Risk Assessment

Whisbi executes internal audits each six months generating a report that take into account the overall risk profile based on a Common Vulnerability Scoring System rating (CVSS – Common Vulnerability Scoring System SIG)

The below table provides the risk rating mapped to CVSS and our mitigation timescales objectives.

RatingCVSS scoreMitigation timescales
Critical9.0 – 10.0Mitigation schemes should be applied as soon as is operationally possible and take precedence over any scheduled changes
High7.0 – 8.9Mitigation schemes should be applied as soon as is operationally possible alongside any scheduled changes to be included in the next quarterly release
Medium4.0 – 6.9Fix in the next regular security release (bi-annual)
Low0.0 – 3.9Fix in service releases or new system designs
Informational