As a security analyst, you are using the Common Vulnerability Scoring System (CVSS) calculator to evaluate a potential vulnerability. Which of the following metrics is the most crucial? (Wentz QOTD)
A. Exploitability metrics
B. Impact metrics
C. Temporal metric group
D. Environmental metric group

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Impact metrics.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

The Common Vulnerability Scoring System (CVSS) standard defines three metric groups: base, temporal, and environmental metric groups. The base metric group is mandatory, while the temporal and environmental metric groups are optional.

The base metric group has two metric sets, exploitability and impact metrics, to evaluate risk. Risk comprises two crucial factors: uncertainty (likelihood or possibility) and effect (impact). The exploitability of vulnerabilities standards for the likelihood or possibility of risk. If a risk with high possibility but has no impact on security objectives (confidentiality, integrity, and availability), it’s irrelevant or not a risk.

Reference

• Common Vulnerability Scoring System v3.1: Specification Document
• Common Vulnerability Scoring System Calculator

---

作為安全分析師，您正在使用通用漏洞評分系統 (CVSS) 計算器來評估潛在漏洞。 以下哪項指標最重要？ (Wentz QOTD)
A. 可利用性指標
B. 影響指標
C. 時間度量組
D. 環境指標組