top-rated free essay

Objectivity in Risk Management

By djatandi Jan 11, 2013 766 Words

As companies increasingly rely on the data contained on their computer systems, threats to the data are also growing. Threats to data, or to information, can come in the form of a breach of confidentiality, a violation of integrity, or a denial of availability. These threats can come from various sources including computer hackers with malicious intent, natural or unnatural disasters, the lack of security policies, the failure to enforce security policies and computer viruses. Computer viruses pose as serious a threat to data as can a malicious hacker. In order to thoroughly protect a company’s information, one must focus on protecting against all possible threats, including computer viruses. Although infection of computer systems by a virus is generally unintentional, the possibility of infection is real and without the proper protection, imminent. Computer viruses are designed to spread from one file to another, from one program to another, from one machine to another, and even from one network to another. Viruses threaten the integrity and availability of data. Data have become the backbone of most companies today, and therefore any threat to a company’s data cannot be tolerated. Time, resources and money must be invested to protect a company against the harmful and destructive intrusion of computer viruses. At first glance it would appear that protecting computers from viruses is a relatively simple task. On the surface this task involves selecting an anti-virus software package, installing it, and running the virus scan, rendering the computer virus-free. Unfortunately the process can be quite intricate, and require as much time and effort spent planning as on implementation. An enterprise wide anti-virus initiative involves numerous tasks, which at a high level can be broken into the following phases: planning, implementation and maintenance. Other phases may be identified for any given project and should be included as appropriate. These three phases however are the minimum for the success of an anti-virus campaign. Planning

The planning phase is the first phase in protecting a company from computer viruses. Generally, planning is treated as a step in the implementation process, with the focus on implementation. For example, product selection is treated as the preliminary step in the software implementation, as opposed to a stand alone process in which greater attention is given to choosing the right product. This is the wrong approach to planning an anti-virus strategy. Planning is crucial to the success of an anti-virus effort. Planning involves product selection, project strategy, task and resource identification, and delegation, as well as other activities. The goal of the planning phase is to develop an anti-virus solution for the enterprise. A solution is not limited to the selection of an anti-virus product, or to the development of a strategy. Rather a solution answers the question “How will a company protect itself from computer viruses?” To arrive at the most efficient and reliable anti-virus solution, many questions must be answered. First, is the organization trying to protect against a particular type of virus? Perhaps macro viruses have been causing problems, or maybe managers know little about computer viruses but have seen enough movies to scare them. Second, what is the major source of viruses that is infecting the company? Are users bringing in infected disks, or maybe e-mail attachments are spreading a virus. Third, how secure does the company want to be? What trade-off will be allowed between protection and performance? After all, the more secure they are, the slower computers will be. Fourth, should the virus protection be behind the scenes, or should users know it is there and actively use it? These are just a sample of the questions that should be answered when choosing an anti-virus solution. Perhaps no one product meets all needs; in that case requirements must be prioritized to select a product that meets priorities. Alternatively, one can choose to use more than one product which will overlap and meet all needs. A product overlap also offers an additional layer of protection that one product alone cannot offer. It is possible that a new virus may be on the loose that cannot be identified by one of the anti-virus programs chosen. A second program may catch it and prevent an infection that otherwise may have created a threat. Obviously, selecting an anti-virus product, or more specifically an anti-virus solution is not a simple task. When all of the relevant questions have been answered, the solution will begin to take shape and eventually a final solution will emerge. FEATURE

Cite This Document

Related Documents

  • Risk management

    ...Arvand Moaddab Martina Lenkova Risk Management The main purpose of risk management is to prevent, minimize and eliminate unacceptable risks. Risk management consists of analyzing, assessing, controlling and avoiding. In order to properly manage future events, an organization will typically use a combination of risk assumption, risk...

    Read More
  • risk management

    ...RAMP Risk Assessed Management Plan Principal activity to be conducted on the premises. The SAMPLE Restaurant is a food and beverage business located AT SAMPLE RESTAURANT ADDRESS The premises comprises the Restaurant, serving lunch and dinner from Tuesday to Sunday, and a private room which is used for small functions. (amend as required) The ma...

    Read More
  • IS3110 Lab 2 Align Risk, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls

    ...1. a. Unauthorized access from public internet - HIGH b. User destroys data in application and deletes all files - LOW c. Workstation OS has a known software vulnerability – HIGH d. Communication circuit outages - MEDIUM e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers ...

    Read More
  • Risk Management Plan

    ...TABLE OF CONTENTS 1 INTRODUCTION……………………………………………………………………………..1 1.1 PURPOSE…………………………………………………………………………….1 1.2 SCOPE………………………………………………………………………….……..1 1.3 COMPLIANC...

    Read More
  • M4 A1 Risk Management

    ... Khaneidga Harris Argosy University Principal of Negotiation & Risk management July 22, 2014 Instructor: Dr. Denton The Tummy-Ache Debate Abstract A woman complains of abdominal pain and is rushed to the hospital. After an examination, the physician informs the woman that she needs a kidney transplant. However, based on ...

    Read More
  • Risk and Quality Management Assessment

    ...Risk and Quality Management Assessment Summary Sherry Noble HCS/451 September 29, 2014 Charriet Womble Risk and Quality Management Assessment Summary Reunion Plaza Nursing Center, a long term nursing facility with a 102 beds and is in the process of adding an additional wing that will have 30 beds for the elderly, disable, and short term...

    Read More
  • Risk Management in Construction Projects

    ...dissertation is outlined. 1.1 Background 1.1.1 Definition of risk Definition of risk is a state of uncertainty where some possible outcomes have an undesired effect or significant loss. Uncertainly is meaning that the lack of certainly due to limited knowledge that it is impossible to state the outcome exactly, perhaps, more than one poss...

    Read More
  • Risk Management

    ...achievement of the enterprise’s aims. Enterprise Risk Management (ERM) is relatively a new term that is fast becoming an ultimate approach to risk management. The purpose of risk management is to identify potential pitfalls or problems before they happen so that risk-handling actions may be put into place and enforced accordingly on the cour...

    Read More

Discover the Best Free Essays on StudyMode

Conquer writer's block once and for all.

High Quality Essays

Our library contains thousands of carefully selected free research papers and essays.

Popular Topics

No matter the topic you're researching, chances are we have it covered.