chapter 9 enhancing information/computer security
TRANSCRIPT
Chapter 9Chapter 9Enhancing Information/Computer Enhancing Information/Computer
SecuritySecurity
Valuable Proprietary InformationValuable Proprietary Information
Specific threats to security of proprietary Specific threats to security of proprietary information include:information include: Employees.Employees.
Nondisclosure agreements.Nondisclosure agreements. Noncompete agreements.Noncompete agreements. Secrecy agreements.Secrecy agreements.
Discarded information--in most states, garbage in Discarded information--in most states, garbage in dumpsters can be legally searched.dumpsters can be legally searched.
Unsecured telecommunication.Unsecured telecommunication. Acoustical surveillance.Acoustical surveillance.
Telecommunication SecurityTelecommunication Security
Telecommunication security includes Telecommunication security includes information communicated by:information communicated by: Voice, fax and computer.Voice, fax and computer. Using wirelines, microwave links, satellite Using wirelines, microwave links, satellite
systems and fiberoptic lines.systems and fiberoptic lines.
Computer Crime DefinedComputer Crime Defined
Computer crime includes accessing a Computer crime includes accessing a computer’s database without authorization computer’s database without authorization or exceeding authorization for the purpose or exceeding authorization for the purpose of sabotage or fraud.of sabotage or fraud.
It includes theft or destruction of software It includes theft or destruction of software and hardware as well.and hardware as well.
Seriousness of Computer CrimeSeriousness of Computer Crime
Computer crimes cost hundreds of millions Computer crimes cost hundreds of millions of dollars annually.of dollars annually.
In fact, computer crime or failure might In fact, computer crime or failure might destroy a business.destroy a business.
Threats to Computer CentersThreats to Computer Centers
The greatest security threats to computer The greatest security threats to computer centers are:centers are: Theft by fraud or embezzlement.Theft by fraud or embezzlement. Hackers.Hackers. Sabotage.Sabotage. Employee carelessness or error.Employee carelessness or error. Fire.Fire.
Computer Crime LegislationComputer Crime Legislation
Most common offenses:Most common offenses: Access to defraud.Access to defraud. Access to obtain money.Access to obtain money. Computer fraud.Computer fraud. Offenses against computer users.Offenses against computer users. Offenses against intellectual property.Offenses against intellectual property. Offenses against computer equipment and supplies.Offenses against computer equipment and supplies. Unauthorized access.Unauthorized access. Unauthorized or unlawful computer use.Unauthorized or unlawful computer use.
Electronic Communications Privacy Electronic Communications Privacy Act of 1986Act of 1986
The Act makes it illegal to intentionally The Act makes it illegal to intentionally access, without authorization, a facility access, without authorization, a facility providing electronic communication providing electronic communication services, or to intentionally exceed the services, or to intentionally exceed the authorization of access to such a facility.authorization of access to such a facility.
Reducing Computer Crime LossReducing Computer Crime Loss
Security measures for computer systems Security measures for computer systems include:include: Logical controls.Logical controls. Physical access controls.Physical access controls. Administrative controls.Administrative controls. Protecting against fire.Protecting against fire. Maintaining a backup system.Maintaining a backup system.
Investigating Computer CrimeInvestigating Computer Crime
Factors to consider in investigating Factors to consider in investigating computer crime include:computer crime include: Investigator’s knowledge and whether outside Investigator’s knowledge and whether outside
expertise is required.expertise is required. Likelihood of victim or an employee being Likelihood of victim or an employee being
involved.involved. The difficulty in detecting such crimes.The difficulty in detecting such crimes.
The Computer CriminalThe Computer Criminal
The typical computer “criminal” is:The typical computer “criminal” is:a young, middle-class technical person.a young, middle-class technical person.highly educated.highly educated.with no prior criminal record.with no prior criminal record.employed by the firm reporting the crime.employed by the firm reporting the crime.
Prosecuting Perpetrators of Prosecuting Perpetrators of Computer CrimeComputer Crime
The chance of a computer criminal being The chance of a computer criminal being caught and going to jail is approximately caught and going to jail is approximately one in twenty-seven thousand.one in twenty-seven thousand.
Summary QuestionsSummary Questions
How can valuable proprietary information be How can valuable proprietary information be obtained by competitors or criminals?obtained by competitors or criminals?
Can trash be legally searched by others?Can trash be legally searched by others? What does telecommunications security What does telecommunications security
involve?involve? What constitutes computer crime?What constitutes computer crime? How serious is computer crime?How serious is computer crime? What are the greatest threats to computer What are the greatest threats to computer
centers?centers?
Summary QuestionsSummary Questions
What legislation pertains to computer What legislation pertains to computer crime?crime?
What security measures can be taken to What security measures can be taken to reduce losses from computer crime?reduce losses from computer crime?
What factors should be considered when What factors should be considered when investigating a computer crime?investigating a computer crime?
Who is the typical computer criminal?Who is the typical computer criminal? What is the probability of computer crime What is the probability of computer crime
detection and the risk of prosecution?detection and the risk of prosecution?