such as vulnerability scans, code reviews and security audits can help give
an extensive and thorough risk and vulnerability overview’, but will not be able to test or
demonstrate the final consequence of having several vulnerabilities linked together. Penetration
testing can give risk a new perspective and prioritize based on the end result of a sequence of
security problems.



Leave a Reply 0

Your email address will not be published. Required fields are marked *