Information Technology Reference
In-Depth Information
n
n
n
n
n
Isolation (contain the virus to stop spread)
Treatment (inoculate affected systems)
Resolution (root cause analysis)
Process review (what can be done different to avoid future infection)
Feedback (direction on process improvement)
9.6.2
Anti-Spam: An Anti-Malware Mechanism
Spam—not father's beloved salted pork and ham, but rather an unfortunate exten-
sion of a Monty Python skit involving a restaurant table of horned Vikings singing,
“Spam, spam, spam, spam, lovely spam, lovely spam,” while a waitress proceeds
to explain a menu where every dish contains one, and typically more, helpings of
spam (e.g., spam, bacon, sausage and spam; spam, egg, spam, spam, bacon and
spam) ad nauseam from a comedic, literary, and gastronomical perspective. Hence,
the proliferation of spam in the skit inspired the same term for the proliferation
of unwanted, unsolicited e-mail. A more contemporary cyber-version of the skit
may include menu options for spam, worms, Red Herring, spam, spam, and phish.
Worms and Red Herring are two examples of potential malware riding within
spam messages. Phishing is variation of spam with the specific intent to steal per-
sonal information to commit fraud and theft.
The organization has no control over being the victim of spam—it is or it is not
the victim of receiving spam or spam that uses the organization's name falsely as
the sender. And despite the existence of anti-spam laws, enforcing them remains a
challenge. Despite lack of control and lack of effective legal recourse, the organiza-
tion can absolutely control its response to spam, and hence manage the organiza-
tional impact of spam. Internal compliance requirements for anti-spam find root
in business risk management, specifically in protecting the organization against
loss of productivity, misuse of resources, and liability exposure from having a liti-
gious laden spam message pop up offen-
sive pictures, symbols, or words. Spam
content may include spyware, viruses,
worms, Trojans, and other malware.
Therefore, anti-spam is also a shield
against malware (Figure 9.2).
9.6.2.1
Policy
he IA
2
architect considers the perspec-
tive of the organization and provides
IA to protect the organization's busi-
ness and technical interests. An effec-
tive anti-spam policy is situational
Anti-Spam = Anti-Malware
Figure 9.2 Anti-spam is a shield
against anti-malware.
