<\/p>\n\n\n\n
Rimpact (Relative Impact) is a metric to estimate the impact of technical cybersecurity vulnerability considering business logic and the relationships of system components. <\/strong><\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n Both metrics are distinct, independent, and work best when used together. LSCP uses CVSS 3.1 when reporting penetration test results to technical people, and Rimpact when reporting penetration test results to management.<\/p>\n","protected":false},"excerpt":{"rendered":" Rimpact (Relative Impact) is a metric to estimate the impact of technical cybersecurity vulnerability considering business logic and the relationships of […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1694","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/posts\/1694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/comments?post=1694"}],"version-history":[{"count":0,"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/posts\/1694\/revisions"}],"wp:attachment":[{"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/media?parent=1694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/categories?post=1694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/tags?post=1694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Rimpact<\/strong> – Relative Impact<\/td> CVSS3.1<\/strong> – Absolute Impact<\/td><\/tr> Same technical vulnerabilities in different contexts have different scores<\/strong><\/td> Same technical vulnerabilities in different contexts have same scores<\/strong><\/td><\/tr> Justifies the final score using Business Language<\/strong><\/td> Justifies the final score using Tech<\/strong> Language<\/strong><\/td><\/tr> A strict linear formula <\/strong>from the pen test results<\/td> A strict linear formula<\/strong> from the pen test results<\/td><\/tr> Defines business urgency<\/strong> to fix vulnerabilities<\/td> Defines SLAs<\/strong> to fix vulnerabilities<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n