192 ◾ Information Security Management Handbook
Once these criteria have been defined, the use of a simple scale of 1–5 for each item
will permit the calculation of the rating for the vulnerability. A typical scale for this type
of methodology would be low = 5–12, medium = 13–18, and high = 19–25. By using this
process for rating all the discovered vulnerabilities would then place them in the appropriate
context for the tested environment. is would result in better prioritization of resources for
remediation and also the credibility to any trending efforts.
Process Deliverables
One of the most advantageous tasks that an information security professional can do to properly
manage security testing is to establish a formalized process with a ...