Security Assessment
Assessment (Score: 63%)
000
#Testing 123
Data
Lorem ipsum dolor sit amet. Et ducimus earum in veniam eligendi eos expedita ipsa sed accusantium voluptas id rerum atque et dolores aspernatur.
Private
This is my scope!!!
efacb457-8f91-4223-ab01-2ce1c9fdbb8c
Impacts
| Impact | Description | Impact | ||
|---|---|---|---|---|
| Financial Loss | fbedberbrebrebrebnr | Moderate |
Risks
| Risk | Description | Type | Overall Risk | ||
|---|---|---|---|---|---|
| 1 | Sample sdverwbgwerbrweb 345 46 346 3 | Threat | Major | ||
| 2 | Another Sample | Risk | Critical | ||
| 3 | 3333 | Risk | Major | ||
| 4 | 2222 | Risk | Medium | ||
| 5 | 1111 | Risk | Critical |
| Severe | 5 | 2 | |||
| Major | 3 | ||||
| Moderate | 4 | ||||
| Minor | 1 | ||||
| Insignificant | |||||
| Impact / Likelihood | Rare (0 - 5%) | Unlikely (5% - 15%) | Possible (15% - 40%) | Likely (40% - 90%) | Certain (>90%) |
Threats
| Threat: Enterprise | Internal | External | 3rd Party | Technological | Physical | |
|---|---|---|---|---|---|---|
| Execution - The adversary is trying to run malicious code. | ||||||
| Discovery - The adversary is trying to figure out your environment. | ||||||
| Command and Control - The adversary is trying to communicate with compromised systems to control them. | ||||||
| Exfiltration - The adversary is trying to steal data. | ||||||
Controls
Control Coverage: 68%
| 800-53 Revision 5_1_1 | Effectiveness | |||
|---|---|---|---|---|
| AU | AUDIT AND ACCOUNTABILITY Mitigation: fgngfngfngfnfgn 435345435435 svwbrwegrgrweg |
Not Met | ||
| Controls | Effectiveness | |||
| API.09 | Consent - Ensure Consent has been provided to access and\or share data on behalf of a customer. For example: Consent has been provided for the authenticated User to access Claims history for another member on the same policy, consent is provided for a 3rd party to consume a customers data. Mitigation: safdvrevbrebverbreb |
Exceeds | ||
| API.10 | Parameters Sanitized - Ensure input\output parameters are sanitized and\or validated before being consumed to prevent attacks (e.g. SQL injection, cross-site scripting, buffer overflow). | |||
| Principles | Principles - Security Principles are the fundamental guidelines and best practices designed to protect information systems and data from threats and vulnerabilities. | Met | ||
| NIST 2.0 | Effectiveness | |||
| ID | IDENTIFY (ID): The organization's current cybersecurity risks are understood | |||
| PR.DS | Data Security (PR.DS): Data are managed consistent with the organization's risk strategy to protect the confidentiality, integrity, and availability of information | Met | ||
| PR.DS-01 | PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected | |||
| PR.DS-02 | PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected | |||
| PR.DS-10 | PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected | |||
| PR.DS-11 | PR.DS-11: Backups of data are created, protected, maintained, and tested | |||
Control
:
None
No Threat(s) found.
No Control(s) found.