Part 2: The Intersection of Risk Management and Vulnerability Management

Today we continue our discussion on the intersection of risk assessment and vulnerability management.

In this video, we focus on item 4 of NIST’s risk assessment process: quantifying the likelihood of a threat occurring – or in the context of vulnerability management, the likelihood of an exploit surfacing. 

The NIST CVSS scoring is not designed to be predictive of future threat actions, and this is well-known in the vulnerability management community.  We have seen three approaches that vulnerability management teams take to assessing the likelihood of exploitation: 

  1. Threat levels 
  2. Weighting 
  3. Machine learning 

In this video, we discuss all three and then review how CYR3CON® PR1ORITY employs machine learning to address this problem. 

Risk Management and Vulnerability Management


CYR3CON’s CyRating® - available in our PR1ORITY product - allows vulnerability management teams to address problems around threat identification and computation of likelihood of threat at scale for the enterprise.

Let the CYR3CON team identify vulnerabilities your teams may be overlooking with our Predictive Threat Assessment