Upload File

sppt chap011

12
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior w of McGraw-Hill Education. Chapter 11 Computer Crime and Information Technology Security

Upload: awais-ahmed

Post on 11-Apr-2017

17 views

Category:

Internet


0 download

Report

TRANSCRIPT

Page 1: Sppt chap011

Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Chapter 11

Computer Crime and Information Technology Security

Page 2: Sppt chap011

11-2

Outline

• Learning objectives

• Carter’s taxonomy

• Risks and threats

• IT controls

• COBIT

Page 3: Sppt chap011

11-3

Learning objectives

1. Explain Carter’s taxonomy of computer crime.

2. Identify and describe business risks and threats to information systems.

3. Discuss ways to prevent and detect computer crime.

4. Explain the main components of the CoBIT framework and their implications for IT security.

Page 4: Sppt chap011

11-4

Carter’s taxonomy

• Target– Targets system or its data– Example: DOS attack

• Instrumentality– Uses computer to further

criminal end– Example: Phishing

• Four-part system for

classifying computer

crime

• A specific crime may fit

more than one

classification

• The taxonomy provides

a useful framework for

discussing computer

crime in all types of

organizations.

Page 5: Sppt chap011

11-5

Carter’s taxonomy

• Incidental– Computer not required,

but related to crime– Example: Extortion

• Associated– New versions of old

crimes– Example: Cash larceny

• Four-part system for

classifying computer

crime

• A specific crime may fit

more than one

classification

• The taxonomy provides

a useful framework for

discussing computer

crime in all types of

organizations.

Page 6: Sppt chap011

11-6

Risks and threats

• Fraud

• Service interruption and delays

• Disclosure of confidential information

• Intrusions

• Malicious software

• Denial-of-service attacksPlease consult the

chapter for the full

list.

Page 7: Sppt chap011

11-7

IT controls

Confidentiality

Data integrity Availability

C-I-A triad

Page 8: Sppt chap011

11-8

IT controls

• Physical controlsGuards, locks, fire suppression systems

• Technical controlsBiometric access controls, malware protection

• Administrative controlsPassword rotation policy, password rules, overall IT security strategy

Page 9: Sppt chap011

11-9

COBIT• Two main parts

– PrinciplesFive ideas that form the foundation of strong IT governance and management

– EnablersSeven tools that match the capabilities of IT tools with users’ needs

• Control Objectives for

Information and

Related Technology

• Information Systems

Audit and Control

Association (ISACA)

• Framework for IT

governance and

management

Page 10: Sppt chap011

11-10

COBIT

Page 11: Sppt chap011

11-11

COBIT

Page 12: Sppt chap011

11-12


Chap011 Fiscal Policy

Chap011 cb

Chap011 BUS137

Basic chap011

MGMT449 chap011

Sppt 032015

Sppt 120514

Chap011 Dess

Chap011 Inventory Management

Chap011 decision making_editing

Sppt 082214

Sppt 012315

Chap011 Instructors

chap011 StandardCosting (1)

Sppt 112114

Chap011 Labor Economics

Sppt 121214

Chap011 jpm-f2011

Marketing Services - Chap011.ppt

Sppt 060515

Sppt 013015

Chap011 MIS

Chap011 lecture

Chap011 Std

Chap011 - Inventory Management

Chap011 (01)

Sppt 103114

Chap011 7e Edited

Chap011 imc

Strategic Management Chap011

Sppt 021315

Marketing Services - Chap011

Sppt 052215

Business Research Methods Chap011

Sppt 102414