CH 11 - PSSI

2e
Chapter 11
Cyber Crime
and IT
Security
Information Technology for Managers

George W. Reynolds
Strayer University
Copyright ©2016 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible
website, in whole or in part.
Learning Objectives
• What key trade-offs and ethical issues are
associated with the safeguarding of data and
information systems?
• What are the key elements of a multilayer process
for managing security vulnerabilities based on the
concept of reasonable assurance?
2
Why Managers Must Understand IT
Security
3
Dilemmas Faced by Business
Managers Regarding IT Security
• Amount to be spent to safeguard against computer
crime
• Handling difficulties caused by lost sales and
increased costs due to recommended security
safeguards
• Actions to be taken if a firm is a victim of a
computer crime
Copyright ©2016 Cengage Learning. AllInformation Technology

Rights Reserved. forscanned,
May not be Managerscopied or duplicated, or posted to a publicly accessible
4
Reasons for Prevalence of Computer
Incidents
• Increasing complexity of computer environments
• Higher computer user expectations
• New risks introduced by expanding and changing
systems
• Bring your own device (BYOD)
– Policy that permits employees to use their mobile
devices to access company computing resources
and applications
5
Reasons for Prevalence of Computer
Incidents (continued)
• Relying on software with known vulnerabilities
– Exploit: Attack on an information system that takes
advantage of a particular system vulnerability
– Users hold the responsibility to install fixes to
eliminate the problem
• Increasing sophistication of perpetrators of
computer crime
6
Table 11.3 - Classifying Perpetrators of
Computer Crime
7
Types of Exploits - Virus
• Programming code that is disguised as something
else
– Causes a computer to behave in an unexpected and
undesirable manner
• Spreads to other machines when a computer user:
– Opens an infected email attachment
– Downloads an infected program
– Visits infected Web sites
• Macro virus - Uses programs created with macro
language to infect documents and templates
8
Types of Exploits - Worm
• Resides in a computer’s active memory and
duplicates itself
– Capable of spreading without human intervention
• Negative impact
– Lost data and programs
– Lost productivity due to workers being unable to use
their computers or due to attempt to recover data
and programs
– High costs of repair and restoration
9
Types of Exploits - Trojan Horse
• Programs with malicious code hidden inside a
seemingly harmless program
– May be designed to:
• Destroy hard drives, corrupt files, and remotely control
the computer
• Launch attacks against other computers
• Steal passwords or Social Security numbers
• Spy on users
• Logic bomb: Executes when it is triggered by a
specific event
10
Types of Exploits - Spam
• Exploits email systems to send unsolicited email to
large numbers of people
– Inexpensive method of marketing used by legitimate
organizations
• Used to deliver harmful worms and other malware
• Controlling the Assault of Non-Solicited
Pornography and Marketing (CANSPAM) Act
– States that it is legal to spam, provided:
• Spammers do not disguise their identity
• Emails are labelled specifically
11
Types of Exploits - Spam (continued)
• Recipients are able to unsubscribe to future mails
• CAPTCHA is used to ensure that free email
accounts are obtained only by humans
– CAPTCHA (Completely Automated Public Turing
Test to Tell Computers and Humans Apart)
• Generates and grades tests that humans can pass but
simple computer programs cannot
12
Types of Exploits - Distributed Denial-
of-Service (DDoS) Attack
• Malicious hacker takes over computers via the
Internet
– Causes them to flood a target site with demands for
data and other small tasks
• Keeps the target busy in order to keep away legitimate
users
• Accomplished by using botnet computers
– Botnet (zombies): Large groups of computers
controlled by hackers from remote locations without
the consent of their owners
• Used to distribute spam and malicious code
13
Types of Exploits - Rootkit
• Set of programs that enables its user to gain
administrator-level access to a computer without
the end user’s consent or knowledge
– Used to execute files, access logs, monitor user
activity, and change the computer’s configuration
• One part of a blended threat which includes a
dropper and a loader
• Difficult to determine its presence in a computer
14
Types of Exploits - Phishing, Smishing,
and Vishing
• Phishing: Fraudulently using email to get a
recipient to reveal personal data
– Spear-phishing: Phisher sends fraudulent emails to
a certain organization’s employees
• Smishing: Uses Short Message Service (SMS)
– Hacker uses the victims’ personal information to
steal money from bank accounts, charge purchases
on their credit cards, or open new accounts
– Known as SMS phishing and SMiShing
• Vishing: Uses voice mail message
15
Types of Exploits - Advanced
Persistent Threat (APT)
• Intruder gains access to a network
– Stays there with the intention of stealing data over a
long period of time
• Phases
– Reconnaissance
– Incursion
– Discovery
– Capture
– Export
16
Types of Exploits - Identity Theft
• Occurs when someone steals an individual’s
personal information and uses it without his/her
permission
– Used to commit frauds or crimes or is sold on the
black market
• Data breach: Unintended release of sensitive data
or the access of sensitive data by unauthorized
individuals
• E-commerce Web sites use encryption technology
to protect consumer information
17
Types of Exploits - Cyberespionage
• Deployment of malware that secretly steals high-
value data in the computer systems of
organizations
– High-value data includes:
• Sales, marketing, and new product development
plans, schedules, and budgets
• Details about product designs and innovative
processes
• Employee personal information and customer and
client data
• Sensitive information about partners and partner
agreements
18
Types of Exploits - Cyberterrorism
• Intimidation of a government or a civilian population
by using information technology to disable critical
national infrastructure
– Done to achieve political, religious, or ideological
goals
• Department of Homeland Security (DHS)
– Federal agency which aims to protect the U.S. from
terrorism and other potential threats
19
Types of Exploits - Cyberterrorism
(continued)
– Office of Cybersecurity and Communications
• Works to prevent or minimize disruptions to critical
information infrastructure
• United States Computer Emergency Readiness
Team (US-CERT)
– Handles security incidents and provides information
regarding computer security topics
20
Table 11.5 - Federal Laws That
Address Computer Crime
21
Table 11.5 - Federal Laws That
Address Computer Crime (continued)
22
Implementing Trustworthy Computing
23
Trustworthy Computing
• Delivers secure, private, and reliable computing
experiences based on sound business practices
• A strong security system:
– Assesses the possible threats to the organization’s
computers and network
– Identifies actions that address serious vulnerabilities
– Educates end users about the risks involved and the
actions to be taken to prevent a security incident
24
Trustworthy Computing (continued)
• Policies and procedures must be implemented to:
– Help prevent security breaches
– Effectively employ available hardware and software
tools
• In case of an intrusion, there must be a clear
reaction plan that addresses:
– Notification and evidence protection
– Activity log maintenance
– Containment and eradication
– Recovery
25
Risk Assessment
• Goal - To identify the best investments of time and
resources that will protect the organization from its
threats
• Asset - Any hardware, software, information
system, network, or database used by the
organization to achieve its objectives
• Loss event - Any occurrence that has a negative
impact on an asset
26
Steps in a Risk Assessment Process
27
Steps in a Risk Assessment Process
(continued)
28
Establishing a Security Policy
• A good security policy describes responsibilities
and the behavior expected of members of the
organization
– Automated system rules should mirror an
organization’s written policies
– Companies are including special security
requirements for mobile devices
29
Educating Employees and Contract
Workers
• Users must help protect an organization’s
information systems and data by:
– Password protecting their accounts
– Prohibiting others from using their passwords
– Applying strict access controls to protect data from
disclosure or destruction
– Reporting unusual activity
– Ensuring that portable computing and data storage
devices are protected
30
Preventive Measures
• Firewall: Limits network access based on the
organization’s access policy
– Stands guard between an organization’s internal
network and the Internet
– Established through the use of software, hardware,
or both
• Intrusion detection system (IDS): Monitors
system and network resources and activities
– Notifies network security personnel when it detects
network traffic that attempts to avoid the security
measures
31
Preventive Measures (continued 1)
– Approaches of intrusion detection systems
• Knowledge-based
• Behavior-based
• Antivirus software: Regularly scans memory and
disk drives of computers for viruses
– Looks for virus signatures
• Virus signatures: Sequences of bytes that indicate
the presence of a specific virus
– Should be regularly updated
32
Preventive Measures (continued 2)
• Implement safeguards against attacks by malicious
insiders
• Address critical Internet security threats
• Conduct periodical IT security audits
– Security audits: Evaluate whether organizations
have well-considered security policies in place and if
they are being followed
33
Response Plan
• Goal - To regain control and limit damage
• Define the people to be notified in the event of a
computer security incident
• Document all details of the incident
– Establish document handling procedures
• Define the process for containing the incident
• Conduct eradication efforts
• Follow-up
– Prepare a formal incident report and estimate the
monetary damage
34
Computer Forensics
• Identifies, collects, examines, and preserves data
from computer systems, networks, and storage
devices
– Preserves the integrity of the data gathered so that it
is admissible as evidence in a court of law
– Combines elements of law and computer science
• Investigation may be opened in response to a
criminal investigation or civil litigation
35
Summary
• Trade-offs associated with the safeguarding of data
and information systems
– Amount to be spent to safeguard against computer
crime
– Handling difficulties caused by lost sales and
increased costs due to recommended security
safeguards
– Actions to be taken if a firm is a victim of a computer
crime
36
Summary (continued)
• Elements of a process for managing security
vulnerabilities based on the concept of reasonable
assurance
– Risk assessment
– Establishing a security policy
– Educating end users
– Prevention
– Detection and response
37

CH 11 - PSSI

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

CH 11 - PSSI

Hochgeladen von

Copyright:

Verfügbare Formate

2e

Information Technology for Managers

Copyright ©2016 Cengage Learning. AllInformation Technology

Das könnte Ihnen auch gefallen