1 minute read
Compliance manager
from Sunmap eBook Design
The 1st layer is composed of the CVSS (Common Vulnerability Scoring System) base scores describing the vulnerability criticality. It is based on an evaluation of exploitability and the potential impact of the vulnerability on the system.
The 2nd layer contains a mitigation or aggravation factor regarding the age of the vulnerability. It is based on several variables:
Advertisement
 The existence of a patch and its age
 The existence of a POC, exploit, tutorial to attack
 The usefulness of the vulnerability in the wild and the related attacker (Script Kiddies, APT, etc.)
The 3rd layer adds context to our scoring system. It changes the score depending on several factors concerning the asset with the discovered vulnerability:
 Network exposure (Who can see the asset? The public? Your staff? Admin?)  Asset function (Database, AD, Printer, etc.)
 Asset environment (Production, testbed, data lake, etc.)
In addition we enable users to add their own prioritization factors if needed. No one is better placed to determine what really matters than you—you know your business best. For example, while in some companies data is the most valuable asset, others may want to focus on communication systems.
D. Compliance manager
Compliance requirements increase constantly and are time consuming. Outside auditing to ensure companies were keeping on top of compliance was originally intended to primarily reduce cyber exposures and thus protect customers, but companies quickly found they were using up valuable time keeping auditors satisfied.
SunMap reduces cyber exposure while maintaining auditor-approved compliance with limited effort and time. Create, check and track regulatory requirements specific to your needs in minutes with our pre-built scans, dashboards and resolution advice.
 Meet compliance standards (PCI-DSS, HIPAA, ISO 27001, SOC2 etc.)  Streamline regulatory process  Create requirements specific to business context
 Follow up on audits easily
SUNMAP | 15
