for Determination of Effects of Virus Alerts
on the Survival of the IS Organization
- Estimate how many e-mails that contain an information about some
serious virus threat and a request to resend it to everybody in your
organization or address book you receive:
- More than one in a month. +15 points.
- One a month or so. +10 points.
- One in a quarter. +7 points.
- One a year or so +5 point.
- None. (You may wish to skip quiz; probably you are in a good shape.)
- I think that a viruses that activate immediately after arrival to a
user mailbox without any action from the user are:
- Really dangerous and destructive. I know a person who was struck by
such a virus. I feel that it's my duty to warn all people ASAP. +15
- I suspect that that they may be dangerous and destructive, but I
do not know for sure and usually immediately resent such e-mail to warn as
many people as possible, just in case +10 points
- I don't know. When I get a message, I pass it on to my LAN
administrator and helpdesk. +5 points.
- Usually this is relevant only for Outlook users, I use other mailer
and I delete such e-mails immediately 0 points.
- Imagine that a warning about an incurable computer virus that physically destroys
computers was sent to the company distribution list. What is the most
plausible reaction of your IS department:
- They shutdown network and IS management assigns a group of specialists
with little or no relevant training to "research" the threat.
- They forgot to shutdown network but IS management still manage to
assign one clueless but enthusiastic about viruses person to "research"
the threat. Then nothing happens, anyway. +7 points
- Management convenes the meeting of incompetent persons. Meeting
recommends something irrelevant to the problem and some vague/fuzzy
message about virus threat are sent to all employees. After that
nothing happens +7 points
- In addition to "c" memo is sent to LAN administrators to upgrade or
install new server-vbased AV software. In the confusion, or due to
bugs in the antivirus software some servers fall down. This convinces
everyone that the threat is real. +5 points
- Nothing happens. The helpdesk staff does not know whom to ask or where
to look. +5 points
- In each case E-mail is sent from the helpdesk to some knowledgeable
person to determine if this is true or not (independently of whether the
warning was distributed previously or not) +3 points
- Nothing happens because everyone already knows about typical hoaxes
and a lot of people including helpdesk analysts and LAN administrators
have a bookmark for the relevant information on the Internet. 0
- A typical LAN administrator in my company:
- Has no clue about viruses and believes in each and every story
published in PC Week. He often resend this stories to colleagues and upper
management to demonstrate his vigilance. 10 points
- Viruses are often used as a scapegoat for the problems that
semi-competent LAN administrators are unable to solve or problems caused
by reckless behavior of LAN administrators that accidentally wiped out
some important information. 7 points
- Is afraid to install new versions of AV software because previous
caused problems on user computers. +5 points
- LAN administrator can detect a typical hoax but has difficulties
distinguishing between real inf4ection and false positives. A horror story
about multimillion damage due to viruses are widely believed.
- They know their staff and can fight new viruses using available
Internet information and common sense 0 points
- After receiving the typical hoax a typical LAN administrator in my
- Immediately issue the warning to all users and shutdown the server
- Immediately issue the warning to all users and send additional memo to
all his/her friends and relatives. He is too excites to shut
down the server +10 points
- Send a letter to the helpdesk about the warning because he cannot
check its validity via Internet +7 points
- Not only he cannot check validity of such letter on Internet, but also
cannot troubleshoot typical desktop problems and often attribute them to
the viruses +5points
- Do not care (just has bookmarks to weather channel and baseball or
basketball sites) +3 points.
- In my company, with regard to computer security in general and hoaxes
in particular I believe IS management is:
- Totally incompetent and ignore the problems +15 points
- Cannot distinguish facts from opinions and never listens to anyone but
sycophants who are totally incompetent and exaggerate the problem to raise
their status. +10 points
- Incompetent but open to suggestions from competent specialists or
outside information. +7 points
- Just security manager is incompetent +5 points
- Competent and tries to hire competent staff. 0 points
- Less than 15 points Your firm/department probably is not doomed.
It looks like at least some IS people are cabale to do a useful work
and help the users. However, a score of 10 or more points may be a cause for
concern, especially combined with high score in question two.
- 15-20 points. Your firm/department is probably doomed to be
IS probably a loss leader in your organization, but how long it will take to
outsource IS to cut losses in unclear. You do not need to worry much.
If you are in an educational system, the teachers and college bureaucracy
may not be doomed but a majority of the students that are the product of the
system might be in trouble.
Special case: If you work in a government organization, it's not
doomed. Moreover it's a sign that your IS organization may expand in
the near future.
- More than 20 points. Not only is the firm/department is potentially
doomed, but may be you are vulnerable too!
You may already suffering from depression brought on by prolonged
exposure to the incompetent colleagues, management, or useless tasks,
or in case of high score in question two may need to improve your computer
The Last but not Least Technology is dominated by
two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt.
Copyright © 1996-2018 by Dr. Nikolai Bezroukov. www.softpanorama.org
was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP)
in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively
for educational use and is distributed under the Softpanorama Content License.
Original materials copyright belong
to respective owners. Quotes are made for educational purposes only
in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains
copyrighted material the use of which has not always been specifically
authorized by the copyright owner. We are making such material available
to advance understanding of computer science, IT technology, economic, scientific, and social
issues. We believe this constitutes a 'fair use' of any such
copyrighted material as provided by section 107 of the US Copyright Law according to which
such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free)
site written by people for whom English is not a native language. Grammar and spelling errors should
be expected. The site contain some broken links as it develops like a living tree...
The statements, views and opinions presented on this web page are those of the author (or
referenced source) and are
not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness
of the information provided or its fitness for any purpose.
March 12, 2019