Top Banner
Cisco Product Security Incident Response Team Protection. Security. Transparency. The Cisco Product Security Incident Response Team (PSIRT) is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. PSIRT investigates vulnerabilities across the entire Cisco product portfolio. Over 20 years of experience helping to alert customers about vulnerabilities in Cisco products The single entity authorized within Cisco to disclose vulnerability information to customers Global team of incident managers providing 24/7 support ISO 29147 compliant PSIRT is notified of a security incident PSIRT prioritizes and identifies resources PSIRT coordinates product impact assessment and fixes Customers and the public are notified simultaneously INCIDENT HANDLING PROCESS Cisco proprietary code Third-party software components 011011011 110010101 001001100
2

Cisco Product Security Incident Response Team · BENEFITS Industry standard – Use standard rules, policies, and scoring systems Consistency – Apply the same process across the

Feb 15, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Cisco Product Security Incident Response Team · BENEFITS Industry standard – Use standard rules, policies, and scoring systems Consistency – Apply the same process across the

Cisco Product Security Incident Response TeamProtection. Security. Transparency.

The Cisco Product Security Incident Response Team (PSIRT) is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks.

PSIRT investigates vulnerabilities across the entire Cisco product portfolio.

Over 20 years of experience helping to alert customers about vulnerabilities in Cisco products

The single entity authorized within Cisco to disclose vulnerability information to customers

Global team of incident managers providing 24/7 support

ISO 29147 compliant

PSIRT is notified of a security incident

PSIRT prioritizes and identifies resources

PSIRT coordinates product impact assessment and fixes

Customers and the public are notified simultaneously

INCIDENT HANDLING PROCESS

Cisco proprietary code

Third-party software components

011011011110010101001001100

Page 2: Cisco Product Security Incident Response Team · BENEFITS Industry standard – Use standard rules, policies, and scoring systems Consistency – Apply the same process across the

BENEFITS

Industry standard – Use standard rules, policies, and scoring systems

Consistency – Apply the same process across the portfolio, even as the product line grows

Best in class service – Provide dedicated support for product security and network protection

Speed – Quickly assign CVEs for security vulnerabilities

Collaboration – Work with product teams across Cisco and third parties

Transparency – Deliver security advisories to the public

» How to report or obtain support for asuspected security vulnerability

» Details on the incident response process

» Communications and disclosure plans

Cisco Common Vulnerabilities and Exposures (CVE) assignments that have been released in Cisco Security Advisories during the past five years.

POLICYPSIRT investigates all reports, regardless of the Cisco software release, through the last day of support for a given product.

Issues are prioritized based on the potential severity of the vulnerability and other environmental factors. Ultimately, the resolution of a reported incident may require upgrades to products that are under active support from Cisco. Review Cisco’s Security Vulnerability Policy to learn about:

Receiving Security Vulnerability Information from CiscoThere are several ways to stay connected and receive the latest security vulnerability information from Cisco.

Cisco Security: cisco.com/securityContact PSIRT: [email protected] feeds: http://tools.cisco.com/security/center/rss.x?i=44Cisco Notification Service: https://www.cisco.com/cisco/support/notifications.htmlCisco PSIRT openVuln API: https://developer.cisco.com/site/PSIRT/

© 2018 Cisco and/or its affiliates. All rights reserved.

600

500

400

300

200

100

02013 2014 2015 2016 2017

Cisco CVE Assignments