Lessons Learned from Virus Infections

Alerting users and administrators to brand new viruses and infection mechanisms is a different story. Fortunate security officers may work in organizations that provide a few hours of safe computer training every year, however gathering everyone for a conference each week to talk about viruses is not realistic. After an infection, take a look at how users have learned about the mitigation and cleanup activities. Before an infection, evaluate how they receive updates to their security training, whether it's via email, a lunchroom poster, a personal visit, or some other method.

4. Establishing a Defense Plan

Regardless of the technical course of action, a virus event can help open lines of communication with company officials regarding their security policy and budgets. Like no other event, virus outbreaks, and the subsequent virus hysteria within an organization are capable of granting the security administrator an immediate audience with upper management. This is likely the most important part of learning from an outbreak: presenting your findings to the executive staff, gauging their reaction, and making a case for additional security funds. Share with them what has been learned. If the organization's management is generally unreceptive to hearing about requests for additional money and information assurance, take advantage of this heightened opportunity before the window closes. The discussion does not need to be a technical one; many business continuity officers and risk managers will be exceptionally receptive to prevention measures. Again, the direction of this meeting is dictated by what was found in the discovery. A social or technical problem often needs the same type of financial solution.
If the latest worm has ravaged the organization it is certainly time to take a hard look at correcting the deficiencies in the security plan, whether they are social or technical. It should not be hard to estimate some costs of the infection, particularly downtime; that data will help a lot when it's time to talk about funding. Furthermore, one can diagram vital systems and point out where the additional defenses are needed. This not only helps demystify the role of firewalls, IDS devices, virus scanners, and more, but also will help the security team present a clear technical request to the management team.

If the network defenses are already in good shape (or the organization has perhaps just been lucky), it is still a good opportunity to map out what went well. This is not just a time to boast how great a job the security department is doing, but also to mention what company initiatives and funding have allowed the network to remain safe from the latest threats. Recommend that these programs be extended to cover more of the enterprise and further reduce risks. Take some of the more reasonable "infection/cleanup cost" numbers to help provide some idea of what is being saved by avoiding virus infections.

5. To Conclude with .....

As should be evident from the examples in this article, a virus outbreak will produce a few unique opportunities to examine the health of the network defense. It can also be a great opportunity to justify to senior management what additional financial resources may be needed to contain future outbreaks. Your daily, non-emergency auditing and mitigation efforts can be greatly improved by taking a few additional moments after an infection to detail exactly how the emergency plan really did work, and not just how well it should work.

<< Previous Page 

Trustix Antivirus - Secure your computer against internal and external attacks $39.99 only