StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Extent of My Organizations Vulnerability to Malware - Essay Example

Cite this document
Summary
The author of "The Extent of My Organization’s Vulnerability to Malware" paper states that the implementation of the defense-in-depth system contributed to the increased securitization of the company from malware attacks. That does not been to say that the organization is immune to an infestation. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.3% of users find it useful
The Extent of My Organizations Vulnerability to Malware
Read Text Preview

Extract of sample "The Extent of My Organizations Vulnerability to Malware"

Researchers and IT specialists appear to have reached consensus on one point: while Information Technology in all its manifestations is a critical component of business success, it remains the Achilles' heel of most corporate entities (Gold, 2001; Rhode-Ousley, Bragg and Strassberg, 2003; Chen, Thompson and Elder, 2005). Information technologies invaluably contribute to an organization's capacity for effective, near-instantaneous, intra- and extra- organizational communication; enables the organization and storage of data for retrieval upon request; and facilitates multiple business processes by automating many of the steps therein. The mentioned contributions, however, are not exhaustive and are only intended to demonstrate the extent to which IT has become an integral part of corporate life and the business process. At the same time, however, IT functions as an organization's primary area of vulnerability as it is through their malicious use that attackers can infest an organization's system with viruses, worms, spyware and countless other types of malware (Gold, 2001; Rhode-Ousley, Bragg and Strassberg, 2003; Chen, Thompson and Elder, 2005). In light of dependency versus vulnerability, therefore, it is incumbent upon organization's and business entities to institute such protections as would shield the entity from such attacks. Sometimes, however, whether intentional or unintentional, the attack may come from within. Discussing the extent of my organization's vulnerability to malware with the head of the network and ICT department, I learnt that the company had been subjected to several attacks in the past, two of which were quite serious and, both caused by the activities of employees. As the head of the ICT department remarked as a prelude to his description of the attacks, two years ago and, in the wake of an external attacks which bordered on the catastrophic, the organization made a substantial investment in network security. At the department's recommendation, the organization's leadership consented to the implementation of third generation IA technologies which focused on in-depth defense. As explained by Liu, Yu, and Jing (2005, p. 112) this type of IA embraces all of as "(a) boundary controllers, such as firewalls and access control, (b) intrusion detection and (c) threat/attack/intrusion response." Upon the implementation of the defined system, the general assumption was that the organization was immune to external attacks and to malware. This, as evidenced by later events, was an erroneous assumption. The source of the first malware infestation suffered by the organization following the implementation of the defense in depth IA system, came from the Research an Development Department. The ICT department had initially recommended the securitization of the network against direct downloads from the internet, even at the explicit request and consent of users. The R&D department had vehemently argued against this, emphasizing that were such a security procedure to be implemented, their work would be literally brought to a standstill. The argument presented was persuasive and, therefore, the R&D department maintained the mentioned privilege. Less than two months following the implementation of the system, complaints regarding adware and spam email which contained malicious attachments, remained high, to the extent that it seemed as if the defense in depth system installed was ineffectual. Indeed, the department remained as engaged as ever in the removal of adware and in dealing with malicious spam. Needless to say, the cost of wasted time and effort was substantial since, as the employees whom I discussed this event with recalled, attempting to access the internet was futile. Pop-ups and constant redirections from addresses initially requested simply meant that getting any work done was a monumental task in itself. The ICT department, as the head informed me, determined to trace the source as the possibility of the installed system being ineffectual simply defied logic. As the investigations revealed, several in the R&D department had abused the privilege they were given and violated company policy by downloading P2P applications such as iMesh and Kazaa, both of which were heavily infested with spyware and adware, Assuming that the IA technologies installed would protect the network from the bundled spyware and adware which came along with these applications, they had decided to violate company policy regarding P2P use and exploit high-speed broadband connection to download movies and songs. When questioned about the estimated cost of the incident described, the ICT department head put it at around $25,000. Upon my expression of surprise, he explained that the cost had been estimated in a meeting between the heads of the various departments and calculated according to lost productivity and the cost of removing the infestation. As measured through financial cost, the second attack was infinitely more serious. Prior to the implementation of the IA system described in the above, the organization's OS system was pre-Service Pack 4 Windows NT. This OS, unknown to users at that time, had a security flaw which rendered it vulnerable to DoS. The network suffered a land attack whereby, upon its sending of a routine ping, was forced into a "ping of death." What this means, as explained by the ICT head and Liu, Yu, and Jing (2005) the system was forced into the constant sending of packets which exceeded the maximum allowable size. The consequence was complete paralysis, in that the system simply crashed. The DoS attack cost the organization over $150,000. As the ICT head explained, denial of service effectively brought the company to a virtual standstill and that, in itself, was extremely costly. Added to that, the cost of repairing the system, of bringing to back to life, so to say, was expensive. This stands out as one of the worst of the malware attacks suffered by the organization. Not withstanding the first of the two incidents described, the fact is that the implementation of the defense in depth system invaluably contributed to the increased securitization of the company from malware attacks. That does not been to say that the organization is immune to infestation but that over the past two years, incident or occurrence rates have been decreasing. As the ICT department tracks malware infection, it has been able to determine that the system has reduced occurrence rates by over 60%. Nevertheless, as the ICT department head emphasized, the goal remained the complete immunization of the organization from malware infections. Bibliography Chen, T.M., Thompson, J., and Elder, M.C. (2005) Electronic attacks. Gold, B. (2001) Infowar in Cyberspace: Researcher on the Net. New York: Booklocker. Rhodes-Ousley, M, Bragg, R. and Strassberg, K. (2003) Network Security: The Complete Reference. New York: McGraw-Hill. Liu, P., Yu, M. and Jing. I. (2005) Information assurance. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Mal-Adapted Essay Example | Topics and Well Written Essays - 1000 words”, n.d.)
Mal-Adapted Essay Example | Topics and Well Written Essays - 1000 words. Retrieved from https://studentshare.org/miscellaneous/1528341-mal-adapted
(Mal-Adapted Essay Example | Topics and Well Written Essays - 1000 Words)
Mal-Adapted Essay Example | Topics and Well Written Essays - 1000 Words. https://studentshare.org/miscellaneous/1528341-mal-adapted.
“Mal-Adapted Essay Example | Topics and Well Written Essays - 1000 Words”, n.d. https://studentshare.org/miscellaneous/1528341-mal-adapted.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Extent of My Organizations Vulnerability to Malware

Profit Implications of Malware

malware refers to any program or file that can harm a computer system.... Despite the fact that there no standard categorization of malware, still they can be grouped based on their effects, behaviors and intentions.... Worms are known to exploit a zero-day vulnerability that allows them to execute their copies within the same network (Effects of malware Infections: Avoid the Dangers of malware Programs ).... A Trojan horse is a non-self-replicating type of malware that tends to perform normal beneficial functions for the user though it facilitates unauthorized access to the user's computer system....
15 Pages (3750 words) Annotated Bibliography

Research Report on Internet Security

This report ''Research Report on Internet Security'' is acquired a brief idea about different security threats that exist in internet and how these threats can be dealt with and tells how to develop a network which can operate even if main segments of communication network crash.... .... ... ... Through internet, people can access the bank accounts, e-mails and other information....
13 Pages (3250 words) Report

Operating Systems: Hardening and Security

The vulnerability of NextGard technologies is further increased by the fact that all of their employees have internet access and are likely to visit unsecure sites.... This paper ''Operating Systems: Hardening and Security'' tells that the NextGard technologies specialize in a network consulting services and are as a result faced with a network security vulnerabilities and risks....
8 Pages (2000 words) Research Proposal

Microsoft Baseline Security Analyzer

Overall, I'm not surprised at the results of my security assessment because I'm the only user of this computer, I exercise safe practices while using it, and I only use it on an as-needed basis.... Even though there exist various alternative technologies meant for authentication ranging from; smartcards, biometrics as well as instant passwords, a good number of organizations to some extent continue to rely on traditional passwords; this is projected to continue for some time....
7 Pages (1750 words) Essay

The Love Bug Virus

Both the computer viruses and worms belong to a category of software called malware.... In this scenario, a malware or malicious code (malcode) refers to malicious software.... Additionally, a computer virus is a kind of malware that can vary in harshness and damaging a system from causing slightly disturbing effects to destructing software programs or data and resulting denial-of-service (DoS) attacks.... In addition, approximately all software programs and applications that are executed on Linux are Open Source, son writing a virus program or malware can be without problems identified in view of the fact that its code is open to the public (SuperUser, 2011; ComboFix, 2013; Singh & Lakhotia, 2002)....
2 Pages (500 words) Case Study

The Analysis of the Heartbleed

he attacker employed an ACE vulnerability to run a program granting them an easy way of dominating the targeted machine.... The attack seemingly looked to have been triggered by a malicious computer code referred to as malware, according to people familiar with such matters.... The Shellshock issue is a sample of ACE (arbitrary code execution) vulnerability.... Classically, ACE vulnerability attacks are carried out on running programs and entail an extremely advanced understanding of the internals of assembly language, code execution and memory layout—the kind of attack that calls for an expert, to be concise (Sampathkumar, Balasubramani 2014)....
16 Pages (4000 words) Essay

How Hacking and Cyber-Attacks Compromise on Sensitive Information

nderstanding the scope and extent of damage that cybercrimes and hacking can cause in organizations is important.... he article notes that installing the latest antivirus protection and anti-malware programs are a sure-fire way of guarding computers against unauthorized access....
10 Pages (2500 words) Annotated Bibliography

IT Risk Analysis

toneburner et al (2002) define the threat as a potential for a specific threat-source to exercise a particular vulnerability successfully.... The management of security risks in business organizations regarding the information technology sector (IT) has been a continuing challenge.... Consequently, many organizations are struggling to understand the IT risks involved so as to implement appropriate controls to mitigate the risks....
10 Pages (2500 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us