From the course: ISC2 Certified Information Systems Security Professional (CISSP) (2024) Cert Prep

Unlock this course with a free trial

Join today to access over 23,200 courses taught by industry experts.

Analyzing scan reports

Analyzing scan reports

- [Instructor] As a cybersecurity analyst, you'll likely spend a good amount of your time analyzing reports from vulnerability scans. One of your primary responsibilities may be sorting through the results of these scans and presenting information from them to a wide variety of audiences. You'll need to provide engineers, developers, and system administrators with a technical detail that they need to correct issues. You'll also need to explain trends and high level risk ratings to business leaders, and you'll need to present security management with a picture of how well the organization is doing at managing risk. As you interpret the results of any scan report, you should first focus on five factors. These include the severity of the vulnerability, the criticality of the systems affected, the sensitivity of information involved, the difficulty of remediation, and the exposure of the system with the vulnerability. These five factors will help you triage the various vulnerabilities…
