Cyber Security Index
The CTU Cyber Security Index (CSI) is a threat-based, color-coded system provided to notify customers about threats that might require protective measures. The CSI is evaluated daily by CTU researchers and updated when necessary.
Reason
Microsoft and Adobe have released security updates. They include a critical update for all versions of Internet Explorer, an update for a Microsoft Office vulnerability in active exploitation, and an update for Adobe Flash. Customers should monitor vendor announcements and apply security updates as soon as possible.
Level 2 - Elevated
Elevated levels of malicious activity. Large-scale brute force, SQL injection, RFI, etc., attacks. Elevated incidence of one or more known malware families or signs of new malware. DDoS attack against a high-visibility service that impact customers either directly or through their reliance on a site or service.
Specific action may not be appropriate in the case of high activity for known or existing threats, but action items may be given for new threats.
The CTU will operate in a tight awareness loop with the SOC and other sources to gather and disseminate actionable intelligence and countermeasures.
How it works
The CTU Cyber Security Index is a threat-based, color-coded system provided to assist in implementing protective measures to reduce the likelihood or impact of an attack. The Cyber Security Index is evaluated daily by the CTU and updated as appropriate based on current threat activity. A “reason” provided for the index’s current status will typically include reliable and actionable information about a threat targeting software, networks, infrastructures or key assets (included in our Global Threat Intelligence service).
While the primary decision point for the Cyber Security Index is a “Daily Security Roundup and CSI Threat Level” discussion, the CTU can make a decision (with input from other senior security personnel from our Security Operations Centers, our CISO and other individuals) at any time day or night, depending on what events we see occurring or imminent.
When there is significant debate on what threat activity corresponds to which Cyber Security Index level, the CTU will refer to the criteria in the Cyber Security Index definitions to make judgment. The CTU takes a very serious and judicious approach when determining the Cyber Security Index.
Status definitions
| Level 1 - GuardedLow to average amounts of malicious activity. Typical network mapping, vulnerability scanning, and recon. Normal malware incidence. Isolated intrusions and denial-of-service attacks. No specific action is recommended. The CTU will continue to protect customers by maintaining vigilance and using standard operating procedures. |
| Level 2 - ElevatedElevated levels of malicious activity. Large-scale brute force, SQL injection, RFI, etc., attacks. Elevated incidence of one or more known malware families or signs of new malware. DDoS attack against a high-visibility service that impact customers either directly or through their reliance on a site or service. Specific action may not be appropriate in the case of high activity for known or existing threats, but action items may be given for new threats. The CTU will operate in a tight awareness loop with the SOC and other sources to gather and disseminate actionable intelligence and countermeasures. |
| Level 3 - HighHigh levels of malicious activity. Clear and present danger that requires immediate action to prevent significant impact on the confidentiality, integrity, or availability of customer information systems. Zero-day. Active exploitation of a critical, unpatched vulnerability in widely used software. Widespread or uncontrolled distribution of a new worm or virus. Coordinated DDoS attacks on key Internet resources or which are of a scale that impacts public network infrastructure. The CTU will diligently work to produce effective countermeasures and workarounds and get actionable intelligence to customers and the public. |
| Level 4 - CriticalA high level of danger to customer networks and systems, and public infrastructure. Indicates the need for immediate mobilization and realignment of security resources and a requirement for quick action. Active, large-scale use of attack tools or tactics that render existing controls useless, widespread distribution of a dangerous cross-platform worm, exploitation of a flaw in the design or common implementation of the technological underpinnings or routing fabric of public IP networks all constitute possible justification for raising the Cyber Security Index to Critical. The CTU will apply all resources at its disposal and take extraordinary measures to protect customers and the public, counter the threat, and return to a lower Cyber Security Index rating. |
Next Steps |
|
|---|---|
 | Call Us Today (877) 838-7947 UK +44 131 260 3044 |