Presentation is loading. Please wait.

Presentation is loading. Please wait.

McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security.

Published bySolomon Logan Modified over 8 years ago

Similar presentations

Presentation on theme: "McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security."— Presentation transcript:

1 McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security

2 11-2 Outline Expected outcomes Computer crime Risks and threats Computer criminals Internal control issues CoBIT framework

3 11-3 Expected outcomes Explain Carter’s taxonomy of computer crime. Identify and describe business risks and threats to information systems. Name & describe common types of computer criminals. Discuss ways to prevent & detect computer crime. Explain CoBIT’s information criteria & accountability framework. Explain how CoBIT can be used to strengthen internal controls against computer crime.

4 11-4 Computer crime Carter’s taxonomy – Target Targets the system or its data – Instrumentality Uses computer to further a criminal end; i.e., to commit the crime – Incidental Computer not required, but related to crime – Associated New versions of old crimes A single crime can fit more than one category.

5 11-5 Risks and threats Fraud Error Service interruption and delays Disclosure of confidential information Intrusions Information theft Information manipulation Malicious software Denial-of-service attacks Web site defacements Extortion

6 11-6 Computer criminals Script kiddies Hackers Cyber-criminals Organized crime Corporate spies Terrorists Insiders Lecture break 11-1 –Divide the class into seven groups. –Assume the “identity” of one type of computer criminal. –Suggest how your “type” might enact one or two of the risks / threats from the previous slide.

7 11-7 Internal control issues C-I-A- triad With respect to information systems, organizations need to protect: – Confidentiality – Integrity – Availability Confidentiality IntegrityAvailability

8 11-8 Internal control issues Physical controls –Protect the physical aspects of information systems –Examples Locked doors Security personnel Alarm systems

9 11-9 Internal control issues Technical controls –Protect electronic aspects of information system –Examples Firewalls Data encryption Anti-virus software

10 11-10 Internal control issues Administrative controls –Policies that may relate to either physical and / or electronic aspects of the system –Examples Password strength and rotation policies Adequate supervision Procedures manuals

11 11-11 Internal control issues Lecture break 11-2 –Consider the work you completed in Lecture break 11-1. –Suggest one helpful internal control in each category: Physical Technical Administrative

12 11-12 CoBIT framework Developed by Information Systems Audit and Control Association (www.isaca.org)www.isaca.org Control Objectives for Information and Related Technology Comprehensive framework for addressing the totality of an organization’s IT

13 11-13 CoBIT framework Components –Domains of knowledge: tasks to complete Plan and organize Acquire and implement Deliver and support Monitor and evaluate –Notice the connection with the systems development life cycle –Points of view: issues to consider in each domain Business objectives: how does each domain relate to the entity’s overall goals? Information technology resources: what IT resources are needed within each domain? Information technology processes: how should those resources be managed?

14 11-14 CoBIT framework Components –Information criteria: what characteristics should the information have to make it most useful?  Effectiveness  Efficiency  Confidentiality  Integrity  Availability  Compliance  Reliability Notice the relationship between the information criteria, the CIA triad and the qualitative characteristics in the FASB conceptual framework.

15 11-15 CoBIT framework Components Accountability framework: what reporting relationships does an organization need to ensure everything else is working?

16 11-16 Classroom assessment This chapter has focused on: –Carter’s taxonomy of computer crime –Risks and threats to information systems –Computer criminals –Internal control issues –CoBIT framework Which of those areas do you understand best? Prepare a short written summary of it. Which do you understand least? Jot down two questions you have about it.

17 11-17

Download ppt "McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security."

Similar presentations

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
The Islamic University of Gaza

The Islamic University of Gaza
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works

Security Controls – What Works
Chapter 15 Computer Crime and Information Technology Security Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Chapter 15 Computer Crime and Information Technology Security Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Accounting Information Systems Chapter Outlines

Accounting Information Systems Chapter Outlines
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Fraud Prevention and Risk Management

Fraud Prevention and Risk Management
McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 3 Internal Controls.

McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 3 Internal Controls.

Similar presentations

Ads by Google