Priority and Severity Levels
Priority Levels
| Priority Level | Description |
|---|---|
| Priority 1 | This vulnerability is the most severe. It is actively being exploited, or exploitation is imminent. Other outside businesses or schools are actively being exploited. |
| Priority 2 | This vulnerability has not yet been exploited at the Institute, however, exploitation may be imminent. Other outside businesses or schools are actively being exploited. |
| Priority 3 | This vulnerability has not yet been exploited at the Institute. The probability of exploitation is medium and there may be discussion about the vulnerability in security circles. |
| Priority 4 | This vulnerability has a lower probability of exploitation, but should still be mitigated. Attention to this risk and above should be notified to the securityalerts@ias.edu mailing list or the involved school's helpdesk. |
| Priority 5 | This vulnerability is low risk. Direct communication should be made with the school or group in which it affects. |
| Mitigated | This rating is reserved for vulnerabilities that have been mitigated and are no longer a threat. This is for clarity of documentation that gives the current state of a risk. |
| No Risk | This rating is reserved for items that were deemed a risk before, but have now been deemed not vulnerable due to new information. |
Severity Levels
| Severity Level | Description |
|---|---|
| Severity 1 | This vulnerability is the most severe. It poses high risk to the other groups/schools or the entire Institute as a whole. This also may be a vulnerability that puts the image of the Institute at risk. |
| Severity 2 | This vulnerability poses high risk to an entire group/school, possible including resources available to another group/school. |
| Severity 3 | This vulnerability poses high risk within a group/school. It does not pose a risk of contaminating other groups/schools. |
| Severity 4 | This vulnerability poses a risk to a user, or smaller group. If left unfixed, it could grow larger or spread to other groups/users. |
| Severity 5 | This vulnerability is low and poses a risk to an individual or group. If left unfixed, it will not grow and will remain vulnerable only to that user or group. |
| Mitigated | This rating is reserved for vulnerabilities that have been mitigated and are no longer a threat. This is for clarity of documentation that gives the current state of a risk. |
| No Risk | This rating is reserved for items that were deemed a risk before, but have now been deemed not vulnerable due to new information. |