1 / 17

Chapter 11

Chapter 11. Computer Crime and Information Technology Security. Outline. Expected outcomes Computer crime Risks and threats Computer criminals Internal control issues CoBIT framework. Expected outcomes. Explain Carter’s taxonomy of computer crime.

elke
Télécharger la présentation

Chapter 11

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 11 Computer Crime and Information Technology Security

  2. Outline • Expected outcomes • Computer crime • Risks and threats • Computer criminals • Internal control issues • CoBIT framework

  3. Expected outcomes • Explain Carter’s taxonomy of computer crime. • Identify and describe business risks and threats to information systems. • Name & describe common types of computer criminals. • Discuss ways to prevent & detect computer crime. • Explain CoBIT’s information criteria & accountability framework. • Explain how CoBIT can be used to strengthen internal controls against computer crime.

  4. Computer crime • Carter’s taxonomy • Target Targets the system or its data • Instrumentality Uses computer to further a criminal end; i.e., to commit the crime • Incidental Computer not required, but related to crime • Associated New versions of old crimes • A single crime can fit more than one category.

  5. Risks and threats • Fraud • Error • Service interruption and delays • Disclosure of confidential information • Intrusions • Information theft • Information manipulation • Malicious software • Denial-of-service attacks • Web site defacements • Extortion

  6. Computer criminals • Script kiddies • Hackers • Cyber-criminals • Organized crime • Corporate spies • Terrorists • Insiders • Lecture break 11-1 • Divide the class into seven groups. • Assume the “identity” of one type of computer criminal. • Suggest how your “type” might enact one or two of the risks / threats from the previous slide.

  7. Internal control issues • C-I-A- triad With respect to information systems, organizations need to protect: • Confidentiality • Integrity • Availability Confidentiality Integrity Availability

  8. Internal control issues • Physical controls • Protect the physical aspects of information systems • Examples • Locked doors • Security personnel • Alarm systems

  9. Internal control issues • Technical controls • Protect electronic aspects of information system • Examples • Firewalls • Data encryption • Anti-virus software

  10. Internal control issues • Administrative controls • Policies that may relate to either physical and / or electronic aspects of the system • Examples • Password strength and rotation policies • Adequate supervision • Procedures manuals

  11. Internal control issues • Lecture break 11-2 • Consider the work you completed in Lecture break 11-1. • Suggest one helpful internal control in each category: • Physical • Technical • Administrative

  12. CoBIT framework • Developed by Information Systems Audit and Control Association (www.isaca.org) • Control Objectives for Information and Related Technology • Comprehensive framework for addressing the totality of an organization’s IT

  13. CoBIT framework • Components • Domains of knowledge: tasks to complete • Plan and organize • Acquire and implement • Deliver and support • Monitor and evaluate • Notice the connection with the systems development life cycle • Points of view: issues to consider in each domain • Business objectives: how does each domain relate to the entity’s overall goals? • Information technology resources: what IT resources are needed within each domain? • Information technology processes: how should those resources be managed?

  14. CoBIT framework • Components • Information criteria: what characteristics should the information have to make it most useful? • Effectiveness • Efficiency • Confidentiality • Integrity • Availability • Compliance • Reliability Notice the relationship between the information criteria, the CIA triad and the qualitative characteristics in the FASB conceptual framework.

  15. CoBIT framework • Components • Accountability framework: what reporting relationships does an organization need to ensure everything else is working?

  16. Classroom assessment • This chapter has focused on: • Carter’s taxonomy of computer crime • Risks and threats to information systems • Computer criminals • Internal control issues • CoBIT framework • Which of those areas do you understand best? Prepare a short written summary of it. • Which do you understand least? Jot down two questions you have about it.

More Related