A research by Foote Partners , an independent market research company comprised of former Gartner and META Group industry analysts that report the industry’s only comprehensive survey of pay for certified and noncertified IT skills, has listed EC-Council’s Certified Ethical Hacker as the certification posting the greatest gains for seeing the highest pay increase in 2008, up 40% just behind GSEC of SANS ! It is interesting to note that CEH is up 40% despite the recent state of the global economy !
A Computer virus is an executable program that has the ability to reproduce itself. This means that a virus is multiplied between computers, creating copies of itself. This multiplication is intentional by the virus and is usually the actual purpose of the malicious bug.
A virus can infiltrate a computer through several “entry points”. For Internet users, this can happen with downloading files, from email attachments, from network shares, from instant messaging applications etc. In the old days, viruses spread mainly by floppy disks.
When a virus infects a computer, it gets attached or replaces an existing program in the system. Thus, when the user runs the infected program, the virus is executed. This usually happens without the user knowing about the virus.
There are many types of computer viruses, such as file viruses, boot sector viruses, Trojan Horse, worms, spyware etc. Worms and Spyware are in my opinion the most dangerous among all the malware programs because usually their purpose is to steal personal data from the user (credit cards, passwords etc) or to take over the computer for sending spam.
A “general purpose” anti-virus tool is essential for your computer protection, but I believe that in addition to that, using a specialized anti spyware program is critical. To find the best anti spyware program you should look for something with a large spyware database with frequent updates, with detection capabilities for keyloggers, Trojans, hijackers, with protection against identity or credit card theft etc. For true computer protection, its essential to have a combination of a general-purpose antivirus with a specialized anti spyware protection program.
What is the best anti spyware program in the market?
I have used several freeware or commercial anti spyware tools for my computer but my vote for the best anti spyware program goes to Paretologic XoftSpySE. This is by far the best antispyware tool I have ever used.
[UPDATE] XoftSpySE is able to Successfully Remove the CONFICKER/DOWNADUP/KIDO Worm.
XoftSpySE is a spyware, adware, spybot, malware, keylogger, spy popup, and browser hijacker scanner and remover.
- We highly recommend using XoftSpySE, as spyware is now just as big a threat as viruses.
- XoftSpySE is designed to search and eliminate all known computer parasites that bog down the speed and capabilities of your PC.
- XoftSpySE frequently updates its spyware definitions with free updates to keep you protected.
- XoftSpySE should be used in conjunction with a good firewall, anti-spam and anti-virus software for complete PC protection. XoftSpySE does not detect viruses or manage spam.
- Removes over 250,000 + harmful files/programs
Key features of this software:
- Complete PC scanning, including running processes, registry entries, files and folders
- Detects and removes: adware, spyware, pop-Up generators, keyloggers, trojans, hijackers, and malware
- One of the largest spyware definition databases in the industry
- Automatic definition and feature updates
- Fast, powerful, and easy to use
- Comprehensive customer technical support
- Protects against identity and credit card theft
For a limited time only you can receive a full version of RegCure Registry Cleaner, absolutely FREE as a gift when you register for XoftSpySE Anti-Spyware. Click the image below to receive your free gift.
The following Canons are shown in the priority that they should be followed. To become a CISSP you must adhere to Ethical actions. Before taking the CISSP exam you must sign and agree to the code of ethics of the (ISC)2 organization.
(ISC)2 CODE OF ETHICS CANONS
- Do no harm. Protect society, the commonwealth, and the infrastructure.
- Act honorably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principals.
- Advance and protect the profession.
Security Policies in an organization’s security system are divided into two broad categories:
1. Management’s Security Policy (or Organizational Policy)
This is the high level security policy of the whole organization. It provides management’s security goals and objectives in writing. It documents compliance and creates a security culture within the company. It establishes also the security activity/function, and holds individuals personally responsible for any security breaches.
2. Functional Implementing Policies
The functional policies are guided by the high level organization policy, and are used to actually implement the goals and objectives of the general organization policy. Examples of functional policies are:
- Data Classification
- Access Control Policy
- Remote Access Policy
- Internet and Acceptable use policy
From functional policies come the supporting elements which are:
These are common solutions for the whole organization regarding common hardware and software mechanisms and products used to enforce and establish a secure environment.
Procedures, like policies, are considered to be MANDATORY requirements is a security system. Procedures are step-by-step written actions to be performed to accomplish a security requirement or objective. Examples of procedures are password changing, incident response, Business Continuity procedures etc. Procedures can be helpful to reduce mistakes in a crisis and ensure that important steps are not missed.
These are the minimum level of security configuration that can be carried across multiple implementations of the systems and on many different products. Baselines are descriptions of how to implement security mechanisms to ensure that implementations result in a consistent level of security throught the organization.
Examples of guidelines are ISO17799, Common Criteria, ITIL.
Guidelines are recommendations for security product implementations, procurement, planning etc. They are white papers, best practices etc.
In Quantitative Risk Analysis, we try to translate every information asset element into monetary value. There are three steps in Quantitative Risk Analysis:
- Determine Single Loss Expectancy (SLE):
- Determine Annual Rate of Occurrence (ARO):
- Determine Annual Loss Expectancy (ALE):
Single Loss Expectancy is a measure of the money loss that an information asset will suffer due to the activation of a threat.
SLE = Asset Value ($) x Exposure Factor (%)
For example if the asset value is 2 million dollars and the Exposure Factor is 50%, then SLE is 1 million dollars.
Annual Rate of Occurrence is the expected number of security incidents per year. For example if a specific security incident occurs once every 10 years, then ARO=1/10=0.1
ALE is used to justify to the top management the money expenditure in security measures.
ALE = SLE x ARO
Assume that the Asset Value for which we perform a quantitative risk analysis is $10,000,000 and that the Exposure Factor is 50%.
=> SLE = $10,000,000 x 0.5 = $5,000,000
The Annual Rate of loss Occurrence is 0.05 (ARO=0.05)
=> ALE = SLE x ARO = $5,000,000 x 0.05 = $250,000.
The company is expected to have $250,000 losses due to a specific risk every year. Now, assume if we spend $100,000 in security countermeasures, this will reduce the EF from 0.5 to 0.2.
=> New SLE = $10,000,000 x 0.2 = $2,000,000
=> New ALE = $2,000,000 x 0.05 = $100,000
So, by spending $100,000 in security countermeasures, we have reduced the loss from $250,000 to $100,000, which means we have a cost savings of $150,000. The total company savings after subtracting the security cost expenses ($100,000) is $150,000 – $100,000 = $50,000