7.17 LAB: Medical device vulnerability scoring In this lab, you will complete the implementation of a Medical Device Vulnerability Scoring web page. The purpose of this web page is to return a score that numerically quantifies how vulnerable a specific vulnerability is to the particular attack. The properties of the system will be selected from a group of predetermined options, where each option is a styled radio button. Once options are selected for all possible properties, the web page will display the vulnerability score (and hide the warning label). Implement a function called updateScore. This function must verify that one button from each property is selected. Using JavaScript, add a click or change event listener to each radio button (Do not add the event listener to the button label). Notice that the radio buttons are hidden using CSS. Once one button from each property is selected, the webpage should: Hide the warning label by setting the display style of the with ID warning to none. Note: both none and hidden have similar visual effects, however none doesn't occupy any space, while hidden does occupy space, affecting the layout). Compute the vulnerability score. The score should be updated and displayed inside the with ID score. The score must have a minimum of 0 and a maximum of 10. The final score must be rounded up to the tenths decimal place, and displayed with one decimal place. Ex: If the final score is 7.311456, the score should be displayed as 7.4. Once the score is being displayed, updating a property will automatically update the vulnerability score. The score is computed as: ScoreFinal=(Scopestatus)∗((3.326258289∗ScoreBase)+(1.1∗ScoreExploitability)), where the ScopeStatus,ScoreBase, and ScoreExploitability are calculated as: If ScoreBase is 0, then ScoreFinal should be 0. ScopeStatus(Selection)= Scope Status Value Unchanged 1.0 Changed 1.08 ScoreBase=BaseConfidentiality+BaseIntegrity+BaseAvailability, where: BaseConfidentiality(LevelSensitivity,LevelConfidentiality)= Sensitivity corresponds to rows, and Confidentiality corresponds to columns. Sensitivity / Confidentiality None Low High None 0.00 0.22 0.56 Low 0.00 0.65 0.75 High 0.00 0.85 0.95 BaseIntegrity(LevelHealthImpact,LevelIntegrity)= Health Impact corresponds to rows, and Integrity corresponds to columns. Health Impact / Integrity None Low High None 0.00 0.22 0.56 Low 0.55 0.60 0.75 High 0.85 0.90 0.95 BaseAvailability(LevelHealthImpact,LevelAvailability)= Health Impact corresponds to rows, and Availability corresponds to columns. Health Impact / Availability None Low High None 0.00 0.22 0.56 Low 0.55 0.60 0.65 High 0.85 0.90 0.95 ScoreExploitability=AttackVector∗AttackComplexity∗PrivilegedRequired∗UserInteraction, where: AttackVector(Selection)= Attack Vector Value Network 0.85 Adjacent Network 0.62 Local 0.55 Physical 0.20 AttackComplexity(Selection)= Attack Complexity Value Low 0.77 High 0.44 PrivilegeRequired(Selection)= Privilege Required Value None 0.85 Low 0.62 High 0.27 UserInteraction(Selection)= User Interaction Value None 0.85 Required 0.62

icon
Related questions
Question

7.17 LAB: Medical device vulnerability scoring

In this lab, you will complete the implementation of a Medical Device Vulnerability Scoring web page. The purpose of this web page is to return a score that numerically quantifies how vulnerable a specific vulnerability is to the particular attack. The properties of the system will be selected from a group of predetermined options, where each option is a styled radio button. Once options are selected for all possible properties, the web page will display the vulnerability score (and hide the warning label).

  1. Implement a function called updateScore. This function must verify that one button from each property is selected.
  2. Using JavaScript, add a click or change event listener to each radio button (Do not add the event listener to the button label). Notice that the radio buttons are hidden using CSS.
  3. Once one button from each property is selected, the webpage should:
    • Hide the warning label by setting the display style of the

      with ID warning to none. Note: both none and hidden have similar visual effects, however none doesn't occupy any space, while hidden does occupy space, affecting the layout).

    • Compute the vulnerability score.
    • The score should be updated and displayed inside the

      with ID score.

  4. The score must have a minimum of 0 and a maximum of 10.
  5. The final score must be rounded up to the tenths decimal place, and displayed with one decimal place. Ex: If the final score is 7.311456, the score should be displayed as 7.4.
  6. Once the score is being displayed, updating a property will automatically update the vulnerability score.
  7. The score is computed as:
    • ScoreFinal=(Scopestatus)∗((3.326258289∗ScoreBase)+(1.1∗ScoreExploitability)), where the ScopeStatus,ScoreBase, and ScoreExploitability are calculated as:

      • If ScoreBase is 0, then ScoreFinal should be 0.

    • ScopeStatus(Selection)=

      Scope Status Value
      Unchanged 1.0
      Changed 1.08
      • ScoreBase=BaseConfidentiality+BaseIntegrity+BaseAvailability, where:

      • BaseConfidentiality(LevelSensitivity,LevelConfidentiality)=

        • Sensitivity corresponds to rows, and Confidentiality corresponds to columns.

          Sensitivity / Confidentiality None Low High
          None 0.00 0.22 0.56
          Low 0.00 0.65 0.75
          High 0.00 0.85 0.95
      • BaseIntegrity(LevelHealthImpact,LevelIntegrity)=

        • Health Impact corresponds to rows, and Integrity corresponds to columns.

          Health Impact / Integrity None Low High
          None 0.00 0.22 0.56
          Low 0.55 0.60 0.75
          High 0.85 0.90 0.95
      • BaseAvailability(LevelHealthImpact,LevelAvailability)=

        • Health Impact corresponds to rows, and Availability corresponds to columns.

          Health Impact / Availability None Low High
          None 0.00 0.22 0.56
          Low 0.55 0.60 0.65
          High 0.85 0.90 0.95
      • ScoreExploitability=AttackVector∗AttackComplexity∗PrivilegedRequired∗UserInteraction, where:

      • AttackVector(Selection)=

        Attack Vector Value
        Network 0.85
        Adjacent Network 0.62
        Local 0.55
        Physical 0.20
      • AttackComplexity(Selection)=

        Attack Complexity Value
        Low 0.77
        High 0.44
      • PrivilegeRequired(Selection)=

        Privilege Required Value
        None 0.85
        Low 0.62
        High 0.27
      • UserInteraction(Selection)=

        User Interaction Value
        None 0.85
        Required 0.62
Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 4 steps with 6 images

Blurred answer
Knowledge Booster
Study of Characters
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, cybersecurity and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS