Dying for information in the information age presented at Virus Bulletin 2005

by Gabrielle Dowling (Sullivan & cromwell),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2005/abstracts/PanelThursday1620.xml

Summary : During a roundtable discussion at last year’s conference, Jeanette Jarvis mentioned that her firm has teams scouring for news of new viruses 24x7, and Nick FitzGerald chimed in at some point on an even more fundamental information issue – how do you know whether an alert indicates an infection rather than the prevention of such.
Somewhat ironically, problems relating to information present some of the most significant challenges to both virus prevention and incident response today.
The issues break out into the following areas, which are often inter-related in their impact: Volume – whether from the storm of discourse that hits public forums in the wake of a significant worm such as blaster, or from an alerting system barking about scores of temporary files on numerous systems, too much information is a bad thing in and of itself to the extent that its digestion will delay appropriate action or lead to inappropriate action.
Quality – The Good, the Bad, and the Irrelevant – problems of quality may seem obvious but their impact is central. Exacerbating them is the related issue of determining what information is valid, the repercussions of mistakes in that analysis (including response delays by getting tied up in irrelevant information).
Detail – Again, this may seem like an old saw, but insufficient detail on the nature of a threat significantly impairs our ability to determine whether our systems are resilient to a threat and, if not, what we might do to make them so, what we need to look for to see if we have a problem, and what we need to do to clean up a problem.