In this final installment of our four part series we will look at a few other real-world risks and finally we'll make some recommendations. Our goal throughout this series is to educate you on the actual hazards, their likelihood of actually happening, the impact in the event that one of these "breaches" actually did happen contrasted with the impact of inadvertently downing your DVR by applying untested or unnecessary patches. Our hope is that with this information you can make informed choices on how to manage operating system patches on your network of DVRs and that you may use this information to work with your examiner to provide thoughtful, educated answers to the questions or requests they may make of you during an examination.
The popular media likes to glorify the work of computer hackers and their exploits with the result being sometimes unrealistic expectations and knee-jerk responses. While all of these risks are in-fact real, we must weigh the actual threat and then prioritize our responses. We believe there are some threats that are real and pertinent and that deserve our attention and dollars, while others are the stuff of Hollywood films - completely unlikely, cost a fortune to fix, and where the fix may carry the far-worse risk of not having video coverage for hours, days or weeks.
Continue reading "Digital Video Recorder Operating System Patches - Policies & Recommendations - Part 4 - Recommendations" »
In Parts 1 and 2 we looked at digital video recorder (DVR) operating system types and we took a look at the different types of risks associated with those operating systems. Here, in Part 3 of the series we will look at several actions you can take to mitigate those risks. Some are obvious, common-sense solutions, while others are solutions you may not have thought of. All told we hope that this information will help educate and prepare you not only for your next exam, but for the real world risks you face.
In any situation where you face risk, you must assess the risk by determining just how big a threat those risks are. After assessing your risk the next step is to look at actions you can take to mitigate those risks. In my work as a vulnerability assessment and network security consultant for financial institutions, we developed a system for measuring risks by defining several aspects of risk such as threat, likelihood along with a tangible assessment of what we stood to lose if some particular system were breached. In this matrix, each aspect of risk was assigned a weight and a score was given to each category for the specific item being assessed. A final score was then calculated in order to more easily prioritize which items needed the most attention.
After the risk had been assessed we then looked at any and all mitigating factors. In many cases (as you will see), some are practical and some are not. In yet other cases the client determines that the cost of mitigation far outweighs the risk. The goal of the system is to identify risks, measure their threat level, the finally come up with some meaningful and realistic mitigating actions. As it relates to DVRs on the financial institution network, there are many actions we can take to mitigate or minimize the risks.
Continue reading "Digital Video Recorder Operating System Patches - Policies & Recommendations - Part 3 - Risk Mitigators" »
In this, the second part of our four part series on operating system patches for digital video recorders we will discuss the risks associated with either patching or not patching the OS. It may be hard to believe that this topic could ever require a four part series! However, the prominence of DVRs within financial institutions coupled with the complexity of network and OS vulnerabilities make the topic very critical.
Many of our clients are community banks or credit unions with little or no IT staff. At the same time, many of our clients are large, regional financial institutions with full-time, dedicated IT staff. With that in mind we wanted to be extremely thorough in our presentation of the facts, the risks, the mitigators, and your options.
Let's continue the series by jumping right into the risks.
Continue reading "Digital Video Recorder Operating System Patches - Policies & Recommendations - Part 2 - Risks" »
