By Rick A Jones Affiliation: Systems and Information Engineering, University of Virginia, Charlottesville, VA 22904; Barry Horowitz Affiliation: Systems and Information Engineering, University of Virginia, Charlottesville, VA 22904
Read Online or Download A System-Aware Cyber Security architecture PDF
Similar security books
Classes in management, according to the management ideas utilized by Sir Ernest Shackleton from 1914-1916 to maintain himself and the lives of his group as they have been stranded on an Arctic ice stream. indicates tips to practice that sort of energy and persistence to being an efficient chief in any box or job.
- Information Security for Managers
- Building an information security awareness program : defending against social engineering hacks
- Advances in Sensing with Security Applications: Proceedings of the NATO Advanced Study Institute, held in St. Etienne de Tinee, France, August 28-September 11, 2004
- Computer and Information Security Handbook (2nd Edition)
Additional resources for A System-Aware Cyber Security architecture
These individuals may also release the vulnerability to the rest of the hacker community before it is publicly announced by CERT (or BugTraq). This poses an even greater risk for a zero-day exploit. These occurrences used to be a rare, but with all the discussions surrounding patch management over the past few years zero-day exploits are becoming more common. A zero-day exploit occurs when an exploit for a vulnerability is released the same day a patch is provided to protect the organization’s vulnerable systems.
So, regardless of whether a patch or workaround has been released to address a vulnerability, either will follow the organization’s patch management process to offer protection from the exploit that is soon to follow. Types of Patches Over the past couple of years, a lot of attention and publicity have been given to patches, including how to manage their installation on the vulnerable systems within the organization. This management has become the topic of numerous articles, white papers, and even Web-based seminars.
The time it takes for a vulnerability to turn into an exploit is decreasing, as is the level of impact the exploit has on the organization. This makes the release of the patch when the vulnerability is identified a critical responsibility of the vendor that created and released the software product. While vendors hold the ultimate responsibility to inform their customers and the general public when a vulnerability has been identified that impacts their software, there are others who are more than happy to do so.