D2.2 Executive summary and brief: Cyber crime inventory and networks in non-ict sectors
|
|
- Garey Bates
- 8 years ago
- Views:
Transcription
1 FP7-SEC Grant Agreement Number Collaborative Project E-CRIME The economic impacts of cyber crime D2.2 Executive summary and brief: Cyber crime inventory and networks in non-ict sectors Deliverable submitted in January in fulfilment of the requirements of the FP7 project, E-CRIME The economic impacts of cyber crime This project has received funding from the European Union s Seventh Framework Programme for research, technological development and demonstration under grant agreement n E-CRIME Coordinator: Trilateral Research & Consulting (TRI) Crown House 72 Hammersmith Road London 14 8TH T:
2 Project Acronym Project full title Website E-CRIME The economic impacts of cyber crime Grant Agreement # Funding Scheme FP7-SEC Deliverable number: D2.2 Title: Executive summary and brief: Cyber crime inventory and networks in non-ict sectors Due date: 03/03/15 Actual submission date: 03/03/15 Lead contractor: Contact: Tallinn University of Technology Rain Ottis Authors: Reviewers: Tiia Sõmer Rain Ottis Toomas Lepik INT and TUD Dissemination Level:
3 Contents Introduction... 4 Taxonomy and inventory... 4 Costs of cyber crime... 5 Cyber criminal revenue... 6 Legislation... 6 Culture... 6 Journey mapping... 7 Victims of cyber crime... 7 Cyber crime networks and ecosystem... 8 Perpetrators of cyber crime... 9 Conclusion... 11
4 Introduction Cyber crime is growing in intensity, and modern criminals seem to have clear, almost business-like objectives. The issue of cyber crime is complex, and in order to understand it better, deeper insight into all different aspects related to cyber crime it is needed. The current deliverable is a part of the E-CRIME project. In this work package, the aim was to analyse the structures and drivers behind cyber crime, their economies and criminal revenue streams; and to develop perpetrator and victim journeys. We have provided an overview of the cost of cybercrime and cultural aspects related to cybercrime, and presented journey maps for both victims of cyber crime and the perpetrators of cyber crime. The work undertaken is based on literature review and expert interviews, but also a questionnaire to stakeholders developed as part of the current work. This report is being published at an early stage in the three-year E-CRIME project because of its significance to other work packages. The results presented above will feed into WP4 on economic impact and analysis, the gap analysis in WP7 and will be used as additional input for determining critical interventions to deter criminals in WP8. This report presents the results of the work performed in respect of Tasks 2.3 and 2.4 of WP2. Task 2.3 consisted of developing and distributing a questionnaire to key stakeholders in order to collect additional real-life information. The results of this questionnaire were fed into Task 2.4, the aim of which was mapping of cyber crime journeys and structures. Taxonomy and inventory The concept of cyber crime is problematic because it is open to a variety of social, political, practical and scientific interpretations and explanations. The definition adopted for the E-CRIME project initially was broad, including all cyber activities supporting crime in any aspects. However, in the course of project development and initial findings, the consortium has redefined the area of research and the focus for taxonomy and journey mapping to include legal and practical considerations stemming from the selected non-ict sectors (i.e., energy, financial services, health, retail, and transport). This was motivated mostly by the need to develop taxonomy and journey mapping which can effectively be used as an input for identifying not only practical, but also inter- and cross-sector opportunities or solutions to manage threats from cyber crime. For this, the current work had to be firmly based on a shared understanding of what is legally considered as cyber crime, while at the same time being economically relevant to the identified non- ICT sectors. In order to do that we have initially used the Council of Europe Convention on Cybercrime (2001). As a result the work undertaken in this research focused on offences against the confidentiality, integrity and availability of computer systems and data; computer related offences (forgery, fraud); and offences related to infringements of copyright and related rights. The consortium decided not to cover content-related offences, since these are not economically relevant for the non-ict sectors selected for the purposes of this analysis; namely energy, financial services, health, retail, and transport. The final taxonomy developed is presented in Table 1. CoE Convention Alkaabi Subgroup Alkaabi Crime (Article 2) Illegal access 1A - Unauthorised 1. Hacking Access 2B - Unauthorised Alteration of Data or Software for Personal or Organisational Gain 3. Privacy
5 (Article 3) Illegal interception 1D - Theft or Misuse of 2. Misuse of Services Services (Article 4) Data interference 1B - Malicious Code 1. Virus 2. Worm 3. Trojan Horse 4. Software Bomb 2B - Unauthorised 4. Sabotage Alteration of Data or Software for Personal or Organisational Gain (Article 5) System interference 1B - Malicious Code 1. Virus 2. Worm 3. Trojan Horse 4. Software Bomb 1C - Interruption of Services 1. Disrupting Computer Services 2. Denying Computer Services 2B- Unauthorised 4. Sabotage Alteration of Data or Software for Personal or Organisational Gain (Article 6) Misuse of devices 1D - Theft or Misuse of Services 1. Theft of Services 2. Misuse of Services 2C - Improper Uses of Communications 1. Harassment 3. Cyber-stalking 4. Spamming 5. Conspiracy 6. Extortion (not Critical Infrastructure Threats) 7. Drug Trafficking 8. Social Engineering (Article 7) Computer-related forgery 2A - Content Violations 7. Forgery / Counterfeit Documents (Article 8) Computer-related fraud 2B- Unauthorised Alteration of Data or Software for Personal or Organisational Gain 1. Identity Theft 2. Online Fraud 5. Telemarketing / Internet Fraud 6. Electronic Manipulation of Markets 2C - Improper Uses of Communications 2. Online Money Laundering (Article 9) Offences related to child pornography 2A - Content Violations 1. Child Pornography (Article 10) Offences related to infringements of copyright and related rights 2A - Content Violations Table 1. E-CRIME cyber crime taxonomy 5. Copyright Crimes 6. Intellectual property Costs of cyber crime An essential element in analysing the impact of cybercrime is to measure its costs. Most studies looked at for the work within the current research do not provide definitive, widely accepted results. The cost
6 estimates usually cover known direct costs related to detected cyber crimes, or provide speculative extrapolations of single cases to overall population. The criminal revenues and direct losses, reported by the victims, provide important information in relation to cyber crime. Direct losses are the monetary equivalent of losses and damages directly felt by the victim of a cybercrime. These can be money withdrawn from victim account, time and effort to reset credentials, but also hidden costs (i.e. distress suffered). The criminal revenue is the monetary equivalent of the gross receipts from a crime. But there are also indirect costs of cyber crime: the monetary equivalent of the losses and opportunity costs imposed on the society, such as loss of trust in online banking, reduced trust on electronic services, or efforts to clean infected devices. An important element is also defence costs, or monetary equivalent of prevention (security products, browser extensions, security services, training). Even though defence costs cannot be accounted to any particular criminal attack, the are still part of overall cybercriminal costs. As a result of work undertaken, we would like to emphasise the importance of indirect losses and defence costs in analysing the cost of cyber crime. The collection of new data, to be conducted in work package 4 and the economic framework to be developed in work package 6 of the E-CRIME project, should take into account a need to consider indirect and defence costs together with direct costs. Cyber criminal revenue While much is written about the costs of cyber-crime, the headline figures available typically focus on the negative economic impact to the victims. However, published research into how much profit specific cyber-criminal entities are making, is sparse. The cost to an individual or organisation from a cyber attack does not directly equate to the amount of tangible profit the cyber-criminal receives. Based on our research we can conclude that at least some types of cyber-crimes are profitable, otherwise there would be much less of an interest in it. However, in order to build an accurate picture of true numbers of cyber criminal revenue, more openly available research in understanding such costs and true profitability is required. Legislation Successful fight against cyber crime requires a well-working interplay between a number of legal aspects. This paper looked at substantial and procedural criminal law, investigative measures, regional and international information exchange, jurisdiction, and operational mechanisms for international cooperation. Legal aspects are especially important, since cyber crime in most cases involves many jurisdictions, with parts of the crime taking place in different countries. Culture Culture can also play a key part in cyber crime. However, the key problem with the investigation of culture as a motivating factor in cyber crime is that culture is not a simple, easily-defined entity. It involves a wide range of factors, including morality, religion, politics and many other belief systems and ideologies. The aspect of cultural dimensions in connection with cybercrime is vast and we have looked at ways this has been linked to cyber crime in existing literature. The use of cultural aspects in connection with cyber attacks may augment the existing solutions in finding the origin of attacks, but it would fall outside the scope of this research.
7 Journey mapping Central to the work in this research was journey mapping. This map -style of output has been adopted and applied within a number of different disciplines where it is often referred to as a script, a predetermined, stereotyped sequence of actions that define a situation in a particular context. For the purposes of E-CRIME project we have developed eight journeys from the victim perspective and nine journeys from perpetrator perspective, representing a sequence of events within a select number of cybercrimes. The selection of journeys was based on commonalities between different crimes as provided for in existing literature and the results of expert interviews. Victims of cyber crime Cyber crime acts are distributed across different cyber crime categories, with victimisation rates higher than conventional crime. The current research looks at victimisation, before looking at crime victim s journeys. The cyber crime victim journeys were looked at within three general types of offences (offences against the confidentiality, Integrity and availability of computer systems and data; computer related offences (forgery, fraud); and offences related to infringements of copyright and related rights). Within these, we described the relevant cybercrime victim journeys, providing reference to the corresponding perpetrator journeys. Victims of cyber crime can be affected through their own action during regular use of information technology: using (receiving and opening infected messages, attachments or links), browsing the web (visiting infected websites), using removable media (infected USB-s, hardware), etc. Alternatively, one s devices or systems can become infected, if these are not patched or updated, if unsupported software or hardware is used, or if systems are poorly managed. Once affected by a criminal act, the victim will face damages. Their accounts may be hijacked, their identity may be stolen, they may lose data or intellectual property or it can become unavailable to them, data and devices may become encrypted, they may suffer direct financial losses, there might be damage to their reputation, or their computing power and other resources may be abused. After gaining victim view on cyber crime and drawing respective crime journeys, the paper continues with a look at the perpetrator view. The criminals seem to know which end-results they want to achieve, and how to reach these goals. They are sometimes willing to spend a lot of time in research and in planning their actions. On the other hand, a criminal action may also emerge during the course of other (criminal) activities, by accident. There are also some cyber crimes that do not tangibly benefit the criminal: attacks related to hacktivism are typically not motivated by personal gain. An illustrative victim journey can be seen in Figure 1.
8 Figure 1. General victim journey The research undertaken within the current project looked at the cyber crime victim journeys from the Council of Europe s Cybercrime Convention (2001) as a starting point. We describe the journeys in cases of offences against confidentiality, integrity and availability; computer related offences (forgery, fraud); and offences related to infringements of copyright and related rights. Content-related offences (such as offences related to child pornography) are outside the scope of the current work. Victim journey maps for the three types of offences are provided. Cyber crime networks and ecosystem As it seemed obvious that different organisational structures are involved in cyber crime, we looked at literature concerning this. The players in black markets come from all over the world, there are international criminal organisations, but also virtual criminal networks. We looked at four main types of cyber criminals: international criminal organisations, foreign intelligence agencies (i.e., states), individuals and small criminal groups, and legitimate organisations. The cyber criminal ecosystem is very big, there are many players, it is disjointed and constantly changing. Based on the research into cyber crime journeys, we were able to identify the key roles in the cyber crime networks and economic structures. However, it has to be noted that one person can perform many roles simultaneously, or less sophisticated crimes may not require the full range of roles in a criminal ecosystem. Therefore,
9 the cyber crime network and economic structure map developed for the current research is a generalization that may not fit to each specific criminal network. It is challenging to describe the entire ecosystem of cyber crime, as it is very big, there are many players, it is disjointed and constantly changing (RAND Corporation 2014). Based on the research into cyber crime journeys, we were able to identify the following key roles in the cyber crime networks and economic structures. However, since the same person or group can perform multiple roles simultaneously, the resulting map is a generalization that may not fit to a specific criminal network. In addition, some less sophisticated cyber crimes may not need the full range of roles described below. Therefore, the map should be viewed as a guide and not a strict blueprint (see Figure 2 below). Developer Criminal Service Provider Monetization Service Provider Organized Crime Black Market Victim Intermediate victim Infrastructure Provider Criminal Zero Corruption Figure 2. cyber crime network and economic structure map Perpetrators of cyber crime Having looked at the victim view, and then at cyber crime networks and economic structures, we continued to look at the perpetrator journeys. Crimes can be seen as a process, where resources are required and decisions are made, constituting the modus operandi of a crime. From the perspective of the criminal, we grouped similar actions under broad terms: preparation, execution, and monetization. The preparation phase of a crime includes pre-attack actions, i.e. initial decision, deciding the worthiness of attack, identifying victims, and conducting targeted reconnaissance. It also includes the choice of an attack method, including the cyber criminal undertaking an analysis of their own means and abilities, and deciding on whether to use outsourcing or buying solutions from such service providers. The execution phase includes creating an attack plan and executing the attack, which comprises of entering or interfacing with target system and the actual criminal activities (i.e. distributed denial of service (DDoS), extortion, espionage, etc.) themselves. The monetization phase includes both payment in some form and the laundering of this payment, finally ending in personal
10 gain for the criminal. In this work, we provide a general crime cycle, and thereafter specific crime cycles for building a botnet, extortion (ransomware), espionage (APT/ APA), malware development/ 0-day exploit development, VoIP attacks, cryptocurrency mining, DRM cracking, and click fraud. The selection of criminal journeys to be mapped within this project was decided after combining initial research with expert interviews. We believe the journeys mapped within this research cover a wide area of cyber criminal activities, by representing major criminal modus operandi. These maps help identify the cyber criminals modus operandi, an account of how they operate within a crime cycle from preparation to monetization and exit. Figure 3. General cyber crime cycle including motivation Based on literature review and expert interviews, but also a questionnaire to stakeholders developed as part of the current work, eight cyber crime journey maps were drawn up: - Building a botnet; - Extortion (ransomware); - Espionage (APT/ APA); - Malware development/ zero-day exploit development; - Cryptocurrency mining; - DRM cracking; - VoIP attacks; - Click Fraud
11 For each journey, a mapping was conducted in three principal phases of cyber crime: preparation, execution and monetization. These maps help identify the cyber criminals modus operandi, an account of how they operate within a crime cycle from preparation to monetization and exit. It will also provide a sense of the processes and practices through which cyber crime occurs. Conclusion This report stands alone as a specific piece of work relating to the completion of two specific tasks within work package 2, but it should be remembered that it is one deliverable among many that will present a comprehensive view of the current state of cyber crime.
Cybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationCybersecurity in SMEs: Evaluating the Risks and Possible Solutions. BANCHE E SICUREZZA 2015 Rome, Italy 5 June 2015 Arthur Brocato, UNICRI
Cybersecurity in SMEs: Evaluating the Risks and Possible Solutions BANCHE E SICUREZZA 2015 Rome, Italy 5 June 2015 Arthur Brocato, UNICRI UNICRI s Main Goals The United Nations Interregional Crime and
More informationAn Overview of Cybersecurity and Cybercrime in Taiwan
An Overview of Cybersecurity and Cybercrime in Taiwan I. Introduction To strengthen Taiwan's capability to deal with information and communication security issues, the National Information and Communication
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationInvestigating Computer Crime. Professor Carsten Maple University of Bedfordshire 8th February 2013
Investigating Computer Crime Professor Carsten Maple University of Bedfordshire 8th February 2013 Why am I here? Background Computer Scientist applicable computing Co-author of UK Security Breaches Report
More informationPromoting a cyber security culture and demand compliance with minimum security standards;
Input by Dr. S.C. Cwele Minister of State Security, Republic of South Africa Cyber Security Meeting, Johannesburg 27 March 2014 I would like to thank the Wits School of Governance for inviting us to contribute
More informationModule 5: Analytical Writing
Module 5: Analytical Writing Aims of this module: To identify the nature and features of analytical writing To discover the differences between descriptive and analytical writing To explain how to develop
More informationThe FBI and the Internet
The FBI and the Internet Special Agent Robert Flaim Federal Bureau of Investigation Presentation Goals To give you a better understanding of: The FBI Cyber Division, its priorities, and its mission The
More informationAcceptable Use Policy
Acceptable Use Policy 1. General Interoute reserves the right to modify the Acceptable Use Policy ( AUP ) from time to time. Changes to this Acceptable Use Policy will be notified to Customer in accordance
More informationCyber Threats: Exposures and Breach Costs
Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals
More informationFighting Cyber Crime in the Telecommunications Industry. Sachi Chakrabarty
Fighting Cyber Crime in the Telecommunications Industry Sachi Chakrabarty Agenda Cyber Crime What s all the fuss about CyberCrime? DoS Attacks Telco Solutions Cybercrime? Cybercrime Definition All criminal
More informationT-CY Guidance Note #4 Identity theft and phishing in relation to fraud
www.coe.int/tcy Strasbourg, 5 June 2013 T-CY (2013)8E Rev Cybercrime Convention Committee (T-CY) T-CY Guidance Note #4 Identity theft and phishing in relation to fraud Adopted by the 9 th Plenary of the
More informationHow do we Police Cyber Crime?
How do we Police Cyber Crime? Thursday 4 th June 2015 Craig Jones, SEROCU Presentation Content UK policing cyber crime programme Cyber threat landscape and impact Cyber business resilience Future Challenges
More informationMonitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012
Monitoring and Logging Policy Document Status Security Classification Version 1.0 Level 1 - PUBLIC Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst Change History
More informationATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy
ATHLONE INSTITUTE OF TECHNOLOGY I.T Acceptable Usage Staff Policy Table of Contents 1. Purpose... 2 2. Terminology... 2 3. Scope... 2 4. Acceptable Usage Policy... 3 5. Policy Acceptance... 6 6. Policy
More informationTYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510
TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME Haya Fetais & Mohammed Shabana Saint Leo University COM- 510 November 23, 2014 Introduction Globalization and technological developments have infiltrated
More informationThreats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1
Threats and Attacks Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to:
More informationNEW ZEALAND S CYBER SECURITY STRATEGY
Appendix 1 NEW ZEALAND S CYBER SECURITY STRATEGY June 2011 New Zealand Government 7 June 2011 ISBN: 978-0-478-38200-6 www.med.govt.nz/cyberstrategy MED11 Foreword from the Minister The Internet and digital
More informationProject 2020: Preparing Your Organization for Future Cyber Threats Today
Project 2020: Preparing Your Organization for Future Cyber Threats Today SESSION ID: CLE-T08 Ken Low CISSP GSLC Director of Cybersecurity Programs, Asia Pacific TREND MICRO 2 PROJECT 2020 An initiative
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationManaging Cyber Risk through Insurance
Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes
More informationThe Cancer Running Through IT Cybercrime and Information Security
WHITE PAPER The Cancer Running Through IT Prepared by: Richard Brown, Senior Service Management Consultant Steve Ingall, Head of Consultancy 60 Lombard Street London EC3V 9EA T: +44 (0)207 464 8883 E:
More informationTerms & Conditions. In this section you can find: - Website usage terms and conditions 1, 2, 3. - Website disclaimer
1 Terms & Conditions In this section you can find: - Website usage terms and conditions 1, 2, 3 - Website disclaimer -Acceptable internet use policy 1,2,3,4 - Acceptable email use policy 1, 2 - Copyright
More information5957/1/10 REV 1 GS/np 1 DG H 2 B LIMITE EN
COUNCIL OF THE EUROPEAN UNION Brussels, 8 March 2010 5957/1/10 REV 1 LIMITE CRIMORG 22 ENFOPOL 32 NOTE from: to: Subject: Presidency Multidisciplinary Group on Organised Crime (MDG) Draft Council Conclusions
More informationThe Impact of Cybercrime on Business
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
More informationCyber Crime Research. Presentation by the Australian Institute of Criminology. Dr Russell G Smith Principal Criminologist
Cyber Crime Research Presentation by the Australian Institute of Criminology Dr Russell G Smith Principal Criminologist The Australian Institute of Criminology Australia's national research and knowledge
More informationUsing big data analytics to identify malicious content: a case study on spam emails
Using big data analytics to identify malicious content: a case study on spam emails Mamoun Alazab & Roderic Broadhurst Mamoun.alazab@anu.edu.au http://cybercrime.anu.edu.au 2 Outline Background Cybercrime
More informationT-CY Guidance Note #5
www.coe.int/tcy Strasbourg, 5 June 2013 T-CY (2013)10E Rev Cybercrime Convention Committee (T-CY) T-CY Guidance Note #5 DDOS attacks Adopted by the 9 th Plenary of the T-CY (4-5 June 2013) Contact: Alexander
More informationCYBER RISK SECURITY, NETWORK & PRIVACY
CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread
More informationThe term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT.
Website - Terms and Conditions Welcome to our website. If you continue to browse and use this website you are agreeing to comply with and be bound by the following terms and conditions of use, which together
More informationCYBERCRIME AND THE LAW
CYBERCRIME AND THE LAW INTERNATIONAL LAW CYBERCRIME CONVENTION Convention on Cybercrime / Budapest Convention first international treaty seeking to address Internet and computer crime by harmonizing national
More informationAustralia s proposed accession to the Council of Europe Convention on Cybercrime
Assistant Secretary Telecommunications and Surveillance Law Branch National Security Law and Policy Division Attorney-General's Department 3-5 National Circuit Barton ACT 2600 Email: tslb@ag.gov.au Australia
More informationAcceptable Use Policy
Acceptable Use Policy Contents 1. Internet Abuse... 2 2. Bulk Commercial E-Mail... 2 3. Unsolicited E-Mail... 3 4. Vulnerability Testing... 3 5. Newsgroup, Chat Forums, Other Networks... 3 6. Offensive
More informationAcceptable Use Policy
Acceptable Use Policy TABLE OF CONTENTS PURPOSE... 4 SCOPE... 4 AUDIENCE... 4 COMPLIANCE & ENFORCEMENT... 4 POLICY STATEMENTS... 5 1. General... 5 2. Authorized Users... 5 3. Loss and Theft... 5 4. Illegal
More informationResearch Topics in the National Cyber Security Research Agenda
Research Topics in the National Cyber Security Research Agenda Trust and Security for our Digital Life About this document: This document summarizes the research topics as identified in the National Cyber
More information9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500
INFO 1500 9. Information Assurance and Security, Protecting Information Resources 11. ecommerce and ebusiness Janeela Maraj Tutorial 9 21/11/2014 9. Information Assurance and Security, Protecting Information
More informationPerception of Cyber Crime in Slovenia
VARSTVOSLOVJE, Journal of Criminal Justice and Security year 12 no. 4 pp. 378-396 Perception of Cyber Crime in Slovenia Maja Dimc, Bojan Dobovšek Purpose: The purpose of this article is to present the
More informationAPIP - Cyber Liability Insurance Coverages, Limits, and FAQ
APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP
More informationHAZELDENE LOWER SCHOOL
HAZELDENE LOWER SCHOOL POLICY AND PROCEDURES FOR MONITORING EQUIPMENT AND APPROPRIATE ICT USE WRITTEN MARCH 2015 SIGNED HEADTEACHER SIGNED CHAIR OF GOVERNORS DATE.. DATE. TO BE REVIEWED SEPTEMBER 2016
More informationMONTENEGRO NATIONAL CYBER SECURITY STRATEGY FOR MONTENEGRO 2013-2017
MONTENEGRO NATIONAL CYBER SECURITY STRATEGY FOR MONTENEGRO - Podgorica, July CONTENTS 1. INTRODUCTION... 3 2. DEFINITIONS... 5 3. CYBER SECURITY MANAGEMENT SYSTEM... 8 3.1 METHOD OF MONITORING STARTEGY
More informationCybercrime in Canadian Criminal Law
Cybercrime in Canadian Criminal Law Sara M. Smyth, LL.M., Ph. D. Member of the Law Society of British Columbia CARSWELL Table of Contents Preface Table of Cases v xvii PART ONE Introduction to Cybercrime
More informationCybercrimes: A Multidisciplinary Analysis
Sumit Ghosh Elliot Turrini Editors Cybercrimes: A Multidisciplinary Analysis fyj Springer Part I Introducing Cybercrimes 1 A Pragmatic, Experiential Definition of Computer Crimes 3 1.1 Introducing Computer
More informationModalities for Forensic Review of Computer Related Frauds
Modalities for Forensic Review of Computer Related Frauds Neneh Addico (CFE, CA), MTN Ghana Outline Recent Computer Crime Cases What is Computer Crime Forensics Types of Computer Related Crimes Relevance
More informationAcceptable Usage Policy
Version 2.1 20141230 Acceptable Usage Policy Acceptable Usage Policy Contents 1. PURPOSE OF THIS POLICY... 2 2. GENERAL... 2 3. APPLICATION... 2 4. UNREASONABLE USE... 2 5. UNACCEPTABLE USE... 3 6. SPAM...
More informationSenior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES
Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationDiscussion paper. Discussion paper on the coverage of crime statistics. 23 January 2014. Office for National Statistics paper
on the coverage of crime statistics 23 January 2014 1 Introduction This discussion has been produced in response to questions about the coverage of official statistics on crime, in particular, the extent
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationAnthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa
SECURING THE DIGITAL DIVIDE: COMBATING CYBERCRIME Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa INTRODUCTION q Given modern
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationAPPROPRIATE USE OF INFORMATION POLICY 3511 TECHNOLOGY RESOURCES ADOPTED: 06/17/08 PAGE 1 of 5
PAGE 1 of 5 PURPOSE Triton College s computer and information network is a continually growing and changing resource supporting thousands of users and systems. These resources are vital for the fulfillment
More informationEuropol Cybercrime Centre. The perspective of Europol on Cybercrime. Courmayeur Mont Blanc, Italy, 2-4 December 2011
Europol Cybercrime Centre The perspective of Europol on Cybercrime Courmayeur Mont Blanc, Italy, 2-4 December 2011 The Threat The threat from cybercrime is multi-dimensional, targeting citizens, businesses,
More informationINTRODUCTION DEVELOPMENT AND PHENOMENA
INTRODUCTION DEVELOPMENT AND PHENOMENA ITU, ICB4PAC 02.03.2011, Vanuatu Prof. Dr. Marco Gercke, Director Cybercrime Research Institute Cybercrime Page: 1 GENERAL INTRODUCTION Cybercrime Seite: 2 CYBERCRIME
More informationKeynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.
Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part
More informationIdentity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office
Identity Theft CHRISTOS TOPAKAS Head of Group IT Security and Control Office Agenda Identity Theft Threats and Techniques Identity Theft Definition and Facts Identity Theft & Financial Institutions Prevention
More informationOverview of computer and communications security
Overview of computer and communications security 2 1 Basic security concepts Assets Threats Security services Security mechanisms 2 Assets Logical resources Information Money (electronic) Personal data
More informationOVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft
OVERVIEW 2 1. Cyber Crime Unit organization 2. Legal framework 3. Identity theft modus operandi 4. How to avoid online identity theft 5. Main challenges for investigation 6. Conclusions ORGANIZATION 3
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
More informationKnowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014
Knowing Your Enemy How Your Business is Attacked Andrew Rogoyski June 2014 Why Cyber is the New Security 1986: Lawrence Berkeley NL discovers attempt to copy US Government Information on Arpanet 1988:
More informationIn an age where so many businesses and systems are reliant on computer systems,
Cyber Security Laws and Policy Implications of these Laws In an age where so many businesses and systems are reliant on computer systems, there is a large incentive for maintaining the security of their
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationIdentifying Cyber Risks and How they Impact Your Business
10 December, 2014 Identifying Cyber Risks and How they Impact Your Business David Bateman, Partner, K&L Gates, Seattle Sasi-Kanth Mallela, Special Counsel, K&L Gates, London Copyright 2013 by K&L Gates
More informationService Monitoring Discrimination. Prohibited Uses and Activities Spamming Intellectual Property Violations 5
WIN reserves the right to prioritize traffic based on real time and non-real time applications during heavy congestion periods, based on generally accepted technical measures. WIN sets speed thresholds
More informationIT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS
IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS Contents Introduction... 2 Key figures... 3 Methodology... 4 Concerns and priorities of IT managers: data comes first...
More information資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系
資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 Outline Infosec, COMPUSEC, COMSEC, and Network Security Why do we need Infosec and COMSEC? Security
More informationCOB 302 Management Information System (Lesson 8)
COB 302 Management Information System (Lesson 8) Dr. Stanley Wong Macau University of Science and Technology Chapter 13 Security and Ethical Challenges 安 全 與 倫 理 挑 戰 Remarks: Some of the contents in this
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationADVANCEMENT OF CYBER SECUIRTY THROUGH PUBLIC PRIVATE PARTENERSHIP ICT WEEK AUC 4-6 DEC 2013
ADVANCEMENT OF CYBER SECUIRTY THROUGH PUBLIC PRIVATE PARTENERSHIP ICT WEEK AUC 4-6 DEC 2013 1 CONTENT INTRODUCTION COMESA CYBER SECUIRTY PROGRAMME CYBER SECURITY ECONOMICS WHY PPPs? PPPs ACTORs CHALLENGES
More informationCybercrime: an overview of incidents and issues in Canada
Cybercrime: an overview of incidents and issues in Canada 2014 HER MAJESTY THE QUEEN IN RIGHT OF CANADA as represented by the Royal Canadian Mounted Police. Cat. no.: PS64-116/2014E-PDF ISBN: 978-1-100-24379-5
More informationDeliverable D7.2: The project website
Project acronym: TRACE Project title: Trafficking as A Criminal Enterprise Grant number: 607669 Programme: Seventh Framework Programme Security Research Objective: SEC-2013.6.1-3 Contract type: Coordination
More informationService and anonymisation.
THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2014 9 EXECUTIVE SUMMARY The Internet Organised Crime Threat Assessment (iocta) informs decision makers at strategic, policy and tactical levels about
More informationCyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte
Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private
More informationResponsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy
1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines
More informationOnline security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.
Defeating cybercriminals Protecting online banking clients in a rapidly evolving online environment The threat As the pace of technological change accelerates, so does the resourcefulness and ingenuity
More informationRegulation 8.3.R2 COMPUTING AND NETWORK FACILITIES RULES. 1. Definitions. In this regulation unless a contrary intention appears.
Regulation 8.3.R2 COMPUTING AND NETWORK FACILITIES RULES 1. Definitions In this regulation unless a contrary intention appears Authority means (i) in relation to the central facilities and computing and
More informationCYBERSECURITY INESTIGATION AND ANALYSIS
CYBERSECURITY INESTIGATION AND ANALYSIS The New Crime of the Digital Age The Internet is not just the hotspot of all things digital and technical. Because of the conveniences of the Internet and its accessibility,
More informationAcceptable Use Policy
Sell your Products Online and Web by Numbers are brands of Web by Numbers Ltd (hereinafter referred to as Web by Numbers ) Acceptable Use Policy Web by Numbers has created this Acceptable Use Policy (AUP)
More informationTerms and conditions of use
Terms and conditions of use 1. Introduction 1.1 These terms and conditions govern your use of our website. 1.2 By using our website, you accept these terms and conditions in full; accordingly, if you disagree
More informationFostering Incident Response and Digital Forensics Research
Fostering Incident Response and Digital Forensics Research Bruce J. Nikkel bruce.nikkel@ubs.com September 8, 2014 Abstract This article highlights different incident response topics with a focus on digital
More informationAcceptable Use and Publishing Policy
1. Purpose This Policy outlines the principles, guidelines and requirements of acceptable use of and publishing to ecreators Pty Ltd (ecreators) hosting products and services. The purpose of this Policy
More informationCyber and Data Security. Proposal form
Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which
More informationClose the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle
Close the security gap with a unified approach Detect, block and remediate risks faster with end-to-end visibility of the security cycle Events are not correlated. Tools are not integrated. Teams are not
More informationInstitute of Internal Auditors Cyber Security. Birmingham Event 15 th May 2014 Jason Alexander
Institute of Internal Auditors Cyber Security Birmingham Event 15 th May 2014 Jason Alexander Introduction Boards growing concern with Cyber Risk Cyber risk is not new, but incidents have increased in
More informationCyber liability threats, trends and pointers for the future
Cyber liability threats, trends and pointers for the future Tim Smith Partner, BLM t: 020 7865 3313 e: tim.smith@blm-law.com February 2013 Cyber liability threats, trends and pointers for the future The
More informationHow To Cover A Data Breach In The European Market
SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to
More informationPolicy No: 2-B8. Originally Released: 2001. Date for Review: 2016
Topic: Information and Communication Technology use by Students Policy No: 2-B8 Policy Area: Standing Committee: Education Religious Education and Curriculum Committee Originally Released: 2001 Date for
More informationCyber Essentials Scheme
Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these
More informationCloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost
y Cloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost An Osterman Research White Paper Published January 2009 SPONSORED BY onsored by Phone: +1 877-21-TREND www.trendmicro.com/go/smartprotection
More informationFINAL // FOR OFFICIAL USE ONLY. William Noonan
FINAL // FOR OFFICIAL USE ONLY William Noonan Deputy Special Agent in Charge United States Secret Service Criminal Investigative Division Cyber Operations Branch Prepared Testimony Before the United States
More informationLegal Framework to Combat Cyber Crimes in the Region: Qatar as a Model. Judge Dr. Ehab Elsonbaty Cyber Crime expert ehabelsonbaty@hotmail.
Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model Judge Dr. Ehab Elsonbaty Cyber Crime expert ehabelsonbaty@hotmail.com Why should we care about CYBER CRIME & CYBER SECURITY? Clarification
More informationComputer Scene Technical Ltd ("We") are committed to providing the best service and protecting & respecting all our customers.
Computer Scene Technical Ltd ("We") are committed to providing the best service and protecting & respecting all our customers. INFORMATION ABOUT US Our site is operated by Computer Scene Technical Ltd
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report
ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012 Co-Chair s Summary Report 1. Pursuant to the 18 th ASEAN Regional Forum (ARF) Ministerial meeting in Bali,
More informationCyber Security Issues - Brief Business Report
Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete
More informationUnit 3 Cyber security
2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:
More informationWHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
More informationAcceptable Usage Policy
Contents 1. INTRODUCTION... 2 2. PURPOSE... 2 3. APPLICATION... 2 4. YOUR OBLIGATIONS AND PROHIBITED USE... 2 5. SPAM... 3 6. EXCESSIVE USE... 3 7. SECURITY... 4 8. COPYRIGHT... 4 9. CONTENT... 4 10. REGULARTORY
More informationOnline International Interdisciplinary Research Journal, {Bi-Monthly}, ISSN2249-9598, Volume-III, Issue-IV, July-Aug 2013
Need to understand Cyber Crime s Impact over national Security in India: A case study P.R. Patil and D.V. Bhosale Dept. of Defence & Strategic Studies, Tuljaram Chaturchand College, Baramati, Dist- Pune,
More information