From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Correlating scan results
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Correlating scan results
- [Instructor] In addition to validating your scan results to eliminate false positive reports and remove documented exceptions, you'll also want to correlate scan reports with other information available to you. The first source of information you should consult are any industry standards, best practices, or compliance obligations that are relevant to your organization. These standards may provide specific guidance on the types of vulnerabilities that require more urgent remediation. For example, PCI DSS contains some very specific guidance on vulnerability scanning. Here's a quote from the standard. "To demonstrate compliance, a scan must not contain "high-level vulnerabilities in any component "in the cardholder data environment. "Generally, to be considered compliant, "none of those components may contain any vulnerability "that has been assigned a common vulnerability "scoring system, CVSS, base score equal to "or…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.