13.3. COMPUTER VIRUSES

With the proliferation of the Internet and other public and private networking technologies, the risk of an organization's personal computers becoming infected with a virus is significant. In fact, it is not a matter of whether the computers will become infected, but when and to what degree. Every day malicious programmers are creating new viruses. Some viruses are no more than nuisances, while others have the capability of wiping out data and causing computer operating systems to fail.

The most damaging viruses and worms in terms of economic impact in recent years according to Computer Economics (www.computereconomics.com) were "Code Red" (2001), $2.62 billion; "SirCam" (2001), $1.15 billion; "Nimda" (2001), $635 million; "I Love You" (2000), $8.75 billion; "Melissa" (1999), $1.10 billion; and "Worm.Expore.Zip" (1999), $1.02 billion.[] Other less damaging but well-known viruses and worms include "Goner" (2001), "Anna Kournikova" (2001), "Chernobyl" (1999), and "Bubbleboy" (1999).

The risks of viruses include these costs:

  • Recovering lost data

  • Eradicating viruses that have infected workstations, network file servers, mainframes, diskettes, CDs, and other storage media

  • Purchasing, installing, and maintaining virus detection and prevention software

  • Educating users on the risks of viruses, how to test for viruses, and what to do and whom to contact when a virus is detected

  • Developing and maintaining policies on virus prevention

  • Reduced data processing system efficiency, ...

Get Auditing Information Systems, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.