Information security alerts to be renewed: red critical and yellow severe
Previously, alerts have been published only if the situation has been critical and required immediately that, for example, several passwords and systems are updated. There are no effective alerts at the moment.
A critical alert is identified with a red warning triangle, whereas a severe alert is marked with a yellow triangle. When the alert is no longer effective, it is indicated with a grey triangle.
When a "red" alert is published, both the users and service maintainers must take remedial actions immediately.
A "yellow" alert, in turn, refers to a situation where the users and maintainers must exercise general caution or prepare themselves for possible remedial actions. The alert remains effective until the situation is in control and the information security defects have been fixed.
The new classification method enables FICORA to issue alerts concerning, in particular, severe information security deviations faster than before. Alerts related to information security are published quite seldom, for example in 2014 only three alerts were published.
It can be expected that this so-called two-step classification does not change the number of critical alerts. However, there is a possibility that the total number of alerts issued per year will increase in the future.
FICORA has published alerts related to information security since 2002. Back then, CERT-FI was responsible for publishing them. As of 2014, FICORA's NCSC-FI has continued this work.
In addition to alerts, the NCSC-FI publishes vulnerability reports and information security-related Information Security Now! articles. Alerts, vulnerability reports and Information Security Now! articles are published at ncsc.fi.