As companies increasingly rely on the data contained on their computer systems, threats to the data are also growing. Threats to data, or to information, can come in the form of a breach of confidentiality, a violation of integrity, or a denial of availability. These threats can come from various sources including computer hackers with malicious intent, natural or unnatural disasters, the lack of security policies, the failure to enforce security policies and computer viruses. Computer viruses pose as serious a threat to data as can a malicious hacker. In order to thoroughly protect a company’s information, one must focus on protecting against all possible threats, including computer viruses. Although infection of computer systems by a virus is generally unintentional, the possibility of infection is real and without the proper protection, imminent. Computer viruses are designed to spread from one file to another, from one program to another, from one machine to another, and even from one network to another. Viruses threaten the integrity and availability of data. Data have become the backbone of most companies today, and therefore any threat to a company’s data cannot be tolerated. Time, resources and money must be invested to protect a company against the harmful and destructive intrusion of computer viruses. At first glance it would appear that protecting computers from viruses is a relatively simple task. On the surface this task involves selecting an anti-virus software package, installing it, and running the virus scan, rendering the computer virus-free. Unfortunately the process can be quite intricate, and require as much time and effort spent planning as on implementation. An enterprise wide anti-virus initiative involves numerous tasks, which at a high level can be broken into the following phases: planning, implementation and maintenance. Other phases may be identified for any given project and should be included as appropriate. These three phases however are the minimum for the success of an anti-virus campaign.
Planning
The planning phase is the first phase in protecting a company from computer viruses. Generally, planning is treated as a step in the implementation process, with the focus on implementation. For example, product selection is treated as the preliminary step in the software implementation, as opposed to a stand alone process in which greater attention is given to choosing the right product. This is the wrong approach to planning an anti-virus strategy. Planning is crucial to the success of an anti-virus effort. Planning involves product selection, project strategy, task and resource identification, and delegation, as well as other activities. The goal of the planning phase is to develop an anti-virus solution for the enterprise. A solution is not limited to the selection of an anti-virus product, or to the development of a strategy. Rather a solution answers the question “How will a company protect itself from computer viruses?” To arrive at the most efficient and reliable anti-virus solution, many questions must be answered.
First, is the organization trying to protect against a particular type of virus? Perhaps macro viruses have been causing problems, or maybe managers know little about computer viruses but have seen enough movies to scare them.
Second, what is the major source of viruses that is infecting the company? Are users bringing in infected disks, or maybe e-mail attachments are spreading a virus.
Third, how secure does the company want to be? What trade-off will be allowed between protection and performance? After all, the more secure they are, the slower computers will be.
Fourth, should the virus protection be behind the scenes, or should users know it is there and actively use it? These are just a sample of the questions that should be answered when choosing an anti-virus solution. Perhaps no one product meets all needs; in that case requirements must be prioritized to select a product that meets priorities. Alternatively, one can choose to use more than one product which will overlap and meet all needs. A product overlap also offers an additional layer of protection that one product alone cannot offer. It is possible that a new virus may be on the loose that cannot be identified by one of the anti-virus programs chosen. A second program may catch it and prevent an infection that otherwise may have created a threat. Obviously, selecting an anti-virus product, or more specifically an anti-virus solution is not a simple task. When all of the relevant questions have been answered, the solution will begin to take shape and eventually a final solution will emerge. FEATURE
You May Also Find These Documents Helpful
-
To properly secure an information system means protecting its files and other confidential information from misuse. The current speed of technological growth requires ever evolving security measures to follow these developments. As the members of Team “A” set out to address this need, it was necessary to discuss the requirements. The foundation of all concrete security plans require a detailed knowledge of all current systems, the tools needed to accomplish security needs and employee training. The implementation of these requirements will be outlined within a final Security Presentation.…
- 2101 Words
- 8 Pages
Better Essays -
One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.…
- 912 Words
- 4 Pages
Powerful Essays -
This report gives a brief description the general security solutions planned for the safety of data and information that belongs to the organization. The outline will provide elements of a multi-layered security plan, and will indicate a general security solution for each of the seven domains of a typical IT infrastructure. Also I will describe a layer of security for each of the seven domains.…
- 801 Words
- 4 Pages
Good Essays -
Importance • Significant amount of supplemental information IS4799 Information Systems and Cybersecurity Capstone Project © ITT Educational Services, Inc. All rights reserved. Page 4 Key Concepts Clarification • Additional information to clarify RFP contents…
- 675 Words
- 8 Pages
Satisfactory Essays -
In modern business, information and enterprise systems are becoming major backbones, relied upon for function, communication and longevity. Even smaller businesses have become dependent on computers for operations as well as management of information, from everything from billing, stock levels, to payroll. With the growing demand and need for computer systems and networks, issues begin to arise with systems security. Viruses, Trojan horses, worms, hackers, as well as internal security issues can plague a business. This paper will cover some of the basic concepts for system security, and possible threats.…
- 633 Words
- 3 Pages
Satisfactory Essays -
The CIO has requested that we follow up with a plan that is detailing a strategy for addressing all risks identified in the previous research. This plan needs to identify controls in administration, preventative, detective and corrective. With this data, the business will be able to mitigate each risk that we identified earlier. The following paper will explain the approach to correcting the various malware.…
- 1122 Words
- 4 Pages
Better Essays -
Robert Jones Unit 8 Discussion: John Motorcycle Parts 8/5/2014 IS3110 Mr. Jackson Risk Assessment Plan Performed for John Motorcycle Parts Co. Risks: 1. Identify risks and problems with security plan 2. 5 things to go wrong without Biz Continuity Plan Disaster Recovery Plan. 3. List five risks to be addressed I. Identification of risks and problems:…
- 186 Words
- 1 Page
Satisfactory Essays -
Networking and Telecommunications Virus and Malware Eradication Administrative and Support Services Security Policies and Implementation Project Management and Ethics System Forensics and Investigation…
- 901 Words
- 4 Pages
Satisfactory Essays -
Organizations invest a large portion of their information technology budgets on security applications and services, such as antivirus software, firewalls, and encryption. But no matter how much security hardware or software you deploy, how tightly you control the rights of users, or carefully you configure security permissions on your data, you should not consider the job complete unless you have a well-defined, timely auditing strategy to track the effectiveness of your defenses and identify attempts to circumvent them.…
- 1878 Words
- 8 Pages
Powerful Essays -
Ping sweeps and port scans are two techniques that a malicious computer user such as a hacker can utilize to compromise an Enterprise networks security and gain access to their proprietary data. For example, private email messages can be forwarded to a rogue destination email address: Done by installing a virus program into a user’s email client through a discovered active computers open TCP/IP IMAP port (port number 143) that is not being currently used by that user (Clarke, 2008). The virus then could take advantage of security vulnerabilities in that users email client program and forward emails from that users inbox over to another destination email address without them knowing about it. Therefore, in light of such exploits as just described it is vitally important to address and mitigate the security problem to an Enterprise network from ping sweeps and port scans that can be incurred from outside sources by the use of strong Firewall protections.…
- 631 Words
- 3 Pages
Good Essays -
Quarterly profit-and-loss report that shows a breakdown of revenue and cost for each separate activity…
- 358 Words
- 2 Pages
Satisfactory Essays -
The information in this paper will investigate the elements involved in computer security. Protecting information today requires more than just locking a door or filing cabinet. With data being stored electronically, it is vital that important information be protected from prying eyes. There are many different methods for protecting information that is stored on computers. These methods include everything from password and usernames to biometric devices. There are also software solutions that are used, including antivirus and anti-malware software along with firewalls. All of this is to accomplish the desired…
- 1544 Words
- 7 Pages
Powerful Essays -
The metrics that best work to measure Xemba Translations performance on this project is project diagnostic metrics. While not all risks of a project can be mitigated, using this objective data based on these metrics will make a huge difference to mitigate risk. Using diagnostic project metrics is like using a thermometer to assess the projects current status. This can help eliminate or mitigate the issue before it becomes unmanageable at the close of the project. This can help avoid the, should have, could have, would have moments that may happen once the project closes and gets reviewed from a retrospective project metric. With the diagnostic project metric when an issue does arise a contingency plan can be created if there is a trend toward a major risk as well. Diagnostic project metrics use current project statistics to gage where the project stands throughout the work of the project. This allows the project manager the ability to make better decisions along the route of the project to mitigate risk. Metrics that help improve the decision making, help aid to lower the risk of any project. Diagnostic metrics are comparative measures. The metrics compare a baseline (usually set at time of planning the project) to current project actuals. The actuals are compared to an earned value figure that is determined by where the project should be at that exact moment in time according to the project schedule. These diagnostic metrics will use the actual cost, earned value, and planned value to evaluate schedule variance, schedule performance, cost performance, and cost variance. Schedule performance and schedule variance will evaluate the earned value against the planned value. This will help show if the project is currently on schedule, or if not is it over or under schedule and by how much. Cost variance and cost schedule will reveal how the project is performing compared to the current cost and planned budget. These values will help the project manager assess if the…
- 2295 Words
- 10 Pages
Powerful Essays -
A computer security career is a highly diverse and important position, where you could work anywhere from a College Campus to a Hospital Administration building, all the way up to the Government Agencies all over the world. With so many new businesses’ opening daily, worldwide, the job market will be forever expanding. Whenever a business’s computer system acts up it’s the job of their computer security specialist to carefully take all the required steps to identify and resolve the specific issue, combining many people into one, saving the company lots of money. These specialists have and exceptional and advanced overall knowledge of all things computer.…
- 525 Words
- 3 Pages
Good Essays -
Proactive Malware Detection protects your mission-critical infrastructure during the critical period following a malware outbreak. Advanced heuristics technology protects your endpoints and prevents malicious code from penetrating your network.…
- 1552 Words
- 7 Pages
Powerful Essays