Mark Massey's profile on LinkedIn Email





Bookmark and Share

Latest Update - Computer Security

This is a topic that is likely here to stay as long as we use networked computers in business and government. 

Today computers are woven into almost everyone's life and computer security or the lack of it is woven right in too.

Malware PresentationA presentation to the Chamber of Commerce in Falls Church Virginia on November 20th, 2012

Various Types of Malware

There are various general categories of Malware - some of the most advanced malware has elements of each. Here is a brief description and summary.

  • Virus - A form of malware that does something destructive to a computer or data

  • Worm - A form of malware that duplicates itself from computer to computer

  • Trojans - A form of malware that delivers something else (some other form of malware into your system - such as a Spyware)

  • Spyware - Something that tracks your actions and delivers this info to other systems

  • Root Kit - A technically advanced form of malware. Difficult to find and relatively dangerous. Thankfully this is somewhat hard to implement.

  • "Drive by Exploit" - This particular breed of malware that makes your computer execute instructions when you visit a website. What's particularly nasty about this one is that when it executes, it executes as though it is YOU executing it. In other words with your log-in ID, security, etc.!

More from the Presentation - "The Critical Dozen".

Computer security is a tough topic. It is not unusual for people to just mentally run away from the topic. A certain mental toughness seems to be essential to work in this area. In addition, a substantial amount of knowledge is required to effectively deal with many computer security matters.

There are millions of attacks on computers every single day.  Many of these attacks are themselves conducted by teams of computers that have been compromised and used to accomplish destructive purposes without the slightest knowledge of the computer's owner. Unfortunately, breaking into computers and using them for malicious purposes is a billion dollar industry today.

Attackers steal information and use it in fraudulent financial transactions. Or gain other business and technical advantages they never earned. 

Fortunately, today, after years of dealing with computer and information security related issues, solutions are becoming available that can make it very difficult and expensive to break into systems.  Contact me and we can discuss some of them.

There are tools publicly available that can help bring commercial systems up to Defense Department Standards.   The National Institute of Standards and Technology provides excellent guidance on computer security matters in their 800 series of documents. There are standards for education of administrators of Department of Defense systems known as the 8570 series. However, it is still the end user of a computer that can make or break its security.  User’s actions are frequently part of major security problems.  Education of users is a critical step toward information security.

What types of actions and resources are required to address information and computer related security issues?

The most important thing it takes is the decision to do so. Then it takes the right people with the right background and some financial investment.  The amount of the investment required varies with each situation. A small investment can create a significant improvement in security.

What is the ideal background for a computer security professional?

The ideal professionals have:

Potent action can be taken against computer related security threats. It is not necessarily expensive. It does require the decision to do so and to stick with it until a real security defense is in place for your organization.