Softpanorama
(slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

J Simple Questionnaire
for Determination of Effects of Virus Alerts
on the Survival of the IS Organization
(version 0.r) J

Estimate how many e-mails that contain an information about some serious virus threat and a request to resend it to everybody in your organization or address book you receive:
1. More than one in a month. +15 points.
2. One a month or so. +10 points.
3. One in a quarter. +7 points.
4. One a year or so +5 point.
5. None. (You may wish to skip quiz; probably you are in a good shape.) 0 points.
I think that a viruses that activate immediately after arrival to a user mailbox without any action from the user are:
1. Really dangerous and destructive. I know a person who was struck by such a virus. I feel that it's my duty to warn all people ASAP. +15 points
2. I suspect that that they may be dangerous and destructive, but I do not know for sure and usually immediately resent such e-mail to warn as many people as possible, just in case +10 points
3. I don't know. When I get a message, I pass it on to my LAN administrator and helpdesk. +5 points.
4. Usually this is relevant only for Outlook users, I use other mailer and I delete such e-mails immediately 0 points.
Imagine that a waning about an incurable computer virus that destroys computers was sent to the company distribution list. What is the most plausible reaction of your IS department:
1. They shutdown network and IS management assigns a group of specialists with little or no relevant training to "research" the threat. +10 points
2. They forgot to shutdown network but IS management still manage to assign one clueless but enthusiastic about viruses person to "research" the threat. Then nothing happens, anyway. +7 points
3. Management convenes the meeting of incompetent persons. Meeting recommends something irrelevant to the problem and some vague/fuzzy message about virus threat are sent to all employees. After that nothing happens +7 points
4. In addition to "c" memo is sent to LAN administrators to upgrade or install new server-vbased AV software. In the confusion, or due to bugs in the antivirus software some servers fall down. This convinces everyone that the threat is real. +5 points
5. Nothing happens. The helpdesk staff does not know whom to ask or where to look. +5 points
6. In each case E-mail is sent from the helpdesk to some knowledgeable person to determine if this is true or not (independently of whether the warning was distributed previously or not) +3 points
7. Nothing happens because everyone already knows about typical hoaxes and a lot of people including helpdesk analysts and LAN administrators have a bookmark for the relevant information on the Internet. 0 points
A typical LAN administrator in my company:
1. Has no clue about viruses and believes in each and every story published in PC Week. He often resend this stories to colleagues and upper management to demonstrate his vigilance. 10 points
2. Viruses are often used as a scapegoat for the problems that semi-competent LAN administrators are unable to solve or problems caused by reckless behavior of LAN administrators that accidentally wiped out some important information. 7 points
3. Is afraid to install new versions of AV software because previous caused problems on user computers. +5 points
4. LAN administrator can detect a typical hoax but has difficulties distinguishing between real inf4ection and false positives. A horror story about multimillion damage due to viruses are widely believed. +3 points
5. They know their staff and can fight new viruses using available Internet information and common sense 0 points
After receiving the typical hoax a typical LAN administrator in my company:
1. Immediately issue the warning to all users and shutdown the server +15 points
2. Immediately issue the warning to all users and send additional memo to all his/her friends and relatives. He is too excites to shut down the server +10 points
3. Send a letter to the helpdesk about the warning because he cannot check its validity via Internet +7 points
4. Not only he cannot check validity of such letter on Internet, but also cannot troubleshoot typical desktop problems and often attribute them to the viruses +5points
5. Do not care (just has bookmarks to weather channel and baseball or basketball sites) +3 points.
In my company, with regard to computer security in general and hoaxes in particular I believe IS management is:
1. Totally incompetent and ignore the problems +15 points
2. Cannot distinguish facts from opinions and never listens to anyone but sycophants who are totally incompetent and exaggerate the problem to raise their status. +10 points
3. Incompetent but open to suggestions from competent specialists or outside information. +7 points
4. Just security manager is incompetent +5 points
5. Competent and tries to hire competent staff. 0 points

Scoring:

Less than 15 points Your firm/department probably is not doomed.
It looks like at least some IS people are cabale to do a useful work and help the users. However, a score of 10 or more points may be a cause for concern, especially combined with high score in question two.
15-20 points. Your firm/department is probably doomed to be outsourced
IS probably a loss leader in your organization, but how long it will take to outsource IS to cut losses in unclear. You do not need to worry much.
If you are in an educational system, the teachers and college bureaucracy may not be doomed but a majority of the students that are the product of the system might be in trouble.

Special case: If you work in a government organization, it's not doomed. Moreover it's a sign that your IS organization may expand in the near future.
More than 20 points. Not only is the firm/department is potentially doomed, but may be you are vulnerable too!

You may already suffering from depression brought on by prolonged exposure to the incompetent colleagues, management, or useless tasks, or in case of high score in question two may need to improve your computer literacy.

Copyright © 1996-2007 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

Standard disclaimer: The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: February 28, 2008