Computer Crime & Abuse: What s the Difference? Computer Crime. Federal Legislation Affecting the Use of Computers. Legislation



Similar documents
COB 302 Management Information System (Lesson 8)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

BOARD OF EDUCATION POLICY

CHAPTER 10: COMPUTER SECURITY AND RISKS

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Cracking and Computer Security

Certified Cyber Security Analyst VS-1160

Information Technology Cyber Security Policy

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

Penetration Testing Service. By Comsec Information Security Consulting

Chapter 12 Objectives. Chapter 12 Computers and Society: Security and Privacy

Information Technology Acceptable Use Policy

Desktop and Laptop Security Policy

Computer Use Policy Approved by the Ohio Wesleyan University Faculty: March 24, 2014

Data Security Incident Response Plan. [Insert Organization Name]

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

COMPUTER TECHNOLOGY ACCEPTABLE USE & INTERNET SAFETY

How To Monitor The Internet In Idaho

Network Security and the Small Business

RIVERVIEW SCHOOL DISTRICT

Data Management Policies. Sage ERP Online

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

ELECTRONIC INFORMATION SECURITY A.R.

HOSTING SERVICES ADDENDUM TO MASTER SOFTWARE LICENCE AGREEMENT

User Documentation Web Traffic Security. University of Stavanger

Cis1 Chapter 15 Computer Crime and Ethics

Summary of the Dutch Data Protection Authority s guidelines for the Data Breach Notification Act

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

Hackers: Detection and Prevention

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Cybercrime in Canadian Criminal Law

Chapter 11 Computers and Society, Security, Privacy, and Ethics

HIPAA Security COMPLIANCE Checklist For Employers

COMPUTER-INTERNET SECURITY. How am I vulnerable?

Information Security

EXIN Information Security Foundation based on ISO/IEC Sample Exam

Viruses, Worms, and Trojan Horses

E-BUSINESS THREATS AND SOLUTIONS

Standard: Information Security Incident Management

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Forrestville Valley School District #221

Introduction to Computer Security


Don t Fall Victim to Cybercrime:

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

13. Acceptable Use Policy

region16.net Acceptable Use Policy ( AUP )

Computers and Society: Security and Privacy

Boston University Security Awareness. What you need to know to keep information safe and secure

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Technology Department 1350 Main Street Cambria, CA 93428

Acceptable Usage Policy

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model. Judge Dr. Ehab Elsonbaty Cyber Crime expert ehabelsonbaty@hotmail.

CYBER-SAFETY BASICS. A computer security tutorial for UC Davis students, faculty and staff

INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS

Cyber Risks and Insurance Solutions Malaysia, November 2013

Part I: Ethics. Moral guidelines that govern use of computers and information systems. Unauthorized use of computer systems

Acceptable Use of Computing and Information Technology Resources

COMPUTER, NETWORK AND INTERNET USE POLICY

Bates Technical College. Information Technology Acceptable Use Policy

Policy for the Acceptable Use of Information Technology Resources

Information Resources Security Guidelines

Acceptable Use Policy ("AUP")

Cyber Security Awareness

A Guide to Information Technology Security in Trinity College Dublin

Responsible Access and Use of Information Technology Resources and Services Policy

Network and Workstation Acceptable Use Policy

Enterprise PrivaProtector 9.0

Cyber Security Awareness

Delaware State University Policy

5. PRIVACY MFC shall take all reasonable steps to protect the personal information of Users. See our privacy policy below for more information.

Online Cash Manager Security Guide

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

POLICY Adopted by Board of Education: 4/20/05

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

ICASAS505A Review and update disaster recovery and contingency plans

Cybersecurity Awareness. Part 1

Transcription:

Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff Chapter 3 Computer Crime, Ethics, and Privacy Developed by: S. Bhattacharya, Ph.D. Florida Atlantic University Introduction Computer Crime and Computer Abuse: An Overview Examples of Computer Crime Cases Thwarting Computer Crime and Abuse Computers and Ethical Behavior Computers and Privacy Issues John Wiley & Sons, Inc. Computer Crime Computer Crime & Abuse: What s the Difference? Computer crime using the computer in a criminal act either directly or indirectly Definition of computer crime is important it affects how the statistics are accumulated. It is speculated relatively small proportion of computer crime gets detected and an even smaller proportion gets reported. Computer crime manipulation of a computer or computer data, by whatever method, to dishonestly obtain money, property or some other advantage of a value or to cause a loss. Computer abuse the unauthorized use of, or access to, a computer for purposes contrary to the wishes of the owner of the computer. Federal Legislation Affecting the Use of Computers Legislation Fair Credit Reporting Act of 1970 Freedom of Information Act of 1970 Federal Privacy Act of 1974 Small Business Computer Security and Education Act of 1984 Computer Fraud and Abuse Act of 1986 Computer Fraud and Abuse Act (1996 amendment) Computer Security Act of 1987 USA Patriot Act of 2001 Cyber Security Enhancement Act of 2002 CAN-SPAM Act of 2003 The Computer Fraud and Abuse Act of 1986 was perhaps the most important Federal legislation. Not be powerful enough to prosecute computer abuses of the 21 st century such as types of Internet and telecommunications frauds. 1

Current initiatives Privacy Patriot Act renewal Internet Safety and Child Protection Act Internet Police Protection Act Anti-phishing Act Gramm-Leach Bliley Act of 1999 Credit card industry initiatives Fair and Accurate Credit Transactions Act of 2003 Kinds of Computer Crime Computer Fraud Use of or the conspiracy to use computer resources to commit a felony Unauthorized theft, use, access modification, copying, or destruction of software or data Theft of money by altering computer records or the theft of computer time Theft, vandalism or destruction of computer hardware Intent to illegally obtain information or tangible property through the use of computers Trafficking in passwords or other login information for accessing a computer Extortion that uses a computer system as a target Computer fraud is any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution. Economic espionage, the theft of information and intellectual property, is one type of computer fraud. The Lack of Computer-Crime Statistics The Growth of Computer Crime Good statistics on computer crime are mostly unavailable. Three reasons why statistics are unavailable are : (1) private companies handle abuse internally (2) surveys of computer abuse are often ambiguous (3) most computer abuse is probably not discovered. Computer crime is growing because of Exponential growth in computer resources Internet pages give step-by-step instructions on how to perpetrate computer crime Spending on computer controls has grown at a slow rate 2

Three Representative Computer Crimes Cases The TRW Credit Data Case Compromising Valuable Information: The TRW Credit Data Case Computer Hacking: The Kevin D. Mitnick Case Denial of service: The 2003 Internet Crash Through computer viruses Through computer worms This valuable information computer crime is well known. The valuable information was computerized credit data. Two key issues: the propriety of the input information the protection afforded both consumer and user in the accuracy and use of credit information The Kevin D. Mitnick Case Robert T. Morris and the Internet Virus Hackers are people who break into the computer files of others for fun or personal gain. Shoulder surfing is stealing calling credit numbers at public phones. Password controls can limit computer access to bona fide users. Social engineering is posing as bona fide employees. Lock-out systems disconnect telephone users after a set number of unsuccessful login attempts. Dial-back systems first disconnect all login users, but reconnect legitimate users after checking their passwords against lists of bona fide user codes. Created one of the world s most famous compute viruses. Became first person to be indicted under the Computer Fraud and Abuse Act of 1986. This case illustrates vulnerability of networks to virus infections. Computer Viruses Robert T. Morris and the Internet Virus Case A computer virus is a program that disrupts normal data processing and that can usually replicate itself onto other files, computer systems or networks. Boot-sector viruses hide in the boot sectors of a disk, where the operating system accesses them. Worm viruses replicate themselves until the user runs out of memory or disk space. Trojan Horse programs reside in legitimate copies of computer programs. Logic Bomb programs remain dormant until the computer system encounters a specific condition. A virus may be stored in an applet, which is a small program stored on a WWW server. 3

Methods for Thwarting Computer Viruses: Anti-Virus Software Anti-virus software includes computer programs that can: scan computer disks for virus-like coding; identify active viruses already lodged in computer systems; cleanse computer systems already infected; perform a combination of these activities. Drawbacks of Anti-Virus Software Programs Anti-virus programs provide less-thancomplete protection because new, more powerful viruses are always being written that can avoid known detection schemes. anti-virus programs can contain virus routines. Anti-Virus Procedural Controls Buy shrink-wrapped software from reputable sources Avoid illegal software copying Do not download suspicious Internet files Do not open email messages from from unknown sources -Delete them Maintain complete backup files Keep email, office and operating systems updated Organizational Safeguards Against Computer Viruses Educate employees about viruses. Encourage employees to follow virus prevention and detection techniques. Establish policies that discourage the free exchange of computer disks or externally acquired computer programs. Use computer passwords to thwart unauthorized users from accessing the company s operating systems and files. Use anti-virus filters on LANs and WANs. Have an approved and tested disaster recovery plan. Methods for Thwarting Computer Abuse Enlist top management support Increase employee awareness and education Conduct Security Inventory and protect passwords Implement controls Identify computer criminals Look at technical backgrounds, morals, and gender and age Methods for Thwarting Computer Abuse Recognize the symptoms of employee fraud Accounting irregularities such as forged, altered or destroyed input documents Internal control weaknesses Behavioral or lifestyle changes in an employee Unreasonable anomalies that go unchallenged Employ forensic accountants 4

Computers and Ethical Behavior Ethical Issues Ethics is a set of moral principles or values. Ethical behavior involves making choices and judgments that are morally proper and then acting accordingly. Ethics can govern and organization as well as individuals. Honesty Protecting Computer Systems Protecting Confidential Information Social Responsibility Rights of Privacy Acceptable Use of Computer Hardware and Software. How Organizations Encourage Ethical Behavior Computers and Privacy Issues Inform employees that ethics are important. Formally expose employees to relevant cases that teach how to act in specific situations. Teach by example, that is, by managers acting responsibly. Use job promotions and other benefits to reward those employees who act responsibly. Encourage employees to join professional organizations with codes of conduct such as Codes of Conduct and Good Practice for Certified Computer Professional. Company policies with respect to privacy Privacy policy Disposal of computers Online privacy seals Copyright Chapter 3 Copyright 2005 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make backup copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information