Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Chapter 15 Computer crime and information technology security

advertisement 
Chapter 15
Computer crime and information technology security
When you finish studying this chapter, you should be able to:

Explain Carter’s taxonomy of computer crime

Identify and describe business risks and threats to information systems

Name and describe common types of computer criminals

Discuss ways to prevent and detect computer crime

Explain COBIT’s information criteria and accountability framework

Explain how COBIT can be used to strengthen internal controls against computer crime
I.
Carter’s taxonomy

Target: targets the system or its data

Instrumentality: computer furthers a criminal end

Incidental: computer is not required for the crime but is related to the criminal act

Associated: new versions of traditional crimes
II.

Risks and threats to information systems
Fraud: Any illegal act for which knowledge of computer technology is used to commit the
offense

Service interruptions and delays: Delay in processing information

Intrusions: Bypassing security controls or exploiting a lack of adequate controls

Information manipulation: Can occur at virtually any stage of information processing from input
to output
CHAPTER 15 / Page | 1
III.

Risks and threats to information systems
Denial of service attacks: Prevent computer systems and networks from functioning in
accordance with their intended purpose

Error: Can vary widely

Disclosure of confidential information: Can have major impacts on an organization's financial
health

Information theft: Targets the organization's most precious asset: information

Malicious software: Virus, Trojan horse, worms, logic bombs

Web site defacements: Digital graffiti where intruders modify pages

Extortion: Threat to either reveal information to the public or to launch a prolonged denial of
service if demands are not met
IV.

Computer criminals
Script kiddies: Young inexperienced hacker who uses tools and scripts written by others for the
purpose of attacking systems

Hacker: Someone who invades an information system for malicious purposes

Cyber-criminals: Hackers driven by financial gain

Organized crime: Spamming, phishing, extortion and all other profitable branches of computer
crime

Corporate spies: Computer intrusion techniques to gather information

Terrorists: Target the underlying computers and networks of a nation’s critical infrastructure

Insiders: May be the largest threat to a company’s information systems and underlying
computer infrastructure
CHAPTER 15 / Page | 2
V.


VI.
Prevention and detection techniques
CIA triad
•
Confidentiality
•
Data integrity
•
Availability
Internal controls
•
Physical: locks, security guards, badges, alarms
•
Technical: firewalls, intrusion detection, access controls, cryptography
•
Administrative: security policy, training, reviews
COBIT framework (3 + 4 = 7)
Control Objectives for Information and Related Technology
Published by Information Systems Audit and Control Association (ISACA)
•
Three points of view
• Business objectives
• IT resources
• IT processes
•
Four domains of knowledge
• Plan and organize
• Acquire and implement
• Deliver and support
• Monitor and evaluate

Seven information criteria
• Effectiveness
• Efficiency
• Confidentiality
• Integrity
• Availability
• Compliance
• Reliability of information
CHAPTER 15 / Page | 3
Related documents
Criminalising the Margins HI266 Deviance and Non-Conformity Stephen Bates
Criminalising the Margins HI266 Deviance and Non-Conformity Stephen Bates
Why does crime happen at certain places?
Why does crime happen at certain places?
2/12/2002 - Biological Theories
2/12/2002 - Biological Theories
A large community of plants and animals that occupies a distinct
A large community of plants and animals that occupies a distinct
Document
Document
Victimology Unit Outline
Victimology Unit Outline
Year 5/6 Curriculum Overview Autumn Term
Year 5/6 Curriculum Overview Autumn Term
The Richter And Mercalli Scales
The Richter And Mercalli Scales
CRIMINOLOGY
CRIMINOLOGY
lab7_fall
lab7_fall
STUDY REVIEW GUIDE FOR INTRODUCTION TO SOCIOLOGY
STUDY REVIEW GUIDE FOR INTRODUCTION TO SOCIOLOGY
Criminals are keeping tabs on us
Criminals are keeping tabs on us
How to Use This Manual
How to Use This Manual
File
File
Ms. Rentschler/Ms. Despines/Ms. Erwin
Ms. Rentschler/Ms. Despines/Ms. Erwin
Presentation1 - St Vincent College
Presentation1 - St Vincent College
There are too many different theories on crime for one of them to be
There are too many different theories on crime for one of them to be
money laundering - Australian Crime Commission
money laundering - Australian Crime Commission
Cyber-crime Science = Crime Science + Information Security
Cyber-crime Science = Crime Science + Information Security
COBIT Overview
COBIT Overview
COBIT 5 for Risk
COBIT 5 for Risk
Corporate crime does pay! The Relationship between Financial
Corporate crime does pay! The Relationship between Financial
Download
advertisement