Q1:

Homework (Week 10 application) 2-3 Pages 3 references

Application: The Nature of Cybercrime

Cybercrime can cause problems at the individual, local, and national levels. For example, an
individual might have financial information stolen after using his or her credit card online. A
small town might have slanderous information posted on a community website. A nation may
experience an aggressive computer virus in government computer systems. No matter what type
of cybercrime occurs, law enforcement must investigate and enforce cybercrime laws within
their jurisdiction. Still, the global nature of cybercrime can pose challenges for law enforcement
agencies.
For this assignment, select one type of cybercrime and consider the impact of that particular
cybercrime at the national, local, and individual levels. Then think about challenges law
enforcement agencies encounter related to the global nature of cybercrime.
The assignment (2–3 pages):
Describe the type of cybercrime you selected. Explain the impact of that particular cybercrime at
the individual, local, and/or national levels. Explain how the global nature of cybercrime poses
challenges for law enforcement. Be specific and provide examples to support your response.
Sol:1

Cyber Security VL Case Study

Introduction

Implementation of internet technology in banking is good for the organization because it

reduces the cost of operation and hence enhances the profitability of the given bank. Technology
as well, makes banking easier and convenient for the customer because they would no longer
have to wait on long lines for assistance (Brenner, 2012). This saves time and other resources for
them and the bank, which can be deployed to other profitable bank activities. However,
technology can be detrimental to the organization when it is interfered with such that it
malfunctions due to “inside” personnel. In the circumstances, the bank suffers immense losses,
financially and in terms of reputation. For instance, when the existing customers file complaints
regarding funds mysteriously disappearing from their accounts, it deters potential customers
from conducting business with the bank in question. The bank is left facing legal proceedings,
which are inclined to bring it down (Brenner, 2012).
 In the case of VL Bank, things are not different because a virus, which dupes its system
to transfer money to accounts in other banks where it is siphoned from, to foreign banks where
the host system was created. Customers have been complaining that the virus transfers money in
bunch of $10,000 (Westby, 2003). The bank is facing legal action from the aggrieved customers
not to mention that my supervisor has demanded an explanation from me as the chief
information security officer. In all circumstances, this is cybercrime and as such, laws covering
cybercrime in the United States have to be applied appropriately. The systems have been hacked
by cyber thieves in Atlanta Georgia and customers have lost colossal sums of money. Below is a
report prepared to the bank management as the chief information security officer detailing how
to deal with the situation (Westby, 2003).

Acts Used in Resolving the Situation (Legal Jurisdiction)

VL and other banks, which have been affected should develop means that allow
investigators from different law enforcement agencies to pool data from local, state and federal
sources to ensure that the cyber security threat to them is averted (Bougen & O’Malley, 2009).
The digital evidence should be thoroughly assessed with respect to the scope of the case
to determine the course of action. Conduct a thorough assessment by reviewing the search
warrant or other legal authorization, case detail, nature of hardware and software, potential
evidence sought, and the circumstances surrounding the acquisition of the evidence to be
examined. If evidence is located that was not authorized in the original search authority,
determine what additional legal process may be necessary to continue the search (e.g., warrant,
amended consent form). Contact legal advisors for assistance if needed.
The attack against VL Bank was clearly illegal. This statement can be proven by looking
into two acts listed under United States law. The Computer fraud and abuse act (CFAA) was
established in 1984 and has been revised a number of times. The latest amendment was in 2008
with the Identity Theft Enforcement and Restitution Act (Ku, R. S. R., & Lipton, J., 2010).
As a consequence of the crime at VL Bank, the affected customers, employees and
shareholders of the bank could pursue a legal route and claim damages in a court of law. As the
chief security officer at VL Bank; proper legal measures must be taken to safeguard the bank's
position and to counter any lawsuits filed by affected customers. A legal team should be formed
meant to look after the bank's interest and protect it from any litigation. The issue of spear
phishing should be countered on urgent basis. It falls under the paradigm of cyber law and
misguides VL bank's potential customers. The activity can lead to severe legal consequences for
the bank and can also affect its future business operations. 
Although federal courts are located in every state, they are not the only forum available to
potential litigants. In fact, the great majority of legal disputes in American courts are addressed
in the separate state court systems. Federal courts hear cases involving bankruptcy cases. In
addition, certain categories of legal disputes may be resolved in special courts or entities that are
part of the federal executive or legislative branches, and by state and federal administrative
agencies. Federal courts also have jurisdiction over all bankruptcy matters, which Congress has
determined should be addressed in federal courts rather than the state courts. Through the
bankruptcy process, individuals or businesses that can no longer pay their creditors may either
seek a court-supervised liquidation of their assets, or they may reorganize their financial affairs
and work out a plan to pay off their debts.

Under the First Law, The actions will be taken by the attacker/s fall under the
fraudulent trespass section of the CFAA ( Ku, R. S. R., & Lipton, J., 2010). This is due to the
methods used under the attack. Wherein, the attacker/s intentionally accessed computers to gain
financial information. Then they transferred that information to a different computer and used
that information to defraud the victims, VL Bank, and the United States of over $290,000.
Under the Second Law, Cyber Security Enhancement Act, section 217, enclosed in the
Homeland Security Act is the second piece of material that clearly shows the actions taken by the
attacker/s were illegal. This section clearly defines a computer trespasser as “a person who
accesses a protected computer without authorization and thus has no reasonable expectation of
privacy in any communication transmitted to, through, or from the protected computer.”( Ku, R.
S. R., & Lipton, J., 2010)  It is clear to identify the actions of the attacker/s as trespass with this
definition. This allows a clear starting point for the investigation to begin and enables the use of
the rest of the Homeland Security Act.
Several international and supranational organizations have recognized the inherently
trans-border nature of cybercrime, the ensuing limitations of unilateral approaches and the need
for international harmonization of technical, legal and other solutions. The main actors in this
field are the Organization for Economic Cooperation and Development (OECD), the Council of
Europe, the European Union and – recently – the P8 and the Interpol. In addition, the UN, WIPO
and GATS have also played an important role. These international and supranational
organisations have significantly contributed to the harmonisation of criminal law as well as of
underlying civil and administrative law in all of the above-mentioned areas of computer-related
criminal law reform.
The local FBI office and the Department of Homeland Security will begin the process of
investigating the reported information and VL Bank employees will comply with the best of their
abilities to any of the needs of the federal agents. To further help with the investigation, the VL
Bank information security team will begin an investigation into the fraudulent activity and issue
the findings of the investigation to its lawyers, the FBI, and the Department of Homeland
Security.
The Cyber Security Enhancement Act, section 213, enclosed in the Homeland Security
Act can also be used by the FBI or Homeland Security agents to delay issuing a warrant for the
search and seizure of information or evidence related to their investigation. If this method is used
it may lead to the capture of the individual/s responsible for this fraudulent activity.
Cybercrime is not a clear-cut, stand-alone type of crime but requires inter-agency
cooperation with the Ministry of Interior, other law enforcement services, the prosecution, the
Ministry of Justice, intelligence services, incident response teams (CSIRT/CERT) and others for
information exchange, common projects, common operations, prevention measures, training and
other activities. Considering the transnational nature of cybercrimes, effective international
cooperation is a priority. In this regard having the 24/7 point of contact within the specialised
cybercrime unit provides a great advantage to the unit when handling cases that require the
preservation of data pursuant to article 29 and 30 of the Convention on Cybercrime and the
collection of evidence, the provision of legal information and location of suspects as foreseen in
article 35 of the Convention with the goal of assisting in an ongoing investigation. The use of
mutual legal assistance treaties is key to evidence 7 being transferred between jurisdictions;
however there are issues with the speed with which requests are processed. A growing number of
countries have a separate specialised unit that investigates cybercrime and carries out forensic
investigations. Such units have evolved gradually since the early 1990s. Metropolitan police unit
claims to have saved the economy more than &140m in the past six months and is on course to
exceed its four-year "harm reduction" target, the force said on Sunday. The Met said the central
e-crime unit had delivered nearly 30% of its $504m target during this period. The figure relates
to the amount of money the UK has been prevented from losing through cyber crime and follows
a number of successful prosecutions and operations.
How can the United States better coordinate security policies and international law to gain the
cooperation of other nations to better protect against a computer attack? Pursuit of hackers may
involve a trace back through networks requiring the cooperation of many Internet Service
Providers located in several different nations. Pursuit is made increasingly complex if one or
more of the nations involved has a legal policy or political ideology that conflicts with that of the
United States.
Methods for improving international cooperation in dealing with cybercrime were the
subject of a conference sponsored by the Hoover Institution, the Consortium for Research on
Information Security and Policy (CRISP) and the Center for International Security and
Cooperation (CISAC) at Stanford University in 1999. Members of government, industry, NGOs,
and academia from many nations met at Stanford to discuss the growing problem, and a clear
consensus emerged that greater international cooperation is required.
Currently, thirty-eight countries, including the United States, have signed the Council of
Europe's Convention on Cybercrime, published in November 2001. The Convention seeks to
better combat cybercrime by harmonizing national laws, improving investigative abilities, and
boosting international cooperation. Supporters argue that the Convention will enhance
deterrence, while critics counter it will have little effect without participation by countries in
which cybercriminals operate freely.
There are a number of cybercrime laws in the United States that are meant to protect
cyber activities for individuals and organizations. These laws cover various cyber crimes; for
purposes of the VL Bank case, the following laws are applicable (Wild, 2011). The cyber forgery
law, which prohibits use of computer to by anyone to delete or edit some information in the
computer network or alter the network to function in an improper manner. This would apply in
the case of VL bank because the hackers introduced foreign system (virus) to interfere with the
working of the bank system. The cyber crime and theft law contemplates that anybody who alters
computer, computer network, and or system to design a way of defrauding any institution. This
law will be very much at play in this case because the hackers devised a foreign system and
introduced it to the bank system to generate unauthorized transactions (sending money to other
accounts) (Wild, 2011).

Legal Consideration
With digital evidence, we need to consider how and on what type of media to save it and
what type of storage device is recommended to secure it. The media we use to store digital
evidence usually depends on how long we need to keep it. If we investigate criminal matters,
store the evidence as long as we can. We can also use magnetic tape to preserve evidence data.
The 4-mm DAT magnetic tapes store between 40 to 72 GB or more of data, but like CD-Rs, they
are slow at reading and writing data. If we’re using these tapes, test our data by copying the
contents from the tape back to a disk drive. Then verify that the data is good by examining it
with our computer forensics tools or doing an MD5 hash comparison of the original data set and
the newly restored data set.
However, don’t rely on one media storage method to preserve evidence, be sure to make
two copies of every image to prevent data loss. Also, if practical, use different tools to create the
two images. For example, we can use the Linux dd command to create the first image and
ProDiscover to create the second image As a good security practice, our lab should have a sign-
in roster for all visitors. Most labs use a manual log system that an authorized technician
maintains when an evidence storage container is opened and closed. These logs should be
maintained for a period based on legal requirements, including the statute of limitations, the
maximum sentence, and expiration of appeal periods. Make the logs available for management to
inspect. The evidence custody form should contain an entry for every person who handles the
evidence.
The legal considerations for the digital evidence will be officially finalized by the
lawyers and their interactions with the justice systems. Then those guidelines will be handed
down to the CISO to begin the investigation and to educate all personal involved in the
investigation about the proper techniques for evidence handling (Gupta, A. & Laliberte, S.,
2004). However, a generalized legal approach to the collection of evidence is to begin with using
the proper forms for the initial collection of evidence and the written statement acknowledging
the beginning of the investigation and the listing of a single chief investigator.
The Documentation Phase of the physical crime scene involves taking photographs,
sketches and videos of the crime scene and the physical evidence. The goal is to capture as much
information as possible so that the layout and important details of the crime scene are preserved
and recorded. For a digital incident, it is important to document and photograph the connections
on the computer and document the state of the computer. It could also be important to document
the number and size of the hard drives and the amount of memory. In some cases, the hardware
MAC address of the network cards should also be recorded so that DHCP logs can used to
identify the system activity. Serial numbers and asset tags are useful to record in this phase. To
identify what should be recorded, consider that the analysis lab may only get a copy of the hard
disk and no original physical hardware. Anything that could be of use to the analysis lab and
later reconstruction should be recorded. Note that the Documentation Phase is not the phase
where a final incident report is generated.
A forensic report highlights the evidences in the court and it also helps for gathering
more evidences and can be used in court hearings. The report must contain the investigation’s
scope. A computer forensic investigator must be aware of the type of computer forensic
reporting such as formal report, written report, verbal report and examination plan. A formal
report contains the facts from the investigation findings. A written report is like a declaration or
an affidavit which can be sworn to under oath so that it must be clear, precise and detailed. A
verbal report is less structured and is a preliminary report that addresses the areas of
investigation not covered yet. An examination plan is a structured document that helps the
investigator to understand the questions to be expected when he/she is justifying the evidences.
An examination plan also helps the attorney to understand the terms and functions which were
used in computer forensic investigation (Nelson, B., et al., 2008). Generally a computer forensic
report contains the following functions:
 Purpose of the Report
 Author of the Report
 Incident Summary
 Evidence
 Analysis
 Conclusions
 Supporting Documents
There are many forensic tools to generate the forensic investigation report such as
ProDiscover, FTK and EnCase (Nelson, B., et al., 2008).
 The Documentation Phase of the digital crime scene involves properly documenting the
digital evidence when it is found. The exact copy of the system that was acquired during the
Preservation Phase has the same role as the sketches and video of a physical crime scene. Each
piece of digital evidence that is found during the analysis of the image must be clearly
documented. This phase documents individual pieces of evidence and does not create the final
incident report. The final report of the digital analysis will be generated in the Presentation
Phase. Digital evidence can exist in many abstraction layers [Brian Carrier, 2003] and must be
documented accordingly. For example, a file can be documented using its full file name path, the
clusters in the file system that it uses, and the sectors on the disk that it uses. Network data can
be documented with the source and target addresses at various network layers. As digital
evidence can be changed and leave little trace, additional steps should be taken to later verify the
integrity. A cryptographic hash value, such as MD5 or SHA-1, should be calculated for the
evidence when it is collected so that its integrity can be proven to the courts. Chain of Custody
forms should be created in this phase if the evidence could be used in court. In practice, the
Documentation Phase is not a specific phase in a digital investigation because the digital
evidence is documented as it is found.
Computer Forensic involves collecting, analyzing, preserving and presenting digital
evidence in a legally acceptable manner. It is a complex procedure therefore it requires due
diligence at every stage of process and this brings the role of investigator. Any carelessness
intended or not can adversely affect the outcome. To counter this problem, our forensic
investigator XYZ Inc must follow the basic and specific guidelines and rules. There are
collections of these guidelines starting with the United Kingdom Association of Chief Police
Officers (ACPO)’s good practice guide for computer based electronic evidence below:
1. No action taken by low enforcement agency or their agents should
change the data held on a computer or storage media, which may subsequently be relied
upon in court.
2. In circumstances where a person finds it necessary to access
original data held on a computer that person must be competent to do so and be able to
give evidence explaining the relevance and the implication of their actions.
3. An audit trail or another record of all processes applied to
computer based electronic evidence should be created and preserved. An independent
third party should be able to examine those processes and achieve the same result.
4. The person on-charge of the investigation has overall responsibility
for ensuring that the law and these principles are adhered to.
The following areas of ethical concerns in digital forensic investigation and prosecution:
1. Ethical rules governing digital forensic investigation
2. The lawyer’s ethical obligations while working with digital forensics.
 3. Attorney-Client Privilege and confidentiality
4. Legality of digital forensic investigation techniques
5. Civil Liability arising from digital forensic investigation
The first job to be performed is to report the fraud to the audit committee chairman after
the initial reports had been received from the banks affected customers. This report also includes
the relevant laws to the deal with the situation, the relevant legal jurisdiction, which the bank can
work with and the legal considerations that the bank will consider in preparing legal evidence for
presentation to law enforcement agencies and attorneys for action (Thomas & Loader, 2000) and
also includes the law agencies that will have jurisdiction over this type of case. The local FBI
office and the Department of Homeland Security, and Interpol should be contacted due to the
nature of the crime being committed over multiple state lines and also taking place outside the
country. Interpol’s purpose is to facilitate international police cooperation abroad. The
importance of involving international agencies such as Interpol early into the investigation would
prove to be viable as the investigation widens.
The report as well addresses the issues of what coordination should take place between
the Chief Information Security Officer (CISO) and the attorney for successful legal action. I have
as well explored the effect of the cybercrime impact on the continuity of the bank and how
technology can be applied to mitigate the risks of the cybercrime in future. In the report, I have
explored the security and assurance controls to be applied to prevent such security lapses. In this
report as well, there are ways in which the controls can be aligned with the security regulatory
requirements and security standards (Thomas & Loader, 2000). These means should be
developed for the purpose of sharing information between the diverse numbers of security
agencies all over the country and abroad. These initiatives can be created to address the lack of
information sharing among agencies, an issue which is believed to play a significant role in the
increasing of the cyber security threat in and outside of the country.

Cybercrime effects
Cyber crime is a term that covers a broad scope of criminal activity using a computer.
Some common examples of cyber crime include identity theft, financial fraud, website
defacement, and cyber bullying. At an organizational level, cyber crime may involve the hacking
of customer databases and theft of intellectual property. Many users think they can protect
themselves, their accounts, and their computers with anti-spyware and anti-virus software only.
Cyber criminals are becoming more sophisticated and are targeting consumers as well as public
and private organizations. Therefore, additional layers of defense are needed.
The disruption of international financial markets could be one of the big impacts and
remains a serious concern. The modern economy spans multiple countries and time zones. Such
interdependence of the world's economic system means that a disruption in one region of the
world will have ripple effects in other regions. Hence any disruption of these systems would send
shock waves outside of the market which is the source of the problem.
Productivity is also at risk. Attacks from worms, viruses, etc take productive time away
from the user. Machines could perform more slowly; servers might be in accessible, networks
might be jammed, and so on. Such instances of attacks affect the overall productivity of the user
and the organization. It has customer service impacts as well, where the external customer sees it
as a negative aspect of the organization. In addition, user concern over potential fraud prevents a
substantial cross-section of online shoppers from transacting business. It is clear that a
considerable portion of e-commerce revenue is lost due to shopper hesitation, doubt, and worry.
These types of consumer trust issues could have serious repercussions and bear going into more
detail.
The availability of VL Bank’s business was a victim of cybercrime. The attacker/s cutoff
customers from accessing their accounts in the VL Bank system. This made VL Bank’s
resources unavailable to its customers, which in turn equates to a total loss in online business
conductivity. The availability of system resources is a key part “in maintaining operational
efficiency and effectiveness” (Gallegos, F. & Senft, S., 2009). Confidentiality of customer and
company data must be maintained to comply with good business practices and national laws. A
loss in confidentiality has a major impact on consumer confidence (Gallegos, F. & Senft, S.,
2009). There was also a major loss of valuable data during the attack on VL Bank’s system,
resulting in the disclosure of customer account information and significant monetary damages.
VL Bank will have to work hard at regaining consumer confidence by initializing marketing
campaigns and a stronger security policy.

Technology
One of the best weapons against technology crimes is technology. The IT industry is hard
at work, developing hardware and software to aid in preventing and detecting network intrusions.
Third-party security products, from biometric authentication devices to firewall software, are
available in abundance to prevent cybercriminals from invading our system or network. An
investigator might encounter encrypted data or even suspect that the existence of additional data
is being concealed using steganography.
The Internet is an increasingly dangerous place, particularly as network attacks have
evolved from a hacker’s hobby to a sophisticated and lucrative business. The main three
technologies are:
1. Firewall: Firewalls use simple rules to selectively block network and Internet
traffic. For example, if FTP sites are off limits to your institution, your firewall can be
configured to block access to the FTP port. You might also block your employees from
visiting Hotmail. Firewalls can also be configured to block everything except specified
traffic. For example, we can restrict employee access to simple web sites by blocking
 traffic in your firewall to all but ports 80 and 443 — the locations of most websites. You
can even block all websites except your own! Unfortunately, Internet attackers can easily
circumvent firewall blocking techniques. FTP servers can use a different port, and
websites can act as gateways to blocked sites without your firewall knowing. Is there a
way to verify your restrictions? Yes — it’s called Intrusion Detection.
2. Intrusion detection The second pillar of network security is Intrusion Detection
Systems (IDS). These systems look for intrusions in process such as ‘accessing a
forbidden website’ or ‘Trojan horse attempting to control a workstation.’ The IDS
records each dangerous pattern and alerts network security personnel. This approach is
highly effective in discovering illicit traffic. However, an IDS must be carefully
configured to send alerts only on dangerous traffic. A mistuned IDS often sends alerts on
perfectly normal traffic, and may miss dangerous packets because it isn’t looking for
them. Also, the IDS is unable to stop troublesome network traffic. Someone must review
the attack information and attempt to block it. This can take time, and sometimes cannot
be completed before the network sustains lasting damage. This limitation has led to the
third security device — Intrusion Prevention.
3. Intrusion prevention: Intrusion Prevention Systems (IPS) combine the firewall
and IDS technologies. IPS watches network traffic like an IDS and determines whether to
pass any given traffic like a firewall. The IPS actually assesses traffic patterns to evaluate
the type of network access and to determine whether it should be permitted. While an
IDS can only note an ongoing attack and pass the alert to an analyst, the IPS will stop the
attack by blocking traffic between the attacker and its victim. Careful configuration is
very important for the IPS. A mis-configured IDS will only send harmless alerts which
can be ignored; but a mis-configured IPS will deny legitimate traffic, giving network staff
and employees huge headaches when they become victims of mistaken digital identity.
However, when properly tuned, an IPS is an incomparable defense against network-based
attacks.
Could your bank forego firewall and IDS devices in favor of an IPS? Possibly. But
COCC finds that well-defended banks typically install all three pillars of security when they
construct their network defenses. We recommend that traffic arriving at the bank’s network first
pass through an IPS that watches for abnormal service requests and automatically denies
anything resembling an Internet-based attack. Your bank can work with its IPS vendor to
minimize disruptions of legitimate network traffic. Once past the IPS, your Internet traffic
encounters the firewall. We set these devices to deny nearly all incoming traffic except for
replies to outgoing requests and a limited selection of services such as website traffic and
incoming email. Finally, from within the bank’s network, we recommend a large network of IDS
sensors to monitor the network for anomalous traffic. This final line of defense alerts bank staff
to unusual traffic patterns and then determines whether further action is needed. Together, this
three-level security system has proven highly effective in protecting banks from network-based
threats. Beyond the three tier security system, COCC recommends tight regulation of traffic
originating inside the bank’s network. Internal firewalls and IDS machines are used to verify that
attacks are not launched from within. Outbound traffic to the Internet is similarly monitored to
prevent unauthorized network access from either the bank or the Internet networks. The Internet
is an increasingly dangerous place, particularly as network attacks have evolved from a hacker’s
hobby to a sophisticated and lucrative business. This article discusses three “pillars” of network
security and describes how to combine them into a multi-tiered security infrastructure.
IDS offer many of the same capabilities, and systems automate the intrusion Wireless,
which monitors wireless network traffic and analyzes it to identify suspicious activity involving
the wireless networking protocols detection process whereas intrusion prevention systems have
all the capabilities of an intrusion detection administrators can usually disable prevention
features in intrusion protection products, causing them to function as intrusion detection
software.
1. Organizations should ensure that all intrusion detection and provision system
components are secured appropriately because these systems are often targeted by
attackers who want to prevent them from detecting attacks or want to gain access to
sensitive information in the intrusion detection and prevention system, such as host
configurations and known vulnerabilities.
2. Organizations should consider using multiple types of intrusion detection and
prevention technologies to achieve more comprehensive and accurate detection and
prevention of malicious activity. The four primary types of intrusion detection and
prevention technologies - network-based, wireless, network behavior analysis and host-
based - each offer fundamentally different information gathering, logging, detection and
prevention capabilities.
3. Organizations planning to use multiple types of intrusion detection and prevention
technologies or multiple products of the same technology type should consider whether
or not the systems should be integrated. Direct intrusion detection and prevention system
integration most often occurs when an organization uses multiple products from a single
vendor, by having a single console that can be used to manage and monitor the multiple
products. Some products can also mutually share data, which can speed the analysis
process and help users to better prioritize threats.
4. Before evaluating intrusion detection and prevention products, organizations
should define the requirements that the products should meet. Evaluators must understand
the characteristics of the organization's system and network environments, so that a
compatible intrusion detection and prevention system can be selected that can monitor the
events of interest on the systems and/or networks.
 5. When evaluating intrusion detection and prevention products, organizations
should consider using a combination of several sources of data on the products'
characteristics and capabilities. Common product data sources include test lab or real-
world product testing, vendor-provided information, third-party product reviews and
previous experience from individuals within the organization and trusted individuals at
other organizations.
Preventing Future Attacks
Preventing future attacks will be a continuous process. he FBI National Computer Crime
Squad gives a clear list of advice that should be followed to mitigate the risk of information
intrusion (Gupta, A. & Laliberte, S., 2004):
A login-banner needs to be installed to ensure users are informed that they are being monitored
and unauthorized access is unacceptable. An audit trail needs to be initialized on all systems and
peripherals to log important system events. A key logger may be installed on the network if the
proper login-banner is displayed. This will enable the company to request trap and trace
techniques from their phone company. Caller-id should be installed to track the records of all
calls received. Maintain system backups to show file origination.
Information Systems Controls and its Alignments
The Bank should employ security model as Information system controls created by the
ISACA known as Control Objectives for Information and Related Technology (COBIT) will
help to ensure the mitigation of attacks on VL Bank.
This model certain guidelines to ensure which will provide a better cyber security on
bank database and firewalls. According this model, Firewalls needs to utilize to ensure privileged
access to utilize the bank resources.
In future this kind of problem will not happened again; for this we have to take
prevention against this problems according FBI National Computer Crime:
 It is Mandate that Login-banner needs to be installed to ensure users are informed that
they are being monitored and unauthorized access is unacceptable.
 It is Mandate that an audit trail needs to be initialized on all systems and peripherals to
log important system events.
 A key logger may be installed on the network if the proper login-banner is displayed.
This will enable the company to request trap and trace techniques from their phone company.
 Caller-id should be installed to track the records of all calls received.
 Create backups of all damaged and altered files.
The recommendations to prevent future attacks align very well with the ISO 17799
standard. The standard covers ten areas of compliance necessary for certification and, as an
effect, VL Bank will realize greater consumer confidence, more secure commerce, and a number
of other benefits(Gupta, A. & Laliberte, S., 2004).
Also, the enterprise continuity technology and preventative attack measures align well
with this standard’s three key areas, management controls, operational controls and technical
controls (Computer Security Division Information Technology Laboratory National Institute of
Standards and Technology, March 2006).
 Examples of the alignment of the management controls:
 Implementing assurance methods by creating full system backups.
ISO 17799 provides a framework to establish risk assessment methods; policies, controls,
and countermeasures; and program documentation. The standard is an excellent model for
organizations that need:
Create information security policies and procedures
Assign roles and responsibilities
Provide consistent asset management
Establish human and physical security mechanisms
Document communications and operational procedures
Determine access control and associated systems
Prepare for incident and business continuity management
Comply with legal requirements and audit controls
This ISO framework is methodically organized into 11 security control clauses. Each
clause contains 39 main security categories, each with a control objective and one or more
controls to achieve that objective. The control descriptions have the definitions, implementation
guidance, and other information to enable an organization to set up its program objectives
according to the standard methodology. The controls align to specific regulatory requirements
and standards in the following way:
1. Conduct Risk Assessments
2. Establish a security policy
3. Compile an Asset Inventory
4. Define Accountability
5. Address Physical Security
6. Document Operating Procedures
7. Determine Access Controls
8. Coordinate Business Continuity
9. Demonstrate Compliance
VL Bank should take heed of these legislative efforts and proactively plan for them by
updating their information security practices. The controls align to specific regulatory
requirements are needed to meet competency for betterment. Any organization that uses e-
commerce in its business practices must align its systems and databases for the protection of
information content. Although information security is now in the limelight and is being brought
to the attention of the executive level audience, RM is still the basic foundation that branches out
into all the various new compliance areas. Record managers need to work with IT to ensure that
retention and vital records requirements are addressed and are part of the many inventories that
the ISO standard suggests. They must also update their programs to be in line with an
information security program’s objectives as outlined in the controls and implementation
guidance of the ISO 17799 standard. Organizations cannot continue to practice their business in
an irresponsible manner. Using the ISO standard to structure their programs is the foundation,
but they must also stay ahead of the curve, outguessing and outsmarting potential incidents and
occurrences. Websites for information security are pervasive and provide both written materials
and podcasts to help keep information professionals informed. Records managers and IT
professionals can also help each other achieve a best practices program for information security.
VL bank may as well want to invite forensic experts to do their own investigations
alongside the police and their internal team. Some legal consideration for the bank in preparation
of digital evidence include; determination of the laws, which have been broken and availability
of evidence to support the crime. This is important because hacking is a criminal offense and as
such, the burden of proof is beyond reasonable doubt. The chief information security officer
needs to keep in contact with the attorney because he needs to supply him or her with the
relevant information. The chief information security officer needs to coordinate with the attorney
to collect evidence, which is so necessary in prosecuting the case (Stallings & Brown, 2012).
The bank must be contacted to begin the investigation into the fraudulent activity by the
CISO. This needs to be done in order to comply with the necessary steps for the legal and safe
collection of evidence. The bank lawyers will help draft the paperwork necessary for the proper
method of evidence handling and forms that can be used to question witnesses. CISO will need
to meet with lawyers to discuss the SOX terms to ensure the proper storage of the data that is
going to be collected is approvable in the legal guidelines defined in the SOX act (Gallegos, F. &
Senft, S., 2009).
So the bank lawyers will act like the mediator between the federal agencies and VL
Bank’s information security team lead by the CISO. The legal considerations for digital evidence
will be finalized by the bank lawyers and justice system, after these guidelines are sent back to
CISO to begin the investigation. A few examples of alignment with the ISO 17799 standard are
with:
Physical Security – wherein there is only one person is allowed to secure all evidence.

Access Control – wherein clear levels of access are developed and all files are encrypted in a
central location for managed access.
Communications & Operational Management – wherein preventative measure are installed,
such as firewalls, one-time password generators and the education system for users.

Systems Development & Maintenance – wherein the security and health of the information
system is maintained and deployed. Along with a clear methodology for recovering from security
breaches with a secured backup of system critical information.

Considerations of the topic of computer fraud raises three major questions: What is it?
How extensive is it? Is it illegal? In common with most aspects of the topic, definitional
problems abound. In the United Kingdom, the Audit Commission has conducted four triennial
surveys of computer-related fraud based on a definition referring to: ‘any fraudulent behaviour
connected with computerisation by which someone intends to gain financial advantage’. Such a
definition is capable of encompassing a vast range of activities some of which may have only the
most tenuous connection with a computer. The Council of Europe, in its report on computer-
related crime advocates the establishment of an offence consisting of:
“The input, alteration, erasure or suppression of computer data or computer
programmes [sic], or other interference with the course of data processing, that influences the
result of data processing thereby causing economic loss or possessor loss of property of another
person, or with the intent of procuring an unlawful economic gain for himself or for another
person”.
When examining the field of financial manipulations, the situation will be different:
Many countries require that the offender take an “item of another person's property”. The
statutory provisions are not applicable if the perpetrator appropriates deposit money. In many
legal systems, these traditional provisions also cause difficulties, as far as manipulations of cash
dispensers are concerned.
As indicated from the outset, cybercrime is very harmful to the bank and as such, it can
negatively affect its future continuity prospects. For instance, the crime will limit the future
financial standing owing to the swindling and costly legal processes. This would undermine the
available capital for expansion. The cybercrime will as well affect the bank reputations and as
such, undermine entry of new customers to the bank and therefore customer base expansion.
Examples of the alignment of the management controls:
 Implementing assurance methods by creating full system backups.
 A centralized DBMS is created to create easy access to all system information by
authorized individuals.
 Using the COBIT system of management to create security planning and assurance
methods.
 Examples of the alignment of the operational controls:
 Ensuring the education of all system users by implementing user classes.
 The CISO is in charge of all evidence maintenance and collection.
  Creating a hot backup site to ensure immediate system recovery.
 Examples of the alignment of technical controls:
 Implementing the encryption of all files on the information systems.
 A logical privileged access control system.
 A system for creating audit logs of all user interaction within the information system.
A centralized DBMS is created to create easy access to all system information by
authorized individuals. Using the COBIT system of management to create security planning and
assurance methods.
As shown above, a clear methodology has been set out to investigate the fraudulent
activity, cooperate with law enforcement, and ensure the continuity of VL Banks and also
discuss the preventive option so that these kind of fraudulent activity will not happened again.

References

Brenner, S. W. (2012). Cybercrime and the law: Challenges, issues, and outcomes,
Boston: Northeastern Univ Press.
Westby, J. R. (2003). International guide to combating cybercrime, Chicago, Ill:
American Bar Association, Section of Science & Technology Law
Thomas, D., & Loader, B. (2000). Cybercrime: Law enforcement, security, and
surveillance in the information age London: Routledge
Wild, C. (2011). Electronic and mobile commerce law: An analysis of trade, finance,
media, and cybercrime in the digital age, Hatfield, Hertfordshire: University of
Hertfordshire Press
Stallings, W., & Brown, L. (2012). Computer security: Principles and practice, Boston,
MA: Pearson Education
Gupta, A. & Laliberte, S. (2004). Defend I.T.: Security by Example. Indianapolis, IN:     
Addison-Wesley Professional
Ku, R. S. R., & Lipton, J. (2010). Cyberspace Law: Cases and Materials (5th ed.). New
York, NY: Aspen Publishers.
Ellie Myler, CRM, and George Broadbent (2006), ISO 17799: Standard for Security,
The Information Management Journal.
Desai, J. (2010). Service Level Agreements: A Legal and Practical
Guide. Cambridgeshire,UK: IT Governance.
 Gallegos, F. & Senft, S. (2009). Information Technology Control and Audit (3rd ed.).
Boca Raton, FL: Auerbach Publications
Gupta, A. & Laliberte, S. (2004). Defend I.T.: Security by Example. Indianapolis, IN:     
Addison-Wesley Professional
Ku, R. S. R., & Lipton, J. (2010). Cyberspace Law: Cases and Materials (5th ed.). New
York, NY: Aspen Publishers.

<attachment>D:\6Feb\22.docx</attachment>