Chip Security Vulnerabilities

Chip manufacturers have disclosed vulnerabilities in their software that can lead to unauthorized disclosure of sensitive information. The vulnerability exists in workstations, servers, cloud computing environments, and mobile devices.

The vulnerabilities are the result of a software coding technique called speculative execution. With speculative execution, the software attempts to anticipate upcoming actions or tasks. By anticipating the next step, the software can do work before the task is needed and reduce response time delays. If the actions are not needed, the results are ignored.

Two specific vulnerabilities, Meltdown (Intel chips) and Spectre (AMD and Arm chips), can allow a hacker to steal information stored in the memory of a chip including passwords, e-mail messages, and other sensitive information. The vulnerabilities may also allow a hacker to circumvent or weaken other security features.

What you should do

Organizations should apply security updates per their Patch Management Policy. Updates should be tested before installing patches in production environments. Devices to be patched include:

In addition to addressing vulnerabilities in their internal environment, organizations should contact their third party service providers to:

On an annual basis, engage the services of an outside security auditor to perform a network security audit. The security audit evaluates the effectiveness and sufficiency of the organization's technical safeguards, physical safeguards, and administrative safeguards.

Security Blog
verified If You Want a "Security Audit"
You Need a Certified Auditor.
Certified Information Systems Auditors

Unlike a security consultant, Altius IT is certified as a Certified Information Systems Auditor to perform a security audit of your environment and issue reports and recommendations to secure your systems. After your audit, Altius IT's Auditor Opinion Letter and Secure Seal let your clients and prospects know you meet security best practice/compliance requirements.

See our In the News page for video clips of our experts on national television as well as over 40 publications featuring Altius IT. In addition to our auditor certifications we hold many security, technical, and project management credentials. More information is available on our About Us page.

Our comprehensive audit service uncovers gaps in your existing defenses so that you can better:

  • Fortify your information systems, applications, and network infrastructure
  • Comply with regulatory requirements
  • Protect your valuable assets
Assurance and Security Audit Services
network-security
Network Security Audit Company
Certified security audit
Cyber security audit
Network security audit
Penetration test and penetration testing
Risk assessment
Security testing
Social engineering security assessment
it-security
IT Security Audit Company
Data security audit
IT audit
IT security audit
Mobile software application security audit
Network security assessment
Security assurance
Web application security audit
Website security audit
Website security testing
compliance
Compliance Audit Company
Information assurance
Privacy audit
Security compliance
consulting-services
Consulting Services Company
Custom consulting service
Cyber security consulting
Network security consulting
Network audit
Network assessment
Quick Access
Audit Resources
Security Resources
Contact Us
Copyright ©     Altius IT.   All rights reserved.
Site map Privacy policy Do Not Sell or Share My Personal Information