Beruflich Dokumente
Kultur Dokumente
11
Computer Crime and Information
Technology Security
高立翰
OUTLINE
Carter’s taxonomy
IT controls
COBIT
Learning objectives
1. Explain Carter’s taxonomy of computer
crime.
2. Identify and describe business risks and
threats to information systems.
3. Discuss ways to prevent and detect
computer crime.
4. Explain the main components of the CoBIT
framework and their implications for IT
security.
Instrumentality
Uses computer to further criminal end
Example: Phishing
Incidental
Computer not required, but related to crime
Example: Extortion
Associated
New versions of old crimes
Example: Cash larceny
Information manipulation
Malicious software
Denial-of-service attacks
Web site defacements
Extortion
Technical controls
Biometric access controls,
Administrative
malware protection controls
Administrative controls
Password rotation policy,
password rules, overall IT
security strategy
AIS - Ch. 11 (http://ppt.cc/mJFq) 9
What is CoBIT?
Control Objectives for Information and Related
Technology
From Information Systems Audit and Control
Association (ISACA)
It’s a framework for IT governance and
management
Two main parts:
Principles
• Five ideas that form the foundation of strong IT governance
and management
Enablers
• Seven tools that match the capabilities of IT tools with users’
needs
1. Meeting
stakeholder
needs
5. Separating 2. Covering
governance the
from enterprise
management end-to-end
CoBIT 5
principles
3. Applying
4. Enabling a
a single
holistic
integrated
approach
framework