Friday, May 02, 2008
Information Security - Adaptive Virus Trend Analysis Process
Each virus is rated using the particular manufacturer's rating mechanism giving an independent benchmark. Escalation for high impact viruses is immediate and possibly would result in the security incident management process being invoked. Cumulative threat is also reported if there are more than 50% of medium threat.
Trend and Pattern analysis
I've instituted a qualitative and quantitative approach to virus analysis which delivers a modicum of business intelligence and facilitates escalation based on threat level.
Trending is twofold: year to date and historical highlighting monthly and annual trends. Seasonality is present in the year-to-date statistics whilst long term trend can be gauged over five years.
Patterns in virus targeting are analysed per geographic location, business area, workstation and user. A history of infection is maintained so that repeated infection can be analysed further.
An adaptive approach is taken to monitoring frequency. If an uplift in activity of 20% incurs, the monitoring frequency is doubled to a minimum of daily monitoring. If the trend is reversed for three monitoring periods, the frequency is halved to a maximum of monthly sampling.