Page 1228 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1228
to send them is that they continue to fool some users.
Education, Policy, and Tools
Malicious software is a constant challenge within any organization
using IT resources. Consider Kim, who forwarded a seemingly
harmless interoffice joke through email to Larry’s account. Larry
opened the document, which actually contained active code
segments that performed harmful actions on his system. Larry
then reported a host of “performance issues” and “stability
problems” with his workstation, which he’d never complained
about before.
In this scenario, Kim and Larry don’t recognize the harm caused by
their apparently innocuous activities. After all, sharing anecdotes
and jokes through company email is a common way to bond and
socialize. What’s the harm in that, right? The real question is how
can you educate Kim, Larry, and all your other users to be more
discreet and discerning in handling shared documents and
executables?
The key is a combination of education, policy, and tools. Education
should inform Kim that forwarding nonwork materials on the
company network is counter to policy and good behavior. Likewise,
Larry should learn that opening attachments unrelated to specific
work tasks can lead to all kinds of problems (including those he fell
prey to here). Policies should clearly identify acceptable use of IT
resources and the dangers of circulating unauthorized materials.
Tools such as anti-malware software should be employed to
prevent and detect any type of malware within the environment.
Whitelisting and Blacklisting
Whitelisting and blacklisting applications can be an effective
preventive measure that blocks users from running unauthorized
applications. They can also help prevent malware infections.
Whitelisting identifies a list of applications authorized to run on a
system, and blacklisting identifies a list of applications that are not
