Hands on 4-1

.docx

School

Ivy Tech Community College, Indianapolis *

*We aren’t endorsed by this school

Course

105

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

1

Uploaded by CaptainSnowCaribou30

Report
Flint Bundenthal CISA 105 11-3-2023 Hands-On Project 4-1 Step 4 The link in 4-1 sent me to first.org and it looks like they absorbed ICASI and the CVRF on June 1 st 2021 so I had to google more info about it. The CVRF was a XML based standard to help share security vulnerabilities in a single format to help speed up exchange of information. It looks like this has transitioned over to CSAF (Common Security Advisory Framework) now and is being operated by FIRST PSIRT SIG. Step 12 The info seems to be pretty well laid out you have to click an extra time to see what the actual CVE was and how it impacted Microsoft products but the timeline of the change log is nice to see when the updates happened. Step 14 The one I found was Exploitation less likely. This means that while an exploit could be made it would be very difficult and have varied results on the affected product. The index says that they have not observed any trend of this type being actively exploited. Step 15 This one is not too serious and should not be a priority to take care of. Step 16 This information is very important to help prioritize which updates need to happen first because they are an active threat down to the ones that are very unlikely to be exploited. The sort function on this database helps you figure out which ones are higher up on the list to take care of and also lets you filter by product so you are not seeing products you don’t have. Step 18 Apple does not list any security issues until they have a patch to release it so it does not help security help safeguard things that may be an issue because they don’t know that it may be an issue. Step 20 I don’t think that Apple goes into near as much detail about their releases. While they still list the CVE they do not give great detail on the impact or how they fixed it. I think that Microsoft gives much better information to security professionals which is why it probably gets used more than Apple.
Discover more documents: Sign up today!
Unlock a world of knowledge! Explore tailored content for a richer learning experience. Here's what you'll get:
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help