Best IT Documents.com Blog


Microsoft Patch Matrix Analysis

Posted in O S (375),Policies - Standards (600),Security (1500) by Guest on the September 19th, 2016

This information allows you to see at a glance which Microsoft Security Bulletins apply to which products and the Severity Rating for each bulletin.  Each Security Bulletin is listed complete with links to the full bulletin on Microsoft’s website. You can view Security Bulletins sorted in reverse numerical order or by the date the Bulletin was last updated.
Microsoft believe you should always apply patches to any software you’re using for which they issue a patch with either a Critical or Important rating and these patches should be applied as soon as is practically possible (especially Critical ones). For patches rated as either Moderate or Low Microsoft recommend you read the related security bulletin to decide whether you should apply the patch to your environment. Personally if Microsoft issues a patch for something I’d seriously consider installing it (after testing) regardless of the Rating.  Easier said than done I know in a lot of environments but if you don’t patch you’re asking for trouble.

 

Severity Ratings Microsoft use the following system to rate the severity for each vulnerability.  This information has been reproduced from the “Microsoft Security Response Center Security Bulletin Severity Rating System” which you can find at:

 

https://technet.microsoft.com/en-us/security/hh314216.aspx

 

We’ve added the “Color” column onto the end of the table so that you can tell at a glance what Severity Rating Microsoft have assigned to the software affected by each vulnerability.

Rating Definition Color
Critical A vulnerability whose exploitation could allow the propagation of an Internet worm without user action Red
Important A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources. Orange
Moderate Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation Green
Low A vulnerability whose exploitation is extremely difficult, or whose impact is minimal. Black

 

Security Vulnerabilities by Number

The following is a list of Security Vulnerabilities issued year-to-date (dd/mm/yy) with the most recent first.

Patch No. Title Affects/ Severity Issued/ Updated
Comments Off on Microsoft Patch Matrix Analysis

Sample – Word – Disaster Recovery Contingency Organization

Posted in Business (600) by Guest on the September 9th, 2016

Word – Disaster Recovery Contingency Organization

Disaster_Recovery_Contingency_Organization.doc

Comments Off on Sample – Word – Disaster Recovery Contingency Organization

Sample – Asset Rating

Posted in Compliances (1300),Policies - Standards (600),Security (1500) by Guest on the September 3rd, 2016

Purpose

This document provides guidelines / instructions that enable Symantec users or the Technology Services Group members to developed, identify, evaluate and remediate system and application vulnerabilities in order to prevent a catastrophic systems failure.

 

Background

This document defines accountability and a process that coordinates the patch and vulnerability management effort to include communication, documentation and reporting requirements. By adhering to the following guidelines, Symantec can reduce risks that can lead to adverse security incidents. The primary parties responsible for complying with these procedures include key Information Technology (IT) managers and Risk Management’s Information Security Officer (ISO).

 

Technical Impact 1 – 5:       A measure of how important a device is to the communications of the network.

 

Threat 1 – 5:                          An activity that has either the potential of causing harm to a computer or a network.

 

Vulnerability 1 – 5:               A flaw, mis-configuration, or weakness that allows the security of the system to be violated.

 

Criticality 1 – 5: A measure of how important a system is to the organization’s mission.

 

1 – lowest – no risk or does not apply

 

2 – Low risk – little or no impact

 

3 – Would cause damage

 

4 – Would cause serious damage

 

5 – Would cause exceptionally grave damage

Comments Off on Sample – Asset Rating

Sample – Patch Vulnerability Management Guidelines

Posted in Sample - IT Spreadsheets - PowerPoints (251),Security (1500) by Guest on the September 3rd, 2016

Patch Vulnerability Management Guidelines Spreadsheet

www.bestitdocuments.com

Comments Off on Sample – Patch Vulnerability Management Guidelines