Two updated guides provide latest NIST recommendations for system patches, malware avoidance

Aug 20, 2013

The National Institute of Standards and Technology (NIST) has updated two of its series of computer security guides to help computer system managers protect their systems from hackers and malware. Vulnerabilities in software and firmware are the easiest ways to attack a system, and the two revised publications approach the problem by providing new guidance for software patching and warding off malware.

A common method to avoid attacks is to "patch" the vulnerabilities as soon as possible after the develops a piece of repair software—a patch—for the problem. Patch management is the process of identifying, acquiring, installing and verifying patches for products and systems.

The earlier guidance on patching, Creating a Patch and Vulnerability Management Program, was written when patching was a manual process. The revision, Guide to Enterprise Patch Management Technologies,* is designed for agencies that take advantage of automated patch management systems such as those based on NIST's Security Content Automation Protocol (SCAP).

Guide to Enterprise Patch Management Technologies explains the technology basics and covers metrics for assessing the technologies' effectiveness.

The second security document provides guidance to protect computer systems from malware—. Malware is the most common external threat to most systems and can cause widespread damage and disruption.

NIST's Guide to Malware Incident Prevention and Handling for Desktops and Laptops** was updated to help agencies protect against modern malware attacks that are more difficult to detect and eradicate than when the last version was published in 2005. The new guidance reflects the growing use of and the harvesting of information for targeting attacks.

The new malware guide provides information on how to modernize an organization's malware incident prevention measures and suggests recommendations to enhance an organization's existing incident response capability to handle modern malware.

Explore further: EU holds largest-ever cyber-security exercise

More information: *Guide to Enterprise Patch Management Technologies (NIST Special Publication 800-40, Revision 3) is available at: nvlpubs.nist.gov/nistpubs/Spec… NIST.SP.800-40r3.pdf

**Guide to Malware Incident Prevention and Handling for Desktops and Laptops (Special Publication 800-83 Revision 1) can be found at: nvlpubs.nist.gov/nistpubs/Spec… NIST.SP.800-83r1.pdf

add to favorites email to friend print save as pdf

Related Stories

NIST updates guidance on network attacks and malware

Jul 26, 2012

Detecting and stopping malicious attacks on computer networks is a central focus of computer security these days. The National Institute of Standards and Technology (NIST) is asking for comments on two updated guides on malicious ...

Malware bites

Aug 15, 2013

Antivirus software running on your computer has one big weak point - if a new virus is released before the antivirus provider knows about it or before the next scheduled antivirus software update, your system can be infected. ...

Latest Java poison romps on as ok.XXX4.net

Aug 28, 2012

(Phys.org)—Yet another Java-related computer threat, cross-platform, has been nailed by security researchers. An exploit was seen by FireEye researchers on Sunday, being hosted on a domain ok.XXX4.net. ...

Hackers who hit US media are back: security firm

Aug 12, 2013

The hackers who penetrated the computer network of The New York Times last year have resurfaced with an attack on "an organization involved in shaping economic policy," experts warned Monday.

Recommended for you

Humans are largely the problem in cyber security failures

3 hours ago

When people think about cyber and information security they often think about anti-virus software and firewalls; however, according to an information security expert from the University of Adelaide, organisations would become ...

Pirate Bay founder jailed for hacking Danish data

3 hours ago

A Danish court on Friday sentenced the Swedish founder of file-sharing site The Pirate Bay to 3½ years in prison after he was found guilty of hacking into a private company handling sensitive information for Danish authorities.

What's causing the recent string of data breaches?

Oct 30, 2014

It's Cyber Security Awareness month, which has me wondering: are we doing all we can to protect our data? To help answer this question, I sat down with Girish Bhat of Wave Systems—an important collaborator of Micron's—to ...

Court: UK spies get bulk access to NSA data

Oct 29, 2014

The British government's insistence that its spies don't use the vast espionage powers of the U.S. National Security Agency to sidestep U.K. restrictions on domestic eavesdropping was called into question by a court document ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.