Frequently Asked Questions About Security Warnings And Bulletins
The National SK-CERT Unit (hereinafter referred to as SK-CERT) has prepared a series of articles aimed at distribution of information on security vulnerabilities and the methodology used to evaluate their severity.
This issue is connected with two important concepts – security warning and security bulletin. Issuing of security warnings and bulletins belongs to one of the services provided by SK-CERT to the general public. In the introductory part we will address frequently asked questions about SK-CERT security warnings and bulletins.
What are security warnings and bulletins?
A security warning contains information with critical severity which may have an important impact on the cybersecurity on both the national and international level. It is issued as necessary in order to disseminate critical information to SK-CERT partners as well as other potentially affected subjects. The security warning is immediately distributed via e-mail and published on SK-CERT website in the relevant section.
What do security warnings and bulletins serve for?
Our aim is to distribute promptly the relevant information on security vulnerabilities through warnings and bulletins to our partners and the public.
Our aim is to distribute promptly the relevant information on security vulnerabilities through warnings and bulletins to our partners and the public.
Who receives security warnings and bulletins?
Security warnings and bulletins are designed for the general public. Therefore, you can find them on our website in the archive of security warnings and bulletins; on our Twitter channel and we also send them to our partners via e-mails. All our publications are marked by Traffic Light Protocol (hereinafter referred to as TLP). TLP was created in order to facilitate greater sharing of information. TLP is a set of designations used to ensure that sensitive information is shared with the appropriate audience. More detailed information on TLP protocol can be found in the section “Information Protection”. Freely distributable information are marked as TLP:WHITE.
Why do we issue security warnings and bulletins?
A continuous process of identification, fixing and removal of publicly known security vulnerabilities is a very effective way to prevent their exploitation by attackers. Through issuing of security bulletins and warnings we try to improve the security of information systems and prevent cybersecurity incidents.
A continuous process of identification, fixing and removal of publicly known security vulnerabilities is a very effective way to prevent their exploitation by attackers. Through issuing of security bulletins and warnings we try to improve the security of information systems and prevent cybersecurity incidents.
In modern information and communication systems, there are systems whose software is updated automatically without user interaction and there is also a huge number of systems where update is not possible or required for several reasons, for example:
- vulnerabilities occur in systems which we do not want to update for different reasons (e.g. systems personalised and edited on source code level),
- vulnerabilities can be found in “legacy” products for which the manufacturer does not provide support,
- deployment of updates and patches for newly detected security vulnerabilities is a complex process which may last several weeks during which the system is vulnerable.
If it is possible, our publications also contain recommendations and alternative procedures to mitigate respective vulnerabilities even without security update.
How are security warnings and bulletins created?
SK-CERT continuously monitors hundreds of information sources via specialized devices. Information from these sources is automatically filtered and processed by SK-CERT specialists who utilize them to create security warnings and security bulletins.
How SK-CERT evaluates severity of security vulnerabilities or information in general?
SK-CERT uses CVSS metrics version 3.0 to evaluate security vulnerabilities. In case it is not possible to evaluate the information by CVSS v3.0 metrics, alternative internationally recognised metrics for information evaluation (e.g. NCISS metrics) are used for evaluation of cyber-relevant information. NCISS was designed to evaluate the severity of particular types of attacks, like a phishing or ransomware campaign.
CVSS metrics for evaluation of security vulnerabilities and a particular example of its calculation will be presented in the upcoming article.
Who can subscribe to receive security warnings and bulletins via e-mail?
Our services are provided free of charge. Anyone can subscribe to receive them by sending an e-mail to our address www.sk-cert(at)nbu.gov.sk
In your request please provide your contact details (organisation, name, e-mail and phone contact).
« Späť na zoznam
