Calculate the Window of Vulnerability Not in my own words but The four parts would be the Discovery-Time, Exploit-Time, Disclosure-Time, and Patch-Time. All four of these must be looked at and evaluated.
Discovery Time –is the earliest date that a vulnerability is discovered and recognized to pose a security risk. The discovery date is not publicly known until the public disclosure of the respective vulnerability.
Exploit Time -is the earliest date an exploit for a vulnerability is available. We qualify any hacker-tool, virus, data, or sequence of commands that take advantage of a vulnerability as an exploit.
Disclosure Time –is the first date a vulnerability is described on a channel where the disclosed information on the vulnerability is (a) freely available to the public, (b) published by trusted and independent channel and (c) has undergone analysis by experts such that risk rating information is included.
Patch Time - is the earliest date the vendor or the originator of the software releases a fix, workaround, or a patch that provides protection against the exploitation of the vulnerability. Fixes and patches offered by third parties are not considered as a patch. A patch can be as simple as the instruction from the vendor for certain configuration changes. Note that the availability of other security mechanisms such as signatures for intrusion prevention systems or anti-virus tools are not considered as a patch in this analysis. Unfortunately, the availability of patches usually lags behind the disclosure of a vulnerability.
11 Days of Vulnerability
Sources http://www.termpaperwarehouse.com/essay-on/Calculate-The-Window-Of-Vulnerability/117314
You May Also Find These Documents Helpful
-
Gray Risk (Exogenous): From disclosure to patch the user of the software waits for the vendor to issue a patch. The risk exposure that arises from this period is known as the Gray Risk because the general public is aware of this risk but has not yet received a fix from the software owners. This information is provided in the release of the vulnerability to the organization so they can assess the individual risk and possibly implement a workaround, at least until a patch is accessible.…
- 350 Words
- 1 Page
Satisfactory Essays -
6. (TCO C) The _____ time is the latest time by which a particular activity must be finished in order for the entire project to be completed by its required completion time.…
- 872 Words
- 4 Pages
Powerful Essays -
To resolve the issue of the window of vulnerability (WoV), we would need to get the patch from Microsoft. According to Microsoft, it will take up to 3 days for the patch to be available. Then, we would need additional time to download and test the patch to make sure that this is what is needed to fix the security breach on the SMB server. After doing the testing, the IT department would need time to install the patch onto the servers and deploy to the client computers. This will take 2 days to do, depending on the IT staff, if they work on weekends will determine the completion date. Meaning, if they will work on the weekend, then the deployment to all computers and servers will be done by that Sunday. If not, then it will be the following Tuesday. So, the time that is needed would be a week.…
- 274 Words
- 2 Pages
Satisfactory Essays -
A CVE (Common Vulnerabilities and Exposures) are known vulnerabilities and also show you how to patch them. They are from the Mitre Corporation but are under contract for Homeland Security and NCSD.…
- 385 Words
- 2 Pages
Satisfactory Essays -
1. What is a pinhole camera? How do we know that these devices existed before the nineteenth century?…
- 307 Words
- 1 Page
Satisfactory Essays -
Timeliness – is the information up to date and does this matter in your context?…
- 639 Words
- 3 Pages
Satisfactory Essays -
Vulnerability is a weakness or a fault within the system, such as software package flaws, unlocked doors, or an unprotected system port. Vulnerability leaves things open to an attack or damage. Exposure on the other hand, is a single instance when the system is open to damage. Vulnerabilities (weaknesses) can in turn be the cause of exposure (system open for attack).…
- 764 Words
- 4 Pages
Good Essays -
5.) Write the pseudocode for a program that will determine the average miles per gallon a car gets. (Inputs should be miles driven and gallons of gas used)…
- 470 Words
- 3 Pages
Satisfactory Essays -
You have been given the job of producing a prospectus into the work of a science technician focussing on methods of communication in the workplace and reasons why communication is important.…
- 1276 Words
- 6 Pages
Satisfactory Essays -
2. What type of recording do you think would be the most useful to crime…
- 579 Words
- 2 Pages
Satisfactory Essays -
Deadlines strongly affect what you research e.g. World news is being update by the hour, with a well-defined deadline; we can better gather the relevant information as required.…
- 1409 Words
- 6 Pages
Powerful Essays -
Refer to the handout Testing and Monitoring Security Controls. It contains information on security events or breaches and baseline anomalies.…
- 554 Words
- 3 Pages
Satisfactory Essays -
| 1. Understand the expected pattern of development for children and young people birth – 19 years…
- 5267 Words
- 22 Pages
Powerful Essays -
The labeling of vulnerability goes like this LOW: if the base score is 0.0-3.9,MEDIUM if the base score is 4.0-6.9, HIGH if the base score is 7.0-8.9 and CRITICAL if the base score is 9.0-10.0.Vulnerability Description: National Vulnerability Database provides vulnerability description along with the vulnerability ids and the CVSS score. Vulnerability description gives details of what type of attack can exploit that vulnerability.Attack: An attack can be defined as an unwanted situation when the attacker exploits the vulnerability present in the system and gains certain advantage out of it.Attacker: Attacker is someone who initiates the attack.Privileges: After every attack, the attacker as a consequence gains some advantage out of the attack. These advantages come under the privileges gained by the attacker.Attack Description: Description of particular attack that is how it is carried is given under this entity.Goal: Every attacker has a goal which he wants to achieve.To achieve that particular goal he launches a series of attacks.This goal is specified under this category.Paths: An attacker can follow various different paths to achieve a…
- 465 Words
- 2 Pages
Good Essays -
The amount of time allocated for the research paper due to the 6-week time frame.…
- 1246 Words
- 5 Pages
Powerful Essays