SlideShare ist ein Scribd-Unternehmen logo

Creating And Enforcing Anti Malware Practices

Als DOCX, PDF herunterladen
Diane M. Metcalf
Diane M. Metcalf

July 7, 2011

1 von 14
Creating and Enforcing Anti-Malware Procedures and Practices Within an Organization Diane M. Duhé
Abstract Malware poses a significant threat to all computer networks, whether large or small. Malicious software is responsible for data corruption, loss, misuse, identity theft, and many types of unauthorized use. All of these contribute to potential liabilities, loss of services, damage to a company’s reputation, loss of customers and/or stakeholders and possibly to the company’s inability to continue doing business. This paper will provide a summarization of the best practices in regard to creating and enforcing anti-malware procedures, as they pertain to enterprise networks, and data security. The Method of Approach will be research, conducted via the ACM Digital Library, IEEE/IEE Electronic Library, professional journals, web articles, white papers, and utilizing personal work experience as a Network Administrator. The Introduction will define the term “malware” and summarize the prevalence of and damage caused by malware infection in an enterprise. The Best Practices section will discuss creating and implementing Policies, Guidelines and Procedures for securing systems and networks. The Related Costs section will discuss methods for quantifying costs of malware attacks, the importance of utilizing “value calculators” and creating/implementing security budgets. Introduction The term “Malware” once referred to viruses, worms, and trojans, but current malware has evolved into a very selective tool. Malware is no longer written using amateur scripts, or using “copy and paste” methods by script kiddies. Instead, highly trained, paid, programmers are authoring malware, supported via political syndicates, organized crime, government sanctioned-unacknowledged (“dark”) ops, and some nation-states. [1] What began as pranks has evolved into serious criminal activity. Malware is now used for crimes such as industrial espionage, “transmitting digital copies of trade secrets” [2] customer names, future business plans, and contracts, virtually any and all private or personal information. In order to discuss best practices for implementing anti-malware protection, it is necessary to have a basic understanding of enterprise malware infection and its effects.
The Prevalence of Computer Crime The 2010-2011 CSI/FBI report revealed that: • “Malware infection continued to be the most commonly seen attack, with 67.1 percent of respondents reporting it. • Respondents reported markedly fewer financial fraud incidents than in previous years, with only 8.7 percent saying they’d seen this type of incident during the covered period. • Of the approximately half of respondents who experienced at least one security incident last year, fully 45.6 percent of them reported they’d been the subject of at least one targeted attack. • Fewer respondents than ever are willing to share specific information about dollar losses they incurred. Given this result, the report this year does not share specific dollar figures concerning average losses per respondent. It would appear, however, that average losses are very likely down from prior years. • Respondents said that regulatory compliance efforts have had a positive effect on their security programs. • By and large, respondents did not believe that the activities of malicious insiders accounted for much of their losses due to cybercrime. 59.1 percent believe that no such losses were due to malicious insiders. Only 39.5 percent could say that none of their losses were due to non-malicious insider actions. • Slightly over half (51.1 percent) of the group said that their organizations do not use cloud computing. Ten percent, however, say their organizations not only use cloud computing, but have deployed cloud-specific security tools.” [3] Best Practices Malware detection has been accomplished, until very recently, by using “signatures”. Signature based malware detection requires that malware be identified by analysis of the malwares’ code and finding code that is unique to the malware. The discovered code is then used to create anti- malware software that is based on recognizing that code. Once created, the anti-malware software must be installed onto the computer system, and allowed to scan, detect and remove the malware. This entire process must be repeated anew for every novel instance or variant of malware. This method is insufficient and reactive at best [4] As malware continues to evolve in ways to avoid detection, it is simply not practical to continue detection in this manner. Malware is increasingly being written using innovative and aggressive procedures which help to avoid detection, and sometimes even withstanding disinfection efforts. Until new and better proactive detection are available, malware will continue to infect networks and network components, costing the affected businesses time, money and resources.
Frequently, organizations mistakenly treat malware infections as a series of independent episodes. When a malicious program is discovered, it is remediated until the next occurrence on the next system..This method cannot contain infections before they transmit across the network, thereby infecting more components. Spreading malware in this way could potentially damage the organizations ability to carry out daily activities of business. Disinfecting hundreds or thousands of computers on an enterprise network would be a monumental task. A new, pro-active approach must be undertaken for prevention/detection/disinfection and recovery for enterprises networks. It necessarily must be different from the methods used for the same purposes on individual systems. The approach must be viewed as “holistic” security comprised of four phases: Plan, Resist, Detect, and Respond. [5] Interesting figures:  “80% of businesses without a recovery plan went bankrupt within 1 year of a major data loss  59% of companies cannot conduct business during unscheduled IT downtime  3Computer Security Institute, 15th Annual 2010-2011 Computer Crime and Security Survey 1. PLANNING Creating written policies and guidelines Planning an approach to minimize malware infection includes addressing key issues, such as diversity of system configurations and business requirements within an organization, the use of assorted technologies within the organization, logistical challenges presented by the scattering of systems across various geographic locations, internal political hindrances, as well as the legal/regulatory aspects of IT as they pertain to the organization. Implementing clearly written policies helps to mitigate the risks associated with malware. A Policy is “A formal, brief, and high-level statement or plan that embraces an organization’s general beliefs, goals, objectives, and acceptable procedures for a specified subject area.” [7] It defines required actions and sets the rules. All policies should include the following attributes: - Require mandatory compliance - Technology objectives, i.e.: why the technology is being provided to the user
- Expectations of privacy including the use of monitoring and logging - Detailed acceptable use, outlining permitted as well as prohibited user actions - Detailed restrictions which may involve issues concerning confidentiality - Defined consequences for violations - Implementation focused - Further defined by guidelines and/or standards. Standards, Guidelines and Procedures: Standards are mandatory rules that are written in conjunction with and designed to support a policy. They help makes the policy more effective. Standards usually include specifications for hardware, software and/or behavior, and describe requirements for various configurations. Guidelines are general statements designed to provide a framework within which to implement the policy. They are not mandatory, and are more like suggestions or “best practices”. They provide information on “how” to do something. Guidelines can change frequently, and must be reviewed more often than Standards or Policies. Procedures are the mechanisms for enforcing policies. They are beneficial in times of crisis. They outline “how” the policy is implemented. “Position Statements” are often times precursors to policies, and are much simpler, in that they focus on a particular technology and the expectations for its use within the organization. 2. RESISTING Employing a variety of ways to protect networks from infection and intrusion [8] Implement Security Policies Security Policies must agree with the organizations’ security standards. Policies must be reviewed regularly to reflect the current organizational needs, yet remain compatible with other company policies. Some questions to ask when reviewing a policy are: has the company structure changed? Does the policy reflect the company’s guidelines? Have there been new technology purchases? Are there new State or Federal compliance requirements? Is there new user-behavior to address?
Implement Security Systems Security Systems must be implemented on the network, to protect the network from cybercrime and other threats, such as malware, hacking and information theft. Manage and Control IT Manage and control IT by utilizing an enterprise management system (EMS) to perform network monitoring to ensure policy compliance as well as security at the system level. Implement Group Policy Protecting and securing the network and network resources must occur at both the system and the network level. Group Policy implementation can restrict incoming traffic from the Internet and other less trusted networks, by controlling ports, IP addresses and domains. Group Policy can also control user activity such as what they’re allowed to connect to computer systems, and how removable media, such as USB devices, are to be used. Educate users Ensure network users are educated and informed regarding types of malware attacks, signs of infection, and how to report. Implementing Further Protection: Use a Firewall Utilize Anti-virus/anti malware software Enforce: -Email Policies -Password Policies -Acceptable Use Policies Ensure: Group Policies and Network Monitoring for: -USB and portable devices -Instant Messaging
-Internet Applications -Public Social Networks -Downloading and/or installing software 3. DETECTING Use an Intrusion Detection System- IDS Employing the use of Intrusion Detection hardware/software on the network will help contain possible infections and security breaches. Use a Network Management System Implement Network Management and Monitoring 4. RESPONDING The National Institute of Standards and Technology's “Computer Security Incident Handling Guide” states that there are three steps involved when responding to a confirmed malware attack: [9] Containment Eradication Recovery Performing these steps should be supported by the guidelines that were written during the Security Planning phase, outlined above. Containment Efforts to contain the spread of the malware should include: [10] Instructing users what they should and should not do in the situation in order to help contain the spread of the malicious software. (ie: clicking an email link) . Disconnecting affected systems from the network, temporarily. Eradication Eradicating the malware, (also called “disinfecting”) which involves removing the malware and possibly restoring damaged systems from backups, or rebuilding the systems.
“Locking down” systems, patching vulnerabilities, and reconfiguring affected components on the infrastructure. Recovery Focus on returning to normal operation Confirm that the attack has been contained Ensure the malware has been removed Determine which containment actions can now cease Collaborating with entities such as legal departments or public relations may also be a component of recovery. Response teams should now review their course of action, assess/adjust applicable security mechanisms and agree on methods for improvement. These proceedings conclude the security cycle, and bring the focus back around to the Planning phase again. The Related Costs of Malware Determining and balancing the cost of malware is actually an exercise in risk analysis. The first step to determining this expense, is assigning values to all information assets. The second step is to estimate the potential loss. The assigned asset and loss values are then used to determine the single loss expectancy (SLE), which is defined as the expense of recovering from a single malware attack. [11] Calculating the SLE includes a summation of the following costs: The cost of purchasing/maintaining anti-malware products The ongoing cost for maintaining anti-malware ie: subscriptions for updates/other related services Assigning a value to the company's data (calculated by determining how much it would cost to restore or re-create different types of lost information, such as sales records, tax information, contact information, emails) Lost revenue Potential cost of fines and penalties for violating confidentiality/privacy agreements Loss of employee productivity Cost of repairing damaged systems Hardware overhead (all anti-malware products consume resources such as processing power, memory and disk space)
Determine the annual loss expectancy (ALE) of a single malware attack based on average number of previous attacks per year Multiply the SLE by the ALE to determine the annual cost of malware for the business. [12] Setting a Security Budget Determine the annual cost of malware. It is crucial to plan an anti-malware budget accordingly. The figures from the above calculations will provide a rough estimation for the planned yearly expenditure for anti-malware protection. Assess the amount of risk that the company is willing to take. For example, some companies might choose to accept a higher level of risk of infection, because it’s been determined that the actual probability of attack is very low, or because the organization has lowered some risks in other ways, such as by purchasing insurance, or the use of offsite backup solutions. These calculations can be used in creating a security budget, and /or for calculating the value of the particular anti-malware tools already in place. [13] Calculators There are many risk calculators available online as shareware. They are easy to use, and will generate an estimate of various risks, using several of the variables mentioned above. One such calculator was used to estimate the financial risk for a fictitious organization of 1,000 employees. The calculator located at http://www.cmsconnect.com/Marketing/viruscalc.htm, analyzed the organizations’ workplace and email environment, (using number of employees with email access, number of minutes of email usage per employee per day, and average employee salary) along with the number of IT staff, and average salary The effects of an email malware attack in regards to salary and productivity are found as follows: It was determined that a fictitious organization of 1,000 employees earning an average e of $25/hr, and using email for approximately 30 minutes per day, would cost the company 524 hours, which translates into $13,700.00 in lost salaries per day (or $570.83 per hour)
Return on Investment When using Return on Investment to justify purchasing security technology it is important to remember that avoiding a possible loss is much different than generating income. Use ROI cautiously. Findings Malware affects networks of all sizes, and is installed via various means, many times without a users consent or knowledge. It is costly to businesses in regard to prevention as well as recovery. Malware is no longer viewed as a prank created by script kiddies. Malware is now developed by professional programmers who are paid for their work, and is used to steal information of all kinds. New types of malware are continuously being developed in order to avoid detection. Detection and disinfection can be costly. The way that the enterprise behaves throughout all four phases of the security cycle determines its success in protecting its network and data from malware. [14] Recommendations Risk analysis and assessment must be performed and are a necessary element in assessing the necessary expenditures that a business should prepare to incur. Creating and implementing a security budget are essential in order to protect information assets, privacy, confidentiality, and the network infrastructure. Value I feel that in doing the research for this paper, I have learned about the processes that must be in place to secure an enterprise network and data. I’ve learned about the importance and benefits of policies, guidelines and procedures, I’ve learned about the steps that are necessary for protecting a valuable asset such as an organizations network and that the hardware and software are indeed valuable, but the information
and data that belong to the company have much value as well- indeed maybe more value than the former. It’s not just the computers, hardware, software and employees that enable the company to do business and to remain in business. It is those things in addition to maintaining data integrity, privacy, availability and confidentiality as well. Risk Assessment, Risk Management, and Disaster Recovery are all areas that I have become interested in, recently, and I feel that this paper has introduced me to several key concepts in all of those areas and given me a basic understanding of them. I may make a career change after I graduate, leaving Network Administration, and entering the realm of Risk Management or Security.
References 1. George Ledin, Jr,( (February 2011 vol. 54 - 2)The Growing Harm of Not Teaching Malware, Communications of the ACM 2. Steve Lohr, January 17, 2010, Companies Fight Endless War Against Computer Attacks , NYTimes.com, retrieved 05/27/2011 from: http://www.nytimes.com/2010/01/18/technology/internet/18defend.html 3. 4 Steps To Combat Malware Enterprise-Wide, Lennie Zeltser, Zeltser.com, Retrieved 06/19/11 from: http://zeltser.com/combating-malicious-software/malware-in-the- enterprise.html 4.Ellen Messmer, (2008) Security vendors leaving 'old school' malware detection methods behind, NetworkWorld, retrieved on 06/06/11 from: http://www.networkworld.com/news/2008/121208-crystal-ball-antivirus.html 5. (Source: AbleOne Systems, http://www.ableone.com) 6. Lenny Zeltser, 4 Steps To Combat Malware Enterprise-Wide, Zeltser.com, retrieved on 06/26 from: http://zeltser.com/combating-malicious-software/malware-in-the- enterprise.html 7. The SANS Institute, (2007) A Short Primer for Developing Security Policies 8. 4 Steps To Combat Malware Enterprise-Wide, Lennie Zeltser, Zeltser.com, Retrieved 06/19/11 from: http://zeltser.com/combating-malicious-software/malware-in-the- enterprise.html 9. 4 Steps To Combat Malware Enterprise-Wide, Lennie Zeltser, Zeltser.com, Retrieved 06/19/11 from: http://zeltser.com/combating-malicious-software/malware-in-the- enterprise.html 10. Karen Scarfone, Tim Grance, Kelly Masone, Recommendations of the National Institute of Standards and Technology The National Institute of Standards and Technology, Special Publication 800-61 Revision 1, Computer Security Incident Handling Guide
11. John Edwards, April 30, 2009, Money for Nothing: The Real Cost of Malware, Focus, retrieved 06/028/11 from: http://www.focus.com/briefs/it-security/money-nothing- real-cost-malware/ 12. John Edwards, (2008) The Malware Burden, Network Security Journal,retrieved on June 28, 2011 from: http://www.networksecurityjournal.com/features/malware-burden- 012208/ 9 13. Balancing the cost and benefits of countermeasures, SearchSecurity.com, retrieved on June29 2011 from: http://searchsecurity.techtarget.com/feature/Balancing-the-cost- and-benefits-of-countermeasures 14. 3Computer Security Institute, 15th Annual 2010-2011 Computer Crime and Security Survey Other Resources: -Quest Software, Best Practices in Instant Messaging Management http://www.idgconnect.com/view_abstract/2619/best-practices-instant-messaging- management-2619 -Mark Merkow, Jim Breithaupt, Information Security Principles and Practices, Pearson Education Inc, 2006 - Applegate, L. M., F. W. McFarlan, and R. D. Austin. Corporate Information Strategy and Management: Text and Cases. 6th ed. New York: McGraw Hill, 2003. Acknowledgements 1. Dr. Halstead-Nussloch, my professor for this course, IT6683, for providing the opportunity to research and write this paper 2. Dr. Rutherfoord, my professor for IT5102 “Into to Security”, for her interesting power-point presentations, and all that I have learned from her. 3. Dr. Kim Kenneth Metcalf of UWG, my Fiancé, for challenging and encouraging me.
4. Arden Peterkin, Network Security Consultant for GCPS, for providing invaluable information about the most current network threats detected and remediated there.

Empfohlen

Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_HillDennis Hill
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftAppsian
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 

Empfohlen

Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_HillDennis Hill
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftAppsian
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overviewelvinchan
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2Semir Ibrahimovic
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overviewelvinchan
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 

Was ist angesagt? (20)

The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of Directors
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for Cybersecurity
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 

Ähnlich wie Creating And Enforcing Anti Malware Practices

5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekkoDMI
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxSUBHI7
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackamrutharam
 
CRITERIA DISTINGUISHED Analyze the origins and evolution of th.docx
CRITERIA DISTINGUISHED Analyze the origins and evolution of th.docxCRITERIA DISTINGUISHED Analyze the origins and evolution of th.docx
CRITERIA DISTINGUISHED Analyze the origins and evolution of th.docxwillcoxjanay
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimemuhammad awais
 

Ähnlich wie Creating And Enforcing Anti Malware Practices (20)

5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docx
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
CRITERIA DISTINGUISHED Analyze the origins and evolution of th.docx
CRITERIA DISTINGUISHED Analyze the origins and evolution of th.docxCRITERIA DISTINGUISHED Analyze the origins and evolution of th.docx
CRITERIA DISTINGUISHED Analyze the origins and evolution of th.docx
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the foll
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
 
Network Security
Network SecurityNetwork Security
Network Security
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crime
 

Creating And Enforcing Anti Malware Practices

  • 1. Creating and Enforcing Anti-Malware Procedures and Practices Within an Organization Diane M. Duhé
  • 2. Abstract Malware poses a significant threat to all computer networks, whether large or small. Malicious software is responsible for data corruption, loss, misuse, identity theft, and many types of unauthorized use. All of these contribute to potential liabilities, loss of services, damage to a company’s reputation, loss of customers and/or stakeholders and possibly to the company’s inability to continue doing business. This paper will provide a summarization of the best practices in regard to creating and enforcing anti-malware procedures, as they pertain to enterprise networks, and data security. The Method of Approach will be research, conducted via the ACM Digital Library, IEEE/IEE Electronic Library, professional journals, web articles, white papers, and utilizing personal work experience as a Network Administrator. The Introduction will define the term “malware” and summarize the prevalence of and damage caused by malware infection in an enterprise. The Best Practices section will discuss creating and implementing Policies, Guidelines and Procedures for securing systems and networks. The Related Costs section will discuss methods for quantifying costs of malware attacks, the importance of utilizing “value calculators” and creating/implementing security budgets. Introduction The term “Malware” once referred to viruses, worms, and trojans, but current malware has evolved into a very selective tool. Malware is no longer written using amateur scripts, or using “copy and paste” methods by script kiddies. Instead, highly trained, paid, programmers are authoring malware, supported via political syndicates, organized crime, government sanctioned-unacknowledged (“dark”) ops, and some nation-states. [1] What began as pranks has evolved into serious criminal activity. Malware is now used for crimes such as industrial espionage, “transmitting digital copies of trade secrets” [2] customer names, future business plans, and contracts, virtually any and all private or personal information. In order to discuss best practices for implementing anti-malware protection, it is necessary to have a basic understanding of enterprise malware infection and its effects.
  • 3. The Prevalence of Computer Crime The 2010-2011 CSI/FBI report revealed that: • “Malware infection continued to be the most commonly seen attack, with 67.1 percent of respondents reporting it. • Respondents reported markedly fewer financial fraud incidents than in previous years, with only 8.7 percent saying they’d seen this type of incident during the covered period. • Of the approximately half of respondents who experienced at least one security incident last year, fully 45.6 percent of them reported they’d been the subject of at least one targeted attack. • Fewer respondents than ever are willing to share specific information about dollar losses they incurred. Given this result, the report this year does not share specific dollar figures concerning average losses per respondent. It would appear, however, that average losses are very likely down from prior years. • Respondents said that regulatory compliance efforts have had a positive effect on their security programs. • By and large, respondents did not believe that the activities of malicious insiders accounted for much of their losses due to cybercrime. 59.1 percent believe that no such losses were due to malicious insiders. Only 39.5 percent could say that none of their losses were due to non-malicious insider actions. • Slightly over half (51.1 percent) of the group said that their organizations do not use cloud computing. Ten percent, however, say their organizations not only use cloud computing, but have deployed cloud-specific security tools.” [3] Best Practices Malware detection has been accomplished, until very recently, by using “signatures”. Signature based malware detection requires that malware be identified by analysis of the malwares’ code and finding code that is unique to the malware. The discovered code is then used to create anti- malware software that is based on recognizing that code. Once created, the anti-malware software must be installed onto the computer system, and allowed to scan, detect and remove the malware. This entire process must be repeated anew for every novel instance or variant of malware. This method is insufficient and reactive at best [4] As malware continues to evolve in ways to avoid detection, it is simply not practical to continue detection in this manner. Malware is increasingly being written using innovative and aggressive procedures which help to avoid detection, and sometimes even withstanding disinfection efforts. Until new and better proactive detection are available, malware will continue to infect networks and network components, costing the affected businesses time, money and resources.
  • 4. Frequently, organizations mistakenly treat malware infections as a series of independent episodes. When a malicious program is discovered, it is remediated until the next occurrence on the next system..This method cannot contain infections before they transmit across the network, thereby infecting more components. Spreading malware in this way could potentially damage the organizations ability to carry out daily activities of business. Disinfecting hundreds or thousands of computers on an enterprise network would be a monumental task. A new, pro-active approach must be undertaken for prevention/detection/disinfection and recovery for enterprises networks. It necessarily must be different from the methods used for the same purposes on individual systems. The approach must be viewed as “holistic” security comprised of four phases: Plan, Resist, Detect, and Respond. [5] Interesting figures:  “80% of businesses without a recovery plan went bankrupt within 1 year of a major data loss  59% of companies cannot conduct business during unscheduled IT downtime  3Computer Security Institute, 15th Annual 2010-2011 Computer Crime and Security Survey 1. PLANNING Creating written policies and guidelines Planning an approach to minimize malware infection includes addressing key issues, such as diversity of system configurations and business requirements within an organization, the use of assorted technologies within the organization, logistical challenges presented by the scattering of systems across various geographic locations, internal political hindrances, as well as the legal/regulatory aspects of IT as they pertain to the organization. Implementing clearly written policies helps to mitigate the risks associated with malware. A Policy is “A formal, brief, and high-level statement or plan that embraces an organization’s general beliefs, goals, objectives, and acceptable procedures for a specified subject area.” [7] It defines required actions and sets the rules. All policies should include the following attributes: - Require mandatory compliance - Technology objectives, i.e.: why the technology is being provided to the user
  • 5. - Expectations of privacy including the use of monitoring and logging - Detailed acceptable use, outlining permitted as well as prohibited user actions - Detailed restrictions which may involve issues concerning confidentiality - Defined consequences for violations - Implementation focused - Further defined by guidelines and/or standards. Standards, Guidelines and Procedures: Standards are mandatory rules that are written in conjunction with and designed to support a policy. They help makes the policy more effective. Standards usually include specifications for hardware, software and/or behavior, and describe requirements for various configurations. Guidelines are general statements designed to provide a framework within which to implement the policy. They are not mandatory, and are more like suggestions or “best practices”. They provide information on “how” to do something. Guidelines can change frequently, and must be reviewed more often than Standards or Policies. Procedures are the mechanisms for enforcing policies. They are beneficial in times of crisis. They outline “how” the policy is implemented. “Position Statements” are often times precursors to policies, and are much simpler, in that they focus on a particular technology and the expectations for its use within the organization. 2. RESISTING Employing a variety of ways to protect networks from infection and intrusion [8] Implement Security Policies Security Policies must agree with the organizations’ security standards. Policies must be reviewed regularly to reflect the current organizational needs, yet remain compatible with other company policies. Some questions to ask when reviewing a policy are: has the company structure changed? Does the policy reflect the company’s guidelines? Have there been new technology purchases? Are there new State or Federal compliance requirements? Is there new user-behavior to address?
  • 6. Implement Security Systems Security Systems must be implemented on the network, to protect the network from cybercrime and other threats, such as malware, hacking and information theft. Manage and Control IT Manage and control IT by utilizing an enterprise management system (EMS) to perform network monitoring to ensure policy compliance as well as security at the system level. Implement Group Policy Protecting and securing the network and network resources must occur at both the system and the network level. Group Policy implementation can restrict incoming traffic from the Internet and other less trusted networks, by controlling ports, IP addresses and domains. Group Policy can also control user activity such as what they’re allowed to connect to computer systems, and how removable media, such as USB devices, are to be used. Educate users Ensure network users are educated and informed regarding types of malware attacks, signs of infection, and how to report. Implementing Further Protection: Use a Firewall Utilize Anti-virus/anti malware software Enforce: -Email Policies -Password Policies -Acceptable Use Policies Ensure: Group Policies and Network Monitoring for: -USB and portable devices -Instant Messaging
  • 7. -Internet Applications -Public Social Networks -Downloading and/or installing software 3. DETECTING Use an Intrusion Detection System- IDS Employing the use of Intrusion Detection hardware/software on the network will help contain possible infections and security breaches. Use a Network Management System Implement Network Management and Monitoring 4. RESPONDING The National Institute of Standards and Technology's “Computer Security Incident Handling Guide” states that there are three steps involved when responding to a confirmed malware attack: [9] Containment Eradication Recovery Performing these steps should be supported by the guidelines that were written during the Security Planning phase, outlined above. Containment Efforts to contain the spread of the malware should include: [10] Instructing users what they should and should not do in the situation in order to help contain the spread of the malicious software. (ie: clicking an email link) . Disconnecting affected systems from the network, temporarily. Eradication Eradicating the malware, (also called “disinfecting”) which involves removing the malware and possibly restoring damaged systems from backups, or rebuilding the systems.
  • 8. “Locking down” systems, patching vulnerabilities, and reconfiguring affected components on the infrastructure. Recovery Focus on returning to normal operation Confirm that the attack has been contained Ensure the malware has been removed Determine which containment actions can now cease Collaborating with entities such as legal departments or public relations may also be a component of recovery. Response teams should now review their course of action, assess/adjust applicable security mechanisms and agree on methods for improvement. These proceedings conclude the security cycle, and bring the focus back around to the Planning phase again. The Related Costs of Malware Determining and balancing the cost of malware is actually an exercise in risk analysis. The first step to determining this expense, is assigning values to all information assets. The second step is to estimate the potential loss. The assigned asset and loss values are then used to determine the single loss expectancy (SLE), which is defined as the expense of recovering from a single malware attack. [11] Calculating the SLE includes a summation of the following costs: The cost of purchasing/maintaining anti-malware products The ongoing cost for maintaining anti-malware ie: subscriptions for updates/other related services Assigning a value to the company's data (calculated by determining how much it would cost to restore or re-create different types of lost information, such as sales records, tax information, contact information, emails) Lost revenue Potential cost of fines and penalties for violating confidentiality/privacy agreements Loss of employee productivity Cost of repairing damaged systems Hardware overhead (all anti-malware products consume resources such as processing power, memory and disk space)
  • 9. Determine the annual loss expectancy (ALE) of a single malware attack based on average number of previous attacks per year Multiply the SLE by the ALE to determine the annual cost of malware for the business. [12] Setting a Security Budget Determine the annual cost of malware. It is crucial to plan an anti-malware budget accordingly. The figures from the above calculations will provide a rough estimation for the planned yearly expenditure for anti-malware protection. Assess the amount of risk that the company is willing to take. For example, some companies might choose to accept a higher level of risk of infection, because it’s been determined that the actual probability of attack is very low, or because the organization has lowered some risks in other ways, such as by purchasing insurance, or the use of offsite backup solutions. These calculations can be used in creating a security budget, and /or for calculating the value of the particular anti-malware tools already in place. [13] Calculators There are many risk calculators available online as shareware. They are easy to use, and will generate an estimate of various risks, using several of the variables mentioned above. One such calculator was used to estimate the financial risk for a fictitious organization of 1,000 employees. The calculator located at http://www.cmsconnect.com/Marketing/viruscalc.htm, analyzed the organizations’ workplace and email environment, (using number of employees with email access, number of minutes of email usage per employee per day, and average employee salary) along with the number of IT staff, and average salary The effects of an email malware attack in regards to salary and productivity are found as follows: It was determined that a fictitious organization of 1,000 employees earning an average e of $25/hr, and using email for approximately 30 minutes per day, would cost the company 524 hours, which translates into $13,700.00 in lost salaries per day (or $570.83 per hour)
  • 10. Return on Investment When using Return on Investment to justify purchasing security technology it is important to remember that avoiding a possible loss is much different than generating income. Use ROI cautiously. Findings Malware affects networks of all sizes, and is installed via various means, many times without a users consent or knowledge. It is costly to businesses in regard to prevention as well as recovery. Malware is no longer viewed as a prank created by script kiddies. Malware is now developed by professional programmers who are paid for their work, and is used to steal information of all kinds. New types of malware are continuously being developed in order to avoid detection. Detection and disinfection can be costly. The way that the enterprise behaves throughout all four phases of the security cycle determines its success in protecting its network and data from malware. [14] Recommendations Risk analysis and assessment must be performed and are a necessary element in assessing the necessary expenditures that a business should prepare to incur. Creating and implementing a security budget are essential in order to protect information assets, privacy, confidentiality, and the network infrastructure. Value I feel that in doing the research for this paper, I have learned about the processes that must be in place to secure an enterprise network and data. I’ve learned about the importance and benefits of policies, guidelines and procedures, I’ve learned about the steps that are necessary for protecting a valuable asset such as an organizations network and that the hardware and software are indeed valuable, but the information
  • 11. and data that belong to the company have much value as well- indeed maybe more value than the former. It’s not just the computers, hardware, software and employees that enable the company to do business and to remain in business. It is those things in addition to maintaining data integrity, privacy, availability and confidentiality as well. Risk Assessment, Risk Management, and Disaster Recovery are all areas that I have become interested in, recently, and I feel that this paper has introduced me to several key concepts in all of those areas and given me a basic understanding of them. I may make a career change after I graduate, leaving Network Administration, and entering the realm of Risk Management or Security.
  • 12. References 1. George Ledin, Jr,( (February 2011 vol. 54 - 2)The Growing Harm of Not Teaching Malware, Communications of the ACM 2. Steve Lohr, January 17, 2010, Companies Fight Endless War Against Computer Attacks , NYTimes.com, retrieved 05/27/2011 from: http://www.nytimes.com/2010/01/18/technology/internet/18defend.html 3. 4 Steps To Combat Malware Enterprise-Wide, Lennie Zeltser, Zeltser.com, Retrieved 06/19/11 from: http://zeltser.com/combating-malicious-software/malware-in-the- enterprise.html 4.Ellen Messmer, (2008) Security vendors leaving 'old school' malware detection methods behind, NetworkWorld, retrieved on 06/06/11 from: http://www.networkworld.com/news/2008/121208-crystal-ball-antivirus.html 5. (Source: AbleOne Systems, http://www.ableone.com) 6. Lenny Zeltser, 4 Steps To Combat Malware Enterprise-Wide, Zeltser.com, retrieved on 06/26 from: http://zeltser.com/combating-malicious-software/malware-in-the- enterprise.html 7. The SANS Institute, (2007) A Short Primer for Developing Security Policies 8. 4 Steps To Combat Malware Enterprise-Wide, Lennie Zeltser, Zeltser.com, Retrieved 06/19/11 from: http://zeltser.com/combating-malicious-software/malware-in-the- enterprise.html 9. 4 Steps To Combat Malware Enterprise-Wide, Lennie Zeltser, Zeltser.com, Retrieved 06/19/11 from: http://zeltser.com/combating-malicious-software/malware-in-the- enterprise.html 10. Karen Scarfone, Tim Grance, Kelly Masone, Recommendations of the National Institute of Standards and Technology The National Institute of Standards and Technology, Special Publication 800-61 Revision 1, Computer Security Incident Handling Guide
  • 13. 11. John Edwards, April 30, 2009, Money for Nothing: The Real Cost of Malware, Focus, retrieved 06/028/11 from: http://www.focus.com/briefs/it-security/money-nothing- real-cost-malware/ 12. John Edwards, (2008) The Malware Burden, Network Security Journal,retrieved on June 28, 2011 from: http://www.networksecurityjournal.com/features/malware-burden- 012208/ 9 13. Balancing the cost and benefits of countermeasures, SearchSecurity.com, retrieved on June29 2011 from: http://searchsecurity.techtarget.com/feature/Balancing-the-cost- and-benefits-of-countermeasures 14. 3Computer Security Institute, 15th Annual 2010-2011 Computer Crime and Security Survey Other Resources: -Quest Software, Best Practices in Instant Messaging Management http://www.idgconnect.com/view_abstract/2619/best-practices-instant-messaging- management-2619 -Mark Merkow, Jim Breithaupt, Information Security Principles and Practices, Pearson Education Inc, 2006 - Applegate, L. M., F. W. McFarlan, and R. D. Austin. Corporate Information Strategy and Management: Text and Cases. 6th ed. New York: McGraw Hill, 2003. Acknowledgements 1. Dr. Halstead-Nussloch, my professor for this course, IT6683, for providing the opportunity to research and write this paper 2. Dr. Rutherfoord, my professor for IT5102 “Into to Security”, for her interesting power-point presentations, and all that I have learned from her. 3. Dr. Kim Kenneth Metcalf of UWG, my Fiancé, for challenging and encouraging me.
  • 14. 4. Arden Peterkin, Network Security Consultant for GCPS, for providing invaluable information about the most current network threats detected and remediated there.