Describe these terms as they are defined in the CVSS 3.0: Confidentiality, Integrity and AvailabilityImplementing Cisco Cybersecurity Operations (210-255)
The three metrics Confidentiality, Integrity, and Availability are often referred to as the cybersecurity triad. In terms of CVSS, they are referred to as the impact metrics.
Confidentiality measures how much access to restricted information the attacker is able to gain using the vulnerability.
- High (H): There is a complete loss of confidentiality, all data is accessible to the attacker.
- Low (L): There is some loss of confidentiality for some files, but not all.
- None (N): There is no loss of confidentiality due to the attack.
Integrity measures whether or not the attacker can change the data stored on the system.
- High (H): The attacker has full access to change data on the system.
- Low (L): The attacker has some access to change data on the system.
- None (N): No data can be changed due to the attack.
Availability measures whether legitimate users can access the system during or after the attack.
- High (H): The attacker is able to deny normal users complete access to the resource.
- Low (L): The attacker is able to interrupt normal users, but not completely.
- None (N): Normal users are unaffected by the attack.