PSS Security Team Security Alert Severity Matrix

 The PSS Security Team will be issuing alerts about viruses and other technological attacks that affect Microsoft software and our customers. The PSS Security Team has defined a severity rating system that classifies technological attacks, such as viruses and worms, as they relate to Microsoft software and our customers. We have classified the attacks into three types for ease of categorization and to align ourselves with the Severity Rating System that is used by the Microsoft Security Response Center.

 About the Rating System

In establishing this rating system we took into account a number of details about how an attack infects and affects a computer and what makes a particular attack more damaging to users than another attack. The PSS Security Team found that the most damaging and disruptive attacks were ones that:

* Affected user’s computer by using a number of different methods

* Destroyed data and/or significantly disrupted service

* Exploited vulnerabilities in software, its functional design, or its feature sets

Based on these factors, and the analysis of major technological attacks, we have adopted the following classification system. First, the six characteristics that we look for in an attack as they relate to Microsoft software and our customers are defined. We also indicate and define the valid entries for each characteristic of the matrix. Finally, we provide the matrix that defines what characteristics an attack (such as a virus) must meet to be defined at a given criteria.

Definitions of Characteristics of Attack

Microsoft Product Vulnerability:

Valid Entries: Yes/No/Patch Not Available
Yes: The attack exploits a Microsoft product vulnerability for which a patch is available.
No: The attack does not exploit a Microsoft product vulnerability.
Patch Not Available: The attack exploits a Microsoft vulnerability for which a patch is not yet available or for which there is only a workaround.

Vectors of Attack

Valid Entries: Any whole number this number will identify the number of attack/infection vectors for the identified attack. Infection and attack vectors will normally refer to things such as e-mail, port 80, network file shares, and so on.

New Vector of Attack

Valid Entries: Yes/No
Yes: The attack is using a new, or previously unknown, vector of attack. This could also be chosen for an attack that uses a vector in a new way.
No: The attack uses known and/or previously-preventable vectors of attack. Previously-preventable vectors of attack could include e-mail vectors that are now protected and preventable, such as vectors that are protected by the Outlook E-mail Security Update. Previously-preventable vectors of attack could also include any well-known attack method that is commonly used by attack and virus writers.

Distribution Potential:

Valid Entries: High/Medium/Low
High: Distribution potential for any given target audience such as consumer or enterprises is high. This means that the attack can spread rapidly and quickly with a potentially large number of attack victims.
Medium: Distribution potential for any given target audience such as consumer or enterprises is medium. This means the attack can spread rapidly, but necessary safeguards may already be in place, or the potential attack victim audience is segmented, therefore containing the spread.
Low: Distribution potential for any given target audience such as consumer or enterprises is low. This means that the attack is not expected to spread rapidly, nor have a significant level of targets, possibly because of poor attack design, limited infection vectors, or other issues.

Unique Data Destruction:

Valid Entries: Yes/No
Yes: Data that is unique will be destroyed. Examples include reformatting a whole drive, erasing information that is personal and is not related to a program or executable file (.exe) that can be reinstalled.
No: Data is not destroyed or data that is not unique may be destroyed, for example, limited program files that can be reinstalled.

Significant Service Disruption:

Valid Entries: Yes/No
Yes: The attack possesses the ability to significantly cause a service disruption to any given service. This is usually network related, for example, mail delivery slowdowns and network-bandwidth consumption. While most virus attacks will cause some service disruption, this field will be used for those attacks that, in our estimation, cause significant disruptions to critical services.
No: The attack does not cause a significant service disruption. The virus may still cause a service disruption.

Virus Alert Severity Ratings

CRITICAL SECURITY ALERT:

A critical reactive alert will be issued when an attack meets the following characteristics:

www.tartoos.com

* Any attack that uses a Microsoft product vulnerability for which a patch has not been released will be Critical Reactive regardless of other entries in the matrix.

MODERATE SECURITY ALERT:

A moderate reactive alert will be issued when an attack meets the following characteristics:

LOW SECURITY ALERT: www.tartoos.com

A low reactive alert will be issued when an attack meets the following characteristics:

For characteristics that contain more than one value, either value can be present. For characteristics that contain only one value, that characteristic must be met in order for the attack to be classified in that severity. Also, the characteristics must all be met for a given severity.

Because of the negligible impact of attacks that fit into our Low severity classification, we will not issue any alerts or communications on these attacks.For attacks of Moderate or Critical severity, we will issue alerts to our customers by using a number of methods that will be announced and enhanced over the next few months.

While we have attempted to craft an adequate matrix to alert and inform our customers about attacks, these technological attacks continue to evolve and change. The PSS Security Team will be constantly refining and reviewing these processes and procedures we have set up to respond to these attacks. We will keep you informed of these evolutions in our processes as they unfold, and we look forward to working with all of you, our customers, to help keep all of your computers protected and secure.   www.tartoos.com

PC school          Informations