Professional Documents
Culture Documents
Computer Crime
Association of Information Technology Professionals (AITP) definition includes
The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources Unauthorized release of information
Computer Crime
Denying an end user his/her own hardware, software, data, or network resources Using computer or network resources to illegally obtain info or tangible property
Computer Crime
Hacking
The obsessive use of computers, or the unauthorized access and use of networked computer systems
Computer Crime
Software Piracy
Unauthorized copying of software
Software is intellectual property protected by copyright law and user licensing agreements
Computer Crime
Computer viruses and worms
Virus
A program that cannot work without being inserted into another program Destroy programs/data, clogging computer memory, generate unnecessary payload etc.
Worm
A distinct program that can run unaided Copy themselves from one computer to other computers over network
Trojan horse
It does not replicate but works as a way for other viruses to enter into the computer system
Spoofing:
Hiding of the hackers true identities or email addresses, or redirecting a Web link to a different web site that benefits the hacker. A sniffer is an eavesdropping program that monitors network information and can enable hackers to steal proprietary information transmitting over the network.
Identity theft:
In identity theft, an fraudster obtains key pieces of personal information to obtain credit, merchandise, or false credentials.
Phishing
Setting up fake web site & sending emails that looks like legitimate business e-mails. They ask for bank & credit card information & other confidential data
Evil twins
Wireless networks that looks identical to a legitimate public network Try to capture personal information of the user who log on to the network.
Security Management
Involves using special mathematical algorithms to transform digital data in scrambled code Most widely used method uses a pair of public and private keys unique to each individual
A digital signature is a digital code attached to an electronically transmitted message that is used to verify the origin and contents of a message. Digital certificates are data files used to establish the identity of users and electronic assets for protection of online transactions A digital certificate system uses a trusted third party known as a certificate authority (CA) to validate a users identity
Serves as a gatekeeper system that protects a companys intranets and other computer networks from intrusion
Provides a filter and safe transfer point Screens all network traffic for proper passwords or other security codes
Defensive measures and security precautions must be taken at all three levels
Security policy
It consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals
Risk assessment
To determine the level of risk to the firm if a specific activity or process is not properly controlled. Business managers & information systems specialists determine the value of information assets, points of vulnerability, the likely frequency of a problem, and the potential for damage.
Risk assessment
Exposure
Power Failure Embezzlement User error
Probability
30% 5% 98%
Loss
1,02,500 25500 20100
concentrate on the control points with the greatest vulnerability and potential for loss in order to minimize overall cost and maximize defenses.
Designed to monitor and maintain the quality and security of input, processing, and storage activities