Crime and Security in the Networked Economy Part 4.
-
Upload
rudolph-fowler -
Category
Documents
-
view
214 -
download
0
Transcript of Crime and Security in the Networked Economy Part 4.
Crime and Security in the Networked Economy
Part 4
The Changing Face of Crime
• IT Crime• IT Security• Types of IT Crime
– Theft– Fraud– Copyright Infringement– Attacks
TECHNOLOGY TRENDS & ETHICAL ISSUES
• Computing Power Doubles Every 18 Months
• Advances In Data Storage
• Advances In Data Mining Techniques
• Advances In Telecommunications Infrastructure
*
The Changing Face of Crime
• Types of IT Criminals– Employees– Outside Parties
• Hackers
– Organized Crime• Counterfeit Products• Intellectual Property Infringement
Risks to Information Systems
What causes damage to IS?Figure 17.4 What causes damage to ISs?
Human errors, accidents and omissions 50Ð80%
Dishonest employees 10Ð17%
Natural disasters 10Ð15%
Disgruntled employees 3Ð4%
Water 2Ð3%
Outsiders 1Ð3%
Source: Forcht, K.A, Computer Security Management, with the permission ofCourse Technology, Inc. Copyright 1992 by Boyd and Fraser Publishing Co.
Human errors, accidents, and omissions 50-80%
Dishonest employees 10 -17%
Natural Disasters 10-15%
Disgruntled employees 3-4%
Water 2-3%
Outsiders 1-3%
Changing Nature of Crime
Aspect of Crime IndustrialEconomy (1950)
NetworkedEconomy (2000)
Location Local Remote
Impact Low High
Format Physical Electronic
Risk High Low
Types of IT Crime• Theft of hardware, data or
information– National Computer Registry
• Fraudulent use of IT– Credit card fraud
– Investor fraud
– Medical and drug-related fraud
– Auction site fraud
Security
• Policies, protection, and tools to safeguard hardware, software, communication network, and data from unauthorized access, alteration, theft and physical damage.
Risks To Hardware
• Hardware Failure
• Natural Disasters
• Blackouts and Brownouts
• Vandalism
• Theft
Risks To Application and Data
• Software Failure
• Theft
• Alteration or Destruction
• Computer Virus
• Hacker
• Mishap– Training
Risks to Information SystemsCAUSE LOSSS IN
MILLIONSNUMBERSOF REPORTS
Theft $1,011 275,000
Power Failure $318 389,000
Accidents $246 276,000
Miscellaneous Causes $157 269,000
Lightening $86 91,000
Fire $72 19,000
Transit $53 54,000
Water $51 34,000
Total $1,994 1,407,000
Source: Software, The Insurance Agency, Inc., quoted in “1993 ComputerLosses,” MacWeek, Vol 8 No 36, September 12, 1994, p. 28.
Theft/Alteration of Information
• Secure Passwords– Biometric Controls
• Data Entry Controls• Audit Trails• Separation of Duties
• Back-up copies secured
• Shred Printouts• Secure diskettes
Protection from Disasters
• Fault-tolerant Systems– Extra hardware, software, and power supply
components that can back the system up and keep it running.
• Back-up of Data• Secure Area• Battery Back-up
– UPS
Copyright Infringement
• Software Piracy
• Business Software Alliance
• 1980 Software Copyright Act
• 1997 No Electronic Theft Act (NET)
Copyright Infringement• Music Piracy
• Motion Picture Experts Group
• MPEG version 3
• MP3 Rio Player
• NET Act Coverage
Computer Virus
• Software Program that spreads through system destroying data and Operating System.– Scan Disks with Current Antivirus Program– Know Origin of Software– Don’t Copy– Watch Downloads– Passwords for Access
Anti-Virus
Virus Generation Process
Virus is Createdat Terminal or PC
Virus is Transmitted to OtherComputers via Network or Disk
Virus ReplicatesItself on
New Computers,Taking Over
Main Memory
Virus Sends Copies of Itselfover Network or on Diskto More Computers
VIRUS Attacks• Worm
• Trojan Horse
• Time Bomb
• Logic Bomb
• Trapdoor
• Attacks on Web and E-mail Servers
Information Technology Security
• Threats to the Computer–Physical Security
• Controlled Access
–Data Security• Backups
–Internet Security
Information Technology Security
• Surge Protection• Uninterruptible Power Supplies
(UPS)• Password Policy and Use• Personal Identification Number
(PIN)• System Audit Software
• Person who gains unauthorized access to a computer network for profit, criminal mischief, or personal pleasure.– Passwords– Callback– Firewall– Encryption
HACKER
Data Encryption Systems• Plaintext
–Ciphertext
–Public Key Encryption Systems
–Private Key
SET EncryptionRequest is Sent toE-commerce Server
E-Commerce ServerVerifies Transaction
Types of IT CrimeSecure Electronic Transmission (SET)
Purchaseis Requested
MerchantSends Recordto Bank
Transactionis Approved Bank Credits
Merchant’s Account
Encrypting Communications Increases Security
Figure 17.10 Encrypting communications increases security.
Plain Text
LetÕs meet at11pm at theregular place
LetÕs meet at11pm at theregular place
Encrypted Message Decrypted Message
encryption decryption@#$%^&*)(hJKgfSed%$dE?><:Ó{><?V
Firewalls• Software to separate users from computing
resources.
• Allows retrieval and viewing of certain material, but blocks attempts to make any changes in the information or to access data that reside on the same computer.
• They are also used to keep unauthorized software away.
Firewall Around Network
Internet Security
• 4 Basic Firewall Actions– Packet can be dropped entirely
– Alert network administrator
– Return failed message to sender
– Action can be logged only