Beruflich Dokumente
Kultur Dokumente
Systems
Unit Outline
IS Security
Related terminology(Virus,Threat,Counter measures)
System Vulnerability & Abuse
Business Value of Security & Control
Threat of project Failure
Threat of Computer Crime
Methods of Minimizing Risks
IS Audit& Control
Ensuring system Quality
Computer crime
Computer crime is an act performed by a
knowledgeable computer user, sometimes
referred to as a hacker that illegally browses
or steals a company's or individual's private
information. In some cases, this person or
group of individuals may be malicious and
destroy or otherwise corrupt the computer or
data files.
Computer crime Examples
HBO: In April of 1986, an HBO channel was
taken over by an intruder known as Captain
Midnight, who overpowered the HBO uplink
transmitter signal with a stronger signal, and
sent out his own messages to eight million
viewers.
Friday the 13th: A student at Hebrew
University in Jerusalem discovered that
thousands of university computers were
infected with a virus. The virus slowed down
processing on certain Fridays the 13th and
was scheduled to erase the hard disks of many
computers on May 13, 1988
Governments and intelligence agencies worry that
digital attacks against vital infrastructure -- like banking
systems or power grids -- will give attackers a way of
bypassing a country's traditional defences.
Unlike standard military attacks, a cyberattack can be
launched instantaneously from any distance, with little
obvious evidence in the build-up. And it is often
extremely hard to trace such an attack back to its
originators. Modern economies, underpinned by
computer networks that run everything from sanitation
to food distribution and communications, are
particularly vulnerable to such attacks.
What is Computer Security?
Computer security is designed to protect your
computer and everything associated with it --- the
building, the workstations and printers, cabling, and
disks and other storage media. Most importantly,
computer security protects the information stored in
your system.
Computer security is not only designed to protect
against outside intruders who break into systems, but
also dangers arising from sharing a password with a
friend, failing to back up a disk, spilling a soda on a
keyboard.
There are three distinct aspects of security: secrecy,
accuracy, and availability.
Having said this, we should emphasize that
Information Security or Cybersecurity is more up-
to-date terminology, since rarely are we concerned
with the protection of a single computer system.
Threats to Security:
There are three key words that come up in discussions of computer
security:
vulnerabilities,
threats, and
countermeasures.
Loss of revenue
Failed computer systems can lead to significant or total loss
of business function
Lowered market value:
Information assets can have tremendous value
A security breach may cut into firms market value almost
immediately
Legal liability
Lowered employee productivity
Higher operational costs
Legal and regulatory requirements for electronic
records management
Firms face new legal obligations for the retention and
storage of electronic records as well as for privacy
protection
HIPAA: Medical security and privacy rules and
procedures
Gramm-Leach-Bliley Act: Requires financial
institutions to ensure the security and confidentiality of
customer data
Sarbanes-Oxley Act: Imposes responsibility on
companies and their management to safeguard the
accuracy and integrity of financial information that is
used internally and released externally
Business Value of Security and Control:
Electronic evidence
Evidence for white collar crimes often found in digital form
Data stored on computer devices, e-mail, instant messages,
e-commerce transactions
Proper control of data can save time, money when responding to
legal discovery request
Computer forensics:
Scientific collection, examination, authentication, preservation,
and analysis of data from computer storage media for use as
evidence in court of law
Includes recovery of ambient and hidden data
Information systems controls
General controls
Govern design, security, and use of computer programs and
data throughout organizations IT infrastructure .