Social Issues and Professional Practice: Module 3: Computer and Internet Crime

PhilCST
PHILIPPINE COLLEGE OF SCIENCE & TECHNOLOGY

OLD NALSIAN ROAD, BRGY. NALSIAN, CALASIAO, PANGASINAN
SOCIAL ISSUES AND

PROFESSIONAL PRACTICE
MODULE 3: COMPUTER AND INTERNET
CRIME
By: MS.RACHELLE N. NOBLE,MIT

PhilCST
Objectives
 What key trade-offs and ethical issues are associated with the
safeguarding of data and information systems?
 Why has there been a dramatic increase in the number of computer-
related security incidents in recent years?
 What are the most common types of computer security attacks?
 Who are the primary perpetrators of computer crime, and what are
their objectives?
 What are the key elements of a multilayer process for managing
security vulnerabilities based on the concept of reasonable assurance?
 What actions must be taken in response to a security incident?
 What is computer forensics, and what role does it play in responding
to a computer incident?
PhilCST
IT SECURITY INCIDENTS: A MAJOR

CONCERN
Business managers, IT professionals, and IT users all face a number of ethical decisions
regarding IT security, such as the following:
– If a firm is a victim of a computer crime, should it pursue prosecution of the criminals at all costs,
maintain a low profile to avoid the negative publicity, inform its affected customers, or take some
other action?
– How much effort and money should be spent to safeguard against computer
crime? (In other words, how safe is safe enough?)
– If a company realizes that it has produced software with defects that make it
possible for hackers to attack customer data and computers, what actions should
it take?
– What should be done if recommended computer security safeguards
make conducting business more difficult for customers and employees,
resulting in lost sales and increased costs?
PhilCST
WHY COMPUTER INCIDENTS ARE SO

PREVALENT?
Increasing complexity Higher computer user
increases vulnerability expectations
Expanding and Changing

Bring Your Own Device
Systems Introduce New Risks
Increased Reliance on
Commercial Software with
Known Vulnerabilities
PhilCST
TYPES OF EXPLOITS
VIRUS WORM SPAM
TROJAN HORSE EXPLOITS DDOS ATTACKS
ROOTKITS PHISHING
PhilCST
TYPES OF EXPLOITS
 a piece of programming code, usually
disguised as something else, that causes
a computer to behave in an unexpected
and usually undesirable manner.
 A true virus does not spread itself

VIRUS from computer to computer.
 A virus is spread to other machines when
a computer user opens an infected email
attachment, downloads an infected
program, or visits infected Web sites. In
other words, viruses spread by the action
of the “infected” computer user.
PhilCST
TYPES OF EXPLOITS
 a harmful program that resides in

the active memory of the computer
and duplicates itself.
WORM
 Worms differ from viruses in that
they can propagate without human
intervention, often sending copies of
themselves to other computers by
email.
PhilCST
TYPES OF EXPLOITS
 a program in which malicious code
TROJAN HORSE is hidden inside a seemingly
harmless program.
 destroy hard drives, corrupt files,

control the computer remotely, launch
attacks against other computers, steal
passwords or Social Security numbers,
or spy on users by recording keystrokes
and transmitting them to a server
operated by a third party.
PhilCST
TYPES OF EXPLOITS
 the abuse of email systems to send

SPAM unsolicited email to large numbers
of people.
 Spam is also an extremely

inexpensive method of marketing
used by many legitimate
organizations.
PhilCST
TYPES OF EXPLOITS
 a set of programs that enables its user to
gain administrator-level access to a
computer without the end user’s consent
or knowledge.
DDOS ATTACKS
 Attackers can use the rootkit to execute

files, access logs, monitor user activity,
and change the computer’s
configuration.
PhilCST
TYPES OF EXPLOITS
 a set of programs that enables its user to

gain administrator-level access to a
ROOTKITS computer without the end user’s
consent or knowledge.
 Attackers can use the rootkit to

execute files, access logs, monitor
user activity, and change the
computer’s configuration.
PhilCST
TYPES OF EXPLOITS
 Spear-phishing is a
 the act of PHISHING variation of phishing
fraudulently using in which the phisher
email to try to get sends fraudulent
the recipient to emails to a certain
reveal personal data. organization’s
employees.
 Vishing is similar to
 Smishing is another
smishing except that the
variation of phishing that victims receive a voice
involves the use of Short mail telling them to call
Message Service (SMS)
a phone number or
texting. access a Web site.
PhilCST
TYPES OF PERPETRATORS
MALICIOUS
HACKERS CRACKERS INSIDERS
INDUSTRIAL
SPIES PERPETRATORS CYBERCRIMINALS
HACKTIVISTS CYBERTERRORISTS
PhilCST
HACKERS CRACKERS
 test the limitations of  someone who breaks
information systems out into someone else's
of intellectual curiosity computer system, often
—to see whether they on a network; bypasses
can gain access and how passwords or licenses in
far they can go. computer programs.
PhilCST
MALICIOUS INDUSTRIAL
INSIDERS SPIES
 major security concern for  Industrial spies use illegal

companies means to obtain trade secrets
 an ever-present and from competitors.
extremely dangerous  Industrial espionage involves
adversary using illegal means to obtain
 Malicious insiders are information that is not
extremely difficult to detect or available to the public.
stop because they are often
authorized to access the very
systems they abuse.
PhilCST
HACTIVISTS CYBERTERRORISTS
 HACTIVISM a combination of the  launches computer-based attacks
words hacking and activism, is against other computers or
hacking to achieve a political or social networks in an attempt to
goal. intimidate or coerce a government
in order to advance certain political
or social objectives.
CYBERCRIMINALS
 motivated by the potential for monetary gain and hack into
computers to steal, often by transferring money from one
account to another to another
PhilCST
IMPLEMENTING TRUSTWORTHY COMPUTING

TRUSTWORTHY
COMPUTING
 A method of computing that delivers secure, private, and reliable

computing experiences based on sound business practices – which
is what organizations worldwide are demanding today.
EDUCATING EMPLOYEES AND

RISK ASSESSMENT DETECTION
CONTRACT WORKERS
ESTABLISHING A
PREVENTION
SECURITY POLICY
RESPONSE
PhilCST
RISK ASSESSMENT DETECTION

 organizations should implement
 Is the process of assessing security- detection systems to catch intruders
related risks to an organization’s in the act. Organizations often
computers and networks from both employ an intrusion detection
internal and external threats. system to minimize the impact of
intruders.
PhilCST

EDUCATING EMPLOYEES AND
CONTRACT WORKERS PREVENTION
 Educate and motivate users to  Installing antivirus software
understand and follow policy  Intrusion prevention systems
 Help protect information systems by:  Installing a corporate firewall
 Implement a layered security solution
 Guarding passwords
 Safeguards against attacks by malicious
 Not allowing sharing of passwords insiders
 Applying strict access controls to  Departing employees and contractors
protect data  Carefully define employee roles
 Reporting all unusual activity and separate key responsibilities
 Protecting portable computing and  Create roles and user accounts to
data storage devices limit authority
PhilCST

ESTABLISHING A
SECURITY POLICY RESPONSE
A security policy defines an A response plan should be developed well in
organization’s security requirements, advance of any incident and be approved by both
as well as the controls and sanctions the organization’s legal department and senior
needed to meet those requirements. management.
 Incident Notification
Ethics Policy  Protection of Evidence and Activity Logs
Information Sensitivity Policy  Incident Containment
Risk Assessment Policy  Eradication
  Incident Follow-Up
Personal Communication
 Computer Forensics
Devices and Voice-mail Policy
PhilCST
IMPLEMENTING TRUSTWORTHY
COMPUTING
COMPUTER FORENSICS
– Combines elements of law and computer science to identify, collect,

examine, and preserve data and preserve its integrity so it is admissible
as evidence
– Computer forensics investigation requires extensive training and

certification and knowledge of laws that apply to gathering of criminal
evidence
PhilCST
END OF MODULE 3

Social Issues and Professional Practice: Module 3: Computer and Internet Crime

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Social Issues and Professional Practice: Module 3: Computer and Internet Crime

Загружено:

Авторское право:

Доступные форматы

PhilCST

PHILIPPINE COLLEGE OF SCIENCE & TECHNOLOGY

SOCIAL ISSUES AND

By: MS.RACHELLE N. NOBLE,MIT

IT SECURITY INCIDENTS: A MAJOR

WHY COMPUTER INCIDENTS ARE SO

Expanding and Changing

VIRUS WORM SPAM

TROJAN HORSE EXPLOITS DDOS ATTACKS

 A true virus does not spread itself

 a harmful program that resides in

 destroy hard drives, corrupt files,

 the abuse of email systems to send

 Spam is also an extremely

 Attackers can use the rootkit to execute

 a set of programs that enables its user to

 Attackers can use the rootkit to

 major security concern for  Industrial spies use illegal

IMPLEMENTING TRUSTWORTHY COMPUTING

 A method of computing that delivers secure, private, and reliable

EDUCATING EMPLOYEES AND

IMPLEMENTING TRUSTWORTHY COMPUTING

RISK ASSESSMENT DETECTION

IMPLEMENTING TRUSTWORTHY COMPUTING

IMPLEMENTING TRUSTWORTHY COMPUTING

– Combines elements of law and computer science to identify, collect,

– Computer forensics investigation requires extensive training and

Вам также может понравиться