EISI Security Response Team
The EISI Security Response Team aims to help Profiles and NaviPlan clients conduct their business operations in a secure environment. To do this, we must evaluate all reports of suspected vulnerabilities and, when deemed prudent, ensure that the appropriate steps are taken and communications are disseminated.
For any vulnerability that could, in the opinion of the EISI Security Response Team, impact clients, no matter how unlikely or limited the impact, we will issue a bulletin with a severity scale rating so that clients can identify those vulnerabilities that represent significant risks.
Vulnerabilities affect different clients differently. The severity scale rating is intended to help clients assess their individual risk.
Security Severity Rating System
The Security Severity Rating System defines each vulnerability according to its severity and the action required.
| Rating | Definition |
| Critical | A vulnerability whose exploitation could allow the propagation of an Internet worm without user action. If successfully exploited, this vulnerability could take complete control of an affected system, including installing programs, deleting data, or creating new accounts with full privileges. |
| Important | A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources. This could allow denial-of-service attacks, and could result in the loss of confidential data. Customers are strongly advised to apply security patches for these vulnerabilities immediately. |
| Moderate | Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation. |
| Low | A vulnerability whose exploitation is extremely difficult, or whose impact is minimal. |
Security Bulletins