Section outline

  • Lesson Overview: This lesson teaches how to prioritize fixing vulnerabilities by understanding the difference between a vulnerability’s technical severity and the real-world risk it poses. Students learn about severity scoring systems (like CVSS), and how factors like exploitability, asset value, and threat context influence what to fix first. The tone is motivational: mastering prioritization skills makes you the strategist who allocates security efforts smartly – a big win in the job arena where resources are limited and attacks are automated.

    • Micro-Topic 15.1: Understanding Vulnerability Severity

      (Goal: Learn how severity of a vulnerability is measured, e.g. CVSS scores)

    • GB 15 1 Understanding Vulnerability Severity FREE SCORM12 SCORM package

    • Micro-Topic 15.2: Risk = Likelihood × Impact

      (Goal: Introduce the concept of risk considering both probability of exploit and potential damage)

    • GB 15 2 Risk Likelihood Impact FREE SCORM12 SCORM package

    • Micro-Topic 15.3: Context Matters – Asset Value and Exposure

      (Goal: Show how the environment changes risk level of vulnerabilities)

    • GB 15 3 Context Matters FREE SCORM12 SCORM package

    • Micro-Topic 15.4: Making Fix Decisions – What to Fix First

      (Goal: Provide a strategy for triaging vulnerabilities in practice)

    • GB 15 4 Making Fix Decisions FREE SCORM12 SCORM package