140 likes | 265 Views
Chapter 9 Enhancing Information/Computer Security. Valuable Proprietary Information. Specific threats to security of proprietary information include: Employees. Nondisclosure agreements. Noncompete agreements. Secrecy agreements.
E N D
Valuable Proprietary Information • Specific threats to security of proprietary information include: • Employees. • Nondisclosure agreements. • Noncompete agreements. • Secrecy agreements. • Discarded information--in most states, garbage in dumpsters can be legally searched. • Unsecured telecommunication. • Acoustical surveillance.
Telecommunication Security • Telecommunication security includes information communicated by: • Voice, fax and computer. • Using wirelines, microwave links, satellite systems and fiberoptic lines.
Computer Crime Defined • Computer crime includes accessing a computer’s database without authorization or exceeding authorization for the purpose of sabotage or fraud. • It includes theft or destruction of software and hardware as well.
Seriousness of Computer Crime • Computer crimes cost hundreds of millions of dollars annually. • In fact, computer crime or failure might destroy a business.
Threats to Computer Centers • The greatest security threats to computer centers are: • Theft by fraud or embezzlement. • Hackers. • Sabotage. • Employee carelessness or error. • Fire.
Computer Crime Legislation • Most common offenses: • Access to defraud. • Access to obtain money. • Computer fraud. • Offenses against computer users. • Offenses against intellectual property. • Offenses against computer equipment and supplies. • Unauthorized access. • Unauthorized or unlawful computer use.
Electronic Communications Privacy Act of 1986 • The Act makes it illegal to intentionally access, without authorization, a facility providing electronic communication services, or to intentionally exceed the authorization of access to such a facility.
Reducing Computer Crime Loss • Security measures for computer systems include: • Logical controls. • Physical access controls. • Administrative controls. • Protecting against fire. • Maintaining a backup system.
Investigating Computer Crime • Factors to consider in investigating computer crime include: • Investigator’s knowledge and whether outside expertise is required. • Likelihood of victim or an employee being involved. • The difficulty in detecting such crimes.
The Computer Criminal • The typical computer “criminal” is: • a young, middle-class technical person. • highly educated. • with no prior criminal record. • employed by the firm reporting the crime.
Prosecuting Perpetrators of Computer Crime • The chance of a computer criminal being caught and going to jail is approximately one in twenty-seven thousand.
Summary Questions • How can valuable proprietary information be obtained by competitors or criminals? • Can trash be legally searched by others? • What does telecommunications security involve? • What constitutes computer crime? • How serious is computer crime? • What are the greatest threats to computer centers?
Summary Questions • What legislation pertains to computer crime? • What security measures can be taken to reduce losses from computer crime? • What factors should be considered when investigating a computer crime? • Who is the typical computer criminal? • What is the probability of computer crime detection and the risk of prosecution?