AUDIT IMPLICATIONS OF COMPUTER VIRUS: A MEMO
AUDIT IMPLICATIONS OF COMPUTER VIRUS: A MEMO
Date: November 13, 2006
Subject: Virus attack on Campbell’s Toy Store (CTS)
The apparent attack on our valued customer Campbell’s Toy Store (CTS) remains a mystery. But this proves that the current Information System that our customer uses is not at all reliable. It could prove further damage to both CTS and our company.
According to Gina Cooper, CTS controller, on February 14, 2005, at noon, CTS computer systems started to shutdown for no reason. When all computers had restarted, a red heart appeared on all systems with a “Happy Valentines Day” greeting written underneath it. This went on for an hour. Things went back to normal soon afterwards.
The brief moment this had happened might not be harmful as many see it as a mere Valentine’s greeting. However, considering the issues on computer security nowadays, CTS and CA may face future system crash downs which in turn may put operational troubles.
What effects does it have on us? Computer networks that run any organization’s financial operations present tempting targets for a well-developed cyber attack. Finance in general is sensitive to perception and hence to misinformation. For example, the prices on a stock exchange and the values of the underlying currency fluctuate with confidence in the currency and banking system. This sensitivity makes a financial system an ideal target for attacks to undermine that confidence. Draining an organization’s bank or rendering its stock shares unstable would produce second- and third-order effects through all segments of the targeted society. A loss in confidence in the bank or even us, would reduce the value of competency and efficiency as an audit company. But before we go into panic, is it really a virus? If CTS’ antivirus software can detect an infection or an infection attempt, it must deal with the situation effectively, thus they will not have a virus incident. Virus incidents are caused when a virus is able to escape antivirus and/or intrusion detection screen. When this occurs the virus will typically signal its presence, either as a direct result of its attempt to spread or as a side effect. What happened at CTS are clear evidence of common indicators of virus infection. Unexpected sounds or screen images, especially if these occur on multiple systems, can be the virus payload. While these indicators are nondestructive, this does not mean the virus itself is not destructive. CTS, and our company as well, must educate and then depend upon employees to detect and report these interface indicators.
What is a computer virus anyway? It is typically a short program designed to disperse copies of itself to other computers and disrupt those computers' normal operations. A computer virus usually attaches or inserts itself to or in an executable file or the boot sector (the area that contains the first instructions executed by a computer when it is started or restarted) of a disk; those that infect both files and boot records are called bimodal viruses. Although some viruses are merely disruptive, others can destroy or corrupt data or cause an operating system or applications program to malfunction. Computer viruses are spread via floppy disks, networks, or on-line services. Several thousand computer viruses are known, and on average three to five new strains are discovered every day.
Even though the virus that had made itself visible in CTS systems had not shown any harmful symptoms, it may take up computer memory that are being used for legitimate programs. In effect, it may cause erratic behavior and can result in system crashes and data loss.
What should we do then? First thing, no need to panic. CTS have made its preventive and counter measures into learning what’s behind this so-called attack. Nevertheless, our company still has to do its own evaluation of CTS’ computer systems to protect their Information system as well as ours.
Steps into the evaluation process: Introductory investigation – establishes the study group and defines the scope of the order processing study; System analysis - includes an analysis of the present order processing system, including all of its problems and exceptions; Exploratory survey report to top management - centers on developing a report that recommends one order processing system; System design - stresses the design of new order processing equipment, data files, and outputs along with appropriate methods and procedures; and, Equipment selection - concludes the feasibility study with the selection of appropriate interactive processing equipment for on-line processing of incoming customer orders.
Thus, I recommend the following: the first amongst the recommendation is to conduct a thorough feasibility study to determine the present CTS computer system. The study involves the feasibility study that has been enumerated above.
The second recommendation revolves around improvisations in managerial controls over computer processing time as well as the programs themselves.
A third recommendation centers on the proper
maintenance of daily
equipment logs. I recommend that CA take sole responsibility of reviewing this log time sheet for irregularities. A computer program that has been operational for a long time should be tested by our internal auditors, since it lends itself to unauthorized alteration.
Lastly, the outside computer group recommended
that the computer
operations manager enforce the policy that only authorized personnel are
allowed in the computer room. In this manner, needless problems can be
avoided, such as someone dropping a magnetic tape file without reporting it.
In essence, the computer room is a storehouse of information that can be
costly to replace if someone accidentally or willfully destroys computer file
If we can accomplish all of the above, we may have a huge chance of recovering a potential attack. As well as our customers.
comments powered by Disqus