Vulnerability Remediation 4.3

Question 1

Patching

Answer 1

• Most common mitigation technique
• Vulnerabilities are known and requires security patch to install
• Ongoing process

Question 2

Schedule of Patches

Answer 2

• Provided on a standard weekly or monthly schedule

Question 3

Unscheduled Patch

Answer 3

• Addresses Zero-Day vulnerabilities

Question 4

Cybersecurity Insurance Coverage

Answer 4

• A policy that executes when after an attack occurs
• Risks are transferred to a third party that manages specific types of multiple risk for multiple parties.

Question 5

Coverage of Cybersecurity Insurance

Answer 5

• Lost revenue
• Data recovery
• Money lost to phishing
• Privacy lawsuits costs

Question 6

What is Not Covered by Cybersecurity Policy

Answer 6

• Intentional acts, funds transferred, ransomware, etc.,

Question 7

Segmentation

Answer 7

• Limits the scope of an exploit / attack
• Separates devices onto their own network or VLANs
• Prevents an attacker from gaining access to additional parts of the system

Question 8

Considerations for Segmentation

Answer 8

• Difficult to patch as it may cause other problems or not installing properly onto a service.
• System must be moved to an air gap system

Question 9

Internal Next Generation Firewalls (NGFW)

Answer 9

• Monitors the traffic between two segmented systems
• Able to identify the application allowing for the systems to communicate.
• Blocks unwanted/unnecessary traffic between VLANs.
• Identifies malicious traffic on the inside.

Question 10

Physical Segmentation

Answer 10

• Physical separation of systems
• Air gap

Question 11

Logical Segmentation

Answer 11

• Accomplished through VLANs
• Allow the assigning of the interfaces to different systems
• Cannot communicate between VLANs without a layer 3 device or router

Question 12

Compensating for Inability to Patch

Answer 12

• Disable the problematic system.
• Revoke access to the application
• Limit external access
• Modify internal security controls and software firewalls

Question 13

Change Control Board (CCB)

Answer 13

• A body that oversees the change management process
• Enables management to oversee and coordinate projects

Question 14

When Patches Cannot Be Performed

Answer 14

The CCB must be determined Exceptions and Exemptions of not performing a patch

Question 15

Validation of Remediation

Answer 15

• Determining if recently installed patch has stopped the exploit or patched all vulnerabilities.

Question 16

Validation of Remediation Method - Rescanning

Answer 16

• Perform an extensive vulnerability scan
• Confirms patch has been installed and additional vulnerabilities.

Question 17

Validation of Remediation Method - Validation

Answer 17

• Check remediated systems to ensure the patch was successfully deployed

Question 18

Validation of Remediation Method - Verification

Answer 18

• Manually confirm the security of the system
• May require someone to manually login into the system and test the patch

Question 19

Reporting

Answer 19

• Provides ongoing checks which are required when there over a thousand systems to monitor.
• Difficult or impossible to manage without automation.

Question 20

Continuous Reporting Findings

Answer 20

• Number of identifiable vulnerabilities
• Systems patched vs unpatched
• New threat notifications
• Notifies of errors, exceptions, and exemptions