Threat P.V.CSAPNaS.3

Use a systematic procedure for regular security patching of software used (including hosted process Service) on device SHost, and have a contingency plan included in the system operating policies and practices for HostManager to manually apply patches immediately for Service should the need for them become urgent.

Represents a situation in which software patches have been applied manually by HostManager to eliminate vulnerabilities in process Service. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. Note that this should only be considered if a suitable software patch is available. To implement this at runtime, signal the responsible user HostManager.

Firewall rules that normally allow access to service Service on specific network path(s) may be temporarily switched off by its host manager HostManager. This strategy represents a contingency plan, which can be used to reduce risk from some threats but it also triggers other threats representing possible side effects, depending on how likely it is that the contingency plan will need to be activated.

Firewall rules that normally allow access to service Service on specific network path(s) have been switched off by its host manager HostManager. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To activate it at runtime, user HostManager who is responsible for managing host SHost should arrange for firewall policies to be switched off, ideally as close as possible to subnet LogicalSubnet from where the risk arises.The Disable Service Channel control should be deselected only when access is enabled again.