Reynolds_PPT_ch03.ppt

Full Transcript

5e Ethics in Information Technology Chapter 3 Computer and Internet Crime George W. Reynolds...

5e Ethics in Information Technology Chapter 3 Computer and Internet Crime George W. Reynolds ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Learning Objectives  What key trade-offs and ethical issues are associated with the safeguarding of data and information systems?  Why has there been a dramatic increase in the number of computer-related security incidents in recent years?  What are the most common types of computer security attacks?  Who are the primary perpetrators of computer crime, and what are their objectives? ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 2 Learning Objectives  What are the key elements of a multilayer process for managing security vulnerabilities based on the concept of reasonable assurance?  What actions must be taken in response to a security incident?  What is computer forensics, and what role does it play in responding to a computer incident? ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 3 Ethical Decisions Regarding IT Security  To deal with computer crime, the firm should:  Pursue prosecution of the criminals at all costs  Maintain a low profile to avoid the negative publicity  Inform affected customers or take some other action  Following decisions should be taken by the firm  How much resources should be spent to safeguard against computer crime  What actions should be taken when a software is found susceptible to hacking  What should be done if recommended computer security safeguards increase operating costs ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 4 Why Computer Incidents are So Prevalent  Increasing complexity increases vulnerability  Number of entry points to a network expands continually, increasing the possibility of security breaches  Cloud computing: Environment where software and data storage are provided via the Internet  Virtualization software: Operates in a software layer that runs on top of the operating system  Enables multiple virtual machines to run on a single computer ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 5 Why Computer Incidents are So Prevalent  Higher computer user expectations  Not verifying users’  Sharing of login IDs and passwords by users  Expanding and changing systems require one to:  Keep up with the pace of technological change  Perform an ongoing assessment of new security risks  Implementing approaches for dealing with them ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 6 Why Computer Incidents are So Prevalent  Bring your own device (BYOD): Business policy that permits employees to use their own mobile devices to access company computing resources and applications  Increased reliance on commercial software with known vulnerabilities  Exploit: Attack on an information system that takes advantage of a particular system vulnerability  Zero-day attack: Takes place before the security community or software developer knows about the vulnerability or has been able to repair it ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 7 Types of Exploits Virus Piece of programming code, disguised as something else, that causes a computer to behave in an unexpected and undesirable manner Worm Harmful program that resides in the active memory of the computer and duplicates itself Trojan Horse Program in which malicious code is hidden inside a seemingly harmless program Logic bomb: Executes when it is triggered by a specific event ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 8 Types of Exploits Spam Abuse of email systems to send unsolicited email to large numbers of people CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) Generates and grades tests that humans can pass but computer programs cannot Distributed Denial-of-Service (DDoS) Attack Causes computers to flood a target site with demands for data and other small tasks Rootkit Enables user to gain administrator-level access to a computer without the end user’s consent Phishing Fraudulently using email to try to get the recipient to reveal personal data ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 9 Figure 3.2 - Distributed Denial- of-Service Attack Source Line: Course Technology/Cengage Learning. ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 10 CAN-SPAM Act  Controlling the Assault of Non-Solicited Pornography and Marketing (CAN- SPAM) Act  It is legal to spam, provided the messages meet a few basic requirements  Spammers cannot disguise their identity ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 11 Botnet  Group of computers which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners  Zombies: Computers that are taken over  used to distribute spam and malicious code ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 12 Types of Phishing  Spear-phishing: Phisher sends fraudulent emails to a certain organization’s employees  Emails are designed to look like they came from high-level executives within the organization  Smishing: Legitimate-looking text message sent to people, telling them to call a specific phone number or to log on to a Web site  Vishing: Victims receive a voice mail telling them to call a phone number or access a Web site ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 13 Types of Perpetrators Thrill seekers wanting a challenge Common criminals looking for financial gain Industrial spies trying to gain a competitive advantage Terrorists seeking to cause destruction to further their cause ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 14 Table 3.5 - Classifying Perpetrators of Computer Crime ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 15 Types of Perpetrators  Hackers: Test the limitations of information systems out of intellectual curiosity  Lamers or script kiddies: Terms used to refer to technically inept hackers  Malicious insiders  Employees, consultants, or contractors  Have some form of collusion  Collusion: Cooperation between an employee and an outsider  Negligent insiders: Poorly trained and inadequately managed employees who cause damage accidently ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 16 Types of Perpetrators  Industrial spies  Competitive intelligence: Legally obtained data gathered using sources available to the public  Industrial espionage: Using illegal means to obtain information that is not available to the public  Cybercriminals  Hack into computers to steal and engage in computer fraud  Data breach: Unintended release of sensitive data or the access of sensitive data by unauthorized individuals ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 17 Types of Perpetrators  Hacktivists: Hack to achieve a political or social goal  Cyberterrorists: Launch computer-based attacks to intimidate or coerce an organization in order to advance certain political or social objectives  Use techniques that destroy or disrupt services  Consider themselves to be at war  Have a very high acceptance of risk  Seek maximum impact ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 18 Strategies to Reduce Online Credit Card Fraud  Use encryption technology  Verify the address submitted online against the issuing bank  Request a card verification value (CVV)  Use transaction-risk scoring software  Use smart cards  Smart cards: Memory chips are updated with encrypted data every time the card is used ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 19 Table 3.6 - Federal Laws that Address Computer Crime ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 20 Trustworthy Computing ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 21 Risk Assessment  Assessing security-related risks to an organization’s computers and networks from internal and external threats  Identify investments that will protect the organization from most likely and serious threats  Asset - Hardware, software, information system, network, or database used by an organization to achieve its business objectives  Loss event - Any occurrence that has a negative impact on an asset ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 22 Figure 3.5 - General Security Risk Assessment Source Line: General Security Risk Assessment Guidelines, ASIS International (2003). See the Standards and Guidelines page of the ASIS International website (www.asisonline.org) for revisions and/or updates. Reprinted by permission. ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 23 Security Policy  Defines an organization’s security requirements and the controls and sanctions needed to meet those requirements  Delineates responsibilities and expected behavior  Outlines what needs to be done and not how it should be done ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 24 Establishing a Security Policy  Areas of concern  Use of email attachments  Use of wireless devices  Virtual private network (VPN): Works by using the Internet to relay communications  Encrypts data at the sending end and decrypts it at the receiving end ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 25 Educating Employees and Contract Workers  Motivates them to understand and follow the security policies  Users must help protect an organization’s information systems and data by:  Guarding their passwords  Prohibiting others from using their passwords  Applying strict access controls  Reporting all unusual activity to the organization’s IT security group  Ensuring that portable computing and data storage devices are protected ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 26 Prevention Install a corporate firewall Limits network access based on the organization’s access policy Intrusion detection system (IDS) Monitors system and network resources and activities Notifies network security personnel when network traffic attempts to circumvent the security measures Antivirus software Scans for a specific sequence of bytes, known as a virus signature Virus signature: Indicates the presence of a specific virus ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 27 Prevention Implement safeguards against attacks by malicious insiders Promptly delete the computer accounts, login IDs, and passwords of departing employees and contractors Defend against cyberterrorism Department of Homeland Security (DHS):Aims to secure critical infrastructure and information systems Address critical internet security threats High-impact vulnerabilities should be fixed on priority basis Conducting periodic it security audits Security audit: Evaluates whether an organization has a well- considered security policy in place and if it is being followed ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 28 United States Computer Emergency Readiness Team (US-CERT)  Partnership between the Department of Homeland Security and the public and private sectors  Protect the nation’s Internet infrastructure against cyberattacks  Serves as a clearinghouse for information on new viruses, worms, and other computer security topics ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 29 Figure 3.6 - Intrusion Detection System Credit: Monkey Business Images/Shutterstock.com. ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 30 Detection Systems Catch Minimize the Intruders in Impact of the Act Intruders ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 31 Response Plan  Incident notification  Define who to notify and who not to notify  Refrain from giving out specific information about a compromise in public forums  Protection of evidence and activity logs  Document all details of a security incident to help with future prosecution and incident eradication  Incident containment  Determine if an attack is dangerous enough to warrant shutting down the systems ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 32 Response  Eradication  Collect and log all criminal evidence from the system  Verify that all backups are current, complete, and free of any virus  Incident follow-up  Determine how the security was compromised  Conduct a review to evaluate how the organization responded  Create a detailed chronology of all events  Estimate the monetary damage ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 33 Computer Forensics  Combines elements of law and computer science to:  Identify, collect, examine, and preserve data from computer systems  Collect data in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 34 Table 3.10 - Partial List of Constitutional Amendments and Statutes Governing the Collection of Evidence ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 35 Summary  Ethical decisions in determining which information systems and data most need protection  Most common computer exploits  Viruses and worms  Trojan horses  Distributed denial-of-service attacks  Rootkits and spam  Phishing and spear-fishing  Smishing and vishing ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 36 Summary  Perpetrators include:  Hackers  Crackers  Malicious insider  Industrial spies  Cybercriminals  Hacktivist  Cyberterrorists ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 37 Summary  Must implement multilayer process for managing security vulnerabilities, including:  Assessment of threats  Identifying actions to address vulnerabilities  User education  IT must lead the effort to implement:  Security policies and procedures  Hardware and software to prevent security breaches  Computer forensics is key to fighting computer crime in a court of law ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 38

Use Quizgecko on...
Browser
Browser