ITBP370_FA2024_LM3 (3).pptx

Full Transcript

PROFESSIONAL RESPONSIBILITY
IN INFORMATION TECHNOLOGY
ITBP 370

UNIT 3
COMPUTER AND INTERNET CRIME

Fall 2024 CIT, UAE University
2 Unit Objectives


In this chapter we will learn:
 What key trade-offs and ethical issues are associated
with the safeguarding of data and information
systems?

 Why has there been a dramatic increase in the
number of computer-related security incidents in
recent years?

 What are some characteristics of common computer
criminals, including their objectives, available
resources, willingness to accept risk, and frequency of
attack?

 What actions must be taken in response to a security
incident?
3
IT Security Incidents: A Worsening
Problem


Security of information
technology is of utmost
importance

Protect confidential data
Safeguard private customer
and employee data

Protect against malicious
acts of theft or disruption

Must be balanced against
other business needs and
issues

Number of IT-related
security incidents is
increasing around the
world
4
IT Security Incidents: A Worsening
Problem

Question

WHY COMPUTER
INCIDENTS ARE SO
COMMON?
5
Increasing Complexity Increases
Vulnerability Why computer incidents are so common?

 Computing environment is enormously
complex
 Continues to increase in complexity
 Number of possible entry points to a
network expands continuously
6 Higher Computer User Expectations
Why computer incidents are so common?

 Computer help desks
 Under intense pressure to
provide fast responses to
users’ questions
 Sometimes forget to
Verify users’ identities
Check whether users are
authorized to perform the
requested action
 Computer users share
login IDs and passwords
7 Expanding and Changing Systems Introduce New Risks
Why computer incidents are so common?


Network era Past
 Personal computers connect to
networks with millions of other
computers
 All capable of sharing information

Information technology
 Ubiquitous (everywhere) Now
 Necessary tool for organizations to
achieve goals
 Increasingly difficult to keep up with
the pace of technological change
Challenge to properly carry out a
continuous evaluation of emerging
security risks
Challenge to put strategies in place to
address such risks
8 Perpetrators


Organized attacks by groups, not only an individual

Motives are the same as other criminals

Different objectives and access to varying
resources

Different levels of risk to accomplish an objective
Hacker Industr
s ial
Spies

Cracke Cyber-
rs crimina
ls

Insider Cyber-
s terrrori
sts
9
Classifying Perpetrators of Computer
Crime

Hackers Crackers Insiders
Test the limitations of An individual who causes An employee or contractor who
information systems out of problems, steals data, and attempts to gain financially and/or
intellectual curiosity to gain corrupts systems disrupt a company’s information
publicity (form of hacking) systems and business operations
Limited Resources Limited Resources Knowledge of systems and
passwords

High Frequency of attack Medium Frequency of attack Low Frequency of attack
10
Classifying Perpetrators of Computer
Crime

Industrial Cybercrimin Cyberterroris
Spies als ts
An individual who captures Someone who attacks a Someone who attempts to destroy
trade secrets and attempts computer system or network for the infrastructure components of
to gain an unfair financial gain governments, financial institutions,
competitive advantage and other corporations, utilities, and
emergency response units
Well funded and well trained Well funded and well trained Not necessarly well funded
and well trained

Low Frequency of attack Low Frequency of attack Low Frequency of attack
11 Reducing Vulnerabilities


Security of any system or network is

Combination of technology, policy, and people

Requires a wide range of activities to be effective

A strong security program begins by:

Assess threats to an organization’s computers and
network

Identify actions that address the most serious
vulnerabilities

Educate users

Monitor systems to detect a possible intrusion

Create a clear reaction plan to address any
intrusion event
12 Risk Assessment
Security Program


Organization’s review of:

Potential threats to computers and network

Probability of threats occurring

Identify investments that can best protect an
organization from the most likely and serious
threats

Reasonable assurance

Managers must use their judgment to ensure that the
cost of control does not exceed the system’s benefits or
the risks involved

Improve security in areas with:

Highest estimated cost

Poorest level of protection
13 Establishing a Security Policy
Security Program

 A security policy defines
 Organization’s security requirements
 Controls and sanctions needed to meet the
requirements
 Identify responsibilities and expected behavior
 Defines who is responsible for what and how
employees are expected to behave
 Outlines what needs to be done
 Not how to do it
 Automated system policies should mirror written
policies
14
Establishing a Security Policy
(continued)
Security Program

 Trade-off between
 Ease of use
 Increased security
 When a decision is made to prefer the ease of
use, then security incidents sometimes increase
 Areas of concern be addressed in a security
policy
 E-mail attachments
 Wireless devices
 VPN uses the Internet to relay communications
but maintains privacy through security features
 Additional security includes encrypting
originating and receiving network addresses
15 Educating Employees, Contractors, & Part-Time Workers
Security Program

 Educate users about the importance of security
 Motivate them to understand and follow security
policy
 Discuss recent security incidents that affected
the organization
 Help protect information systems by:
 Guarding passwords
Maintain the confidentiality of passwords
 Not allowing others to use passwords
 Applying strict access controls to protect data
 Reporting all unusual activity
16 Prevention

 Implement a layered security solution
 Make computer break-ins harder
 Firewall
 Limits network access
 Antivirus software
 Scans for a specific sequence of bytes
Known as the virus signature
 Examples:
Norton Antivirus
Dr. Solomon’s Antivirus from McAfee
17 Response

 Response plan
 Develop well in advance of any incident
 Approved by
Legal department
Responsible for all legal related matters such as
disputes investigations, mergers and acquisitions
Senior management
 Primary goals
 Regain control
 Limit damage
18 Response (continued)


Incident notification defines
 Who to notify
 Who not to notify

Questions to cover include the following:
 Within the company, who needs to be notified
 Under what conditions should the company contact
customers and suppliers?
 When should local authorities or the police be contacted?

Security experts recommend against releasing
specific information about a security compromise in
public forums

Document all details of a security incident
 All system events
 Specific actions taken
 All external conversations
19 Response (continued)

 Act quickly to contain an attack
 Eradication effort
 Collect and log all possible criminal
evidence from the system
 Verify necessary backups are current and
complete
 Create new backups
 Follow-up
 Determine how security was compromised
Prevent it from happening again
20 Response (continued)

 Review
 Determine exactly what happened
 Evaluate how the organization responded
 Capture the perpetrator
 Consider the potential for negative publicity
 An organization must determine if it is ethically or
legally required to notify clients or customers of a
cyberattack that might have put their financial
information or personal data at risk
 Legal precedent (court decision)
 Hold organizations accountable for their own IT security
weaknesses
21 Summary


Why computer incidents are so common?

Increasing Complexity which will lead to
Increasing in the Vulnerability of the system

Higher Computer User Expectations

Expanding and Changing Systems will introduce
New Risks

Perpetrators

How to reduce the vulnerabilities and
weaknesses of information systems

Risk Assessment

Establishing a Security Policy

Educating Employees, Contractors, & Part-Time
Workers

Prevention and Response plans
22 Hackers and Crackers

 Hackers
 Person skilled in information technology
who uses computers to gain unauthorized
access to data
 Test limitations of systems out of
intellectual curiosity
 Types: Black Hat Hackers and White Hat
Hackers

 Crackers
 Cracking is a form of hacking

23 Malicious Insiders

 Top security concern for companies
 Extremely difficult to detect or stop
 Authorized to access the very systems they abuse
 Knows how the system works and knows the
weaknesses
 Estimated 85 percent of all fraud is committed by
employees
 Usually due to weaknesses in internal control procedures
 Many frauds are found accidentally by chance
through:
Tips
Resolving payment difficulties with contractors or suppliers
Management change.
 Collusion is cooperation between an employee and an
outsider
 Example: an employee in accounting department,
might engage in collusion with a company supplier
 Insiders are not necessarily employees
 Can also be consultants and contractors
24 Cybercriminals

 Hack into corporate computers and steal
 Engage in all forms of computer fraud
 Chargebacks are disputed transactions
 Loss of customer trust has more impact than
fraud
 To reduce the potential for online credit card
fraud sites:
 Use encryption technology
 Verify the address submitted online against the
issuing bank
 Request a card verification value (CVV)
 Use transaction-risk scoring software