Risk environment and context
Beyond the boundary of the “extended enterprise”, there are some factors that contribute to the environment in which risk has to be managed. These factors may either generate risks which cannot be directly controlled, or they may constrain the way in which the organization is permitted to take or address risk. Often the only response which an organization can make in relation to the risk environment is to prepare contingency plans. For example, most government structures with central London headquarters cannot directly control the risks arising from international terrorism, but they can make contingency plans for how to ensure business continuity in the event of a major terrorist attack. It is important that an organization should consider its wider risk environment and identify the way in which it impacts on its risk management strategy.
In particular, laws and regulations can have an effect on the risk environment. They constrain the actions which the organization is permitted to take. For example, the risk of organization performing inadequately is constrained by employment legislation.
The economy, both domestically and internationally, is another important element of the risk environment. Whilst for most organizations the general economy is a given, it does affect the markets in which they have to function in obtaining or providing goods and services; in particular the economy can have an effect on the ability of an organization to attract and retain staff with the skills which the organization needs.
A particular aspect of the risk environment which is important for government structures is Government itself. In principle, government organizations exist to deliver the policies which the Government and its Ministers have decided upon. There is a particular strand of risk management which is important in providing Ministers with risk based policy advice. Nevertheless, officials in government organizations may be constrained in the risks which they do not take by policy decisions.
Every business is also constrained by stakeholder expectation. Risk management actions, which appear good value and effective in the abstract, may not be acceptable to stakeholders. For government organizations this is especially important in respect of relationships with the public; actions that would be effective at dealing with a specific risk may have other effects that the public are unwilling to accept.
UNIT 3
Ex.1. Read and translate the text.
Computer viruses
A computer virus is a malware program1 that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive. Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk space or CPU time, accessing private information, corrupting data, spamming the contacts etc. However, not all viruses carry a destructive payload or attempt to hide themselves—the defining characteristic of viruses is that they are self-replicating2 computer programs which install themselves without the user's consent.
The vast majority of viruses target systems running Microsoft Windows, employing a variety of mechanisms to infect new hosts, and often using complex anti-detection/stealth strategies3 to evade antivirus software. Motives for creating viruses can include seeking profit, personal amusement, the demonstration of weaknesses4 in software, or simply because of wish to explore evolutionary algorithms.
Computer viruses currently cause billions of dollars worth of economic damage each year, due to causing systems failure, wasting computer resources, corrupting data, increasing maintenance costs, etc. In response, free, open-source5 antivirus tools have been developed, and a multi-billion dollar industry of antivirus software vendors are now selling virus protection. There are a lot of various operating systems of which Android and Windows are among the most victimized6. Unfortunately, no currently existing antivirus software is able to catch all computer viruses (especially new ones). Computer security researchers are actively searching for new more effective tools to detect emerging viruses, before they have already become widely distributed.
Types of Infection
When you listen to the news, you hear about many different forms of electronic infection. The most common are:
Viruses - A virus is a small piece of software that piggybacks7 on real programs. For example, a virus might attach itself to a program such as a spreadsheet program8. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
E-mail viruses - An e-mail virus moves around in e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book.
Worms - A worm is a small piece of software that uses computer networks and security holes9to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.
Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.
Why a "Virus"?
Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person. The term “Virus” was first used by Gregory Benford in his science fiction story “The Scarred Man” in 1970. Then the term was used in academic environment10 by Frederic B. Cohen in early 80-th.
There are similarities at a deeper level, as well. A biological virus is not a living thing. A virus is a fragment of DNA11 inside a protective jacket. Unlike a cell, a virus has no way to do anything or to reproduce by itself -- it is not alive. Instead, a biological virus must inject its DNA into a cell. The viral DNA then uses the cell's existing machinery to reproduce itself. Then new virus particles come out of a cell spreading around and infecting the other cells.
A computer virus shares some of these traits. A computer virus must piggyback on top of some other program or document in order to get executed. Once it is running12, it is then able to infect other programs or documents. Obviously, the analogy between computer and biological viruses stretches things13 a bit, but there are enough similarities14 that the name sticks.
What's a "Worm"?
A worm is a computer program that has the ability to copy itself from machine to machine. Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. For example, the Code Red worm replicated itself over 250,000 times in approximately15 nine hours on July 19, 2001.
A worm usually exploits16 some sort of security hole in a piece of software or the operating system. For example, the Slammer worm (which caused mayhem17 in January 2003) exploited a hole in Microsoft's SQL server.
Worms use up computer time and network bandwidth when they are replicating, and they often have some sort of evil intent.
All viruses are dangerous and can do nothing good to computer systems and, therefore, their users. So we should not underestimate the danger and should undertake all measures needed to protect our life from them.
NOTES
1. malware program – вредоносная программа
2. self-replicating – само-копирующийся
3. anti-detection/stealth strategies – стратегии скрытности, (позволяющие избежать обнаружения антивирусной программой)
4. weakness – слабое место
5.open-source – в открытом доступе
6.the most victimized – наиболее частые жертвы (компьютерных атак)
7. to piggyback – встраиваться (досл. цепляться за спину)
8. spreadsheet program – программа табличного редактора (типа Excel)
9. security hole – Слабое место (досл. дыра) в системе безопасности
10. in academic environment – (зд.) в академических кругах
11. DNA (Desoxyribonucleic acid) – ДНК (Дезоксирибонуклеиновая кислота)
12. once it is running – как только он запускается
13. to stretch things - преувеличивать
14. similarity – совпадение, сходство
15. approximately – приблизительно
16. to exploit – использовать, применять
17. mayhem – хаос, разгром, неразбериха, беспорядок