Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cmpe 471 Computer Crime: Techniques and Countermeasures.

Published byLouisa Lawson Modified over 8 years ago

Similar presentations

Presentation on theme: "Cmpe 471 Computer Crime: Techniques and Countermeasures."— Presentation transcript:

1 Cmpe 471 Computer Crime: Techniques and Countermeasures

2 Preventing Computer Crime Proper employee relations –careful supervision of employees’ state of mind –take note of unusual personal problems –beware if the employee radiates negative energy about the systems, peers and the company in general –try to solve the problem before it becomes a physical attack –take measures to prevent unauthorised access to information assets

3 Take physical measures for piggybacking –Guard –physical gates –outsourced external security company –proper guard back-up procedures –prevent more than one person to enter: man- trap: Kuzey Kampus, GarantiB headquarters Preventing Computer Crime

4 Preventing logical piggybacking –Unattended terminals or PCs are the portals for logical piggybacking –configurable time-out function –automatic branching to a security screen –user-configurable screen lay-out for re-authentication –integration with a security database –automatic return to the previous (interrupted) state –apply biometrics Preventing Computer Crime

5 Controls Against Program Threats –Software development the design writing testing –Programming Controls –Description of the programming task individual task that requires independent thought programs are very individualistic programmers are solitary people who enjoy working alone programming is an art only understood by programmers Preventing Computer Crime

6 Controls Against Program Threats –None of these arguments hold true!!! –The basic principles of software engineering are division of labour reuse of code use of standard pre-constructed software tools organised activity –Peer reviews: code and design –modularity, encapsulation and information hiding Preventing Computer Crime

7 Controls Against Program Threats –Writing code in small self-contained units: modules advantages for program development and security a module can be isolated from the negative effects of other models with which it interacts: encapsulation –Information hiding: other modules know that a module performs a certain task, but not know how it performs that task Preventing Computer Crime

8 Controls Against Program Threats –Modularity: Unity: performs one purpose Smallness: consists of an amount of information of which a person can readily grasp both structure and content Simplicity: low degree of complexity so that a person can readily understand the purpose and structure of the module Independence: performs a task isolated from other modules maintenance: a module can be replaced with a revised one understandability: small modules are easier to understand reuse correctness: an error can be found and corrected easily testing: a single module with well-defined inputs, output, function can be tested without effecting other modules Preventing Computer Crime

9 Controls Against Program Threats –From a standpoint of security, programmers and analysts must be able to understand each module as an independent unit and be assured of its limited effect on other modules –Proper modularity leads to modules that have minimal interaction with other modules Preventing Computer Crime

10 Encapsulation Tight coupling Independent, loosely coupled modules

11 Information hiding Access to all parts of module Method, data hidden

12 Configuration Management A person or system controls and records all changes to a program or documentation change control board –judges the desirability and correctness of all proposed changes to guard against loss of a version of a program to manage the parallel development of several similar versions of one program to provide facilities for controlled sharing of modules that combine to form one system

13 Configuration Management Security advantages: –protects against unintentional threats –guard against malicious ones –protects integrity of programs and documentation

14 Proofs of Program Correctness A security specialist wants to make sure that a given program computes a particular result and computes it correctly. Program correctness proofs are hindered by several factors: –depends on the programmer to translate program’s statements into logical implications- translation is prone to errors

15 Proofs of Program Correctness –Deriving the correctness proof from the initial assertions and the implications of statements is difficult; less appropriate for large programs –the current state of program verification is well- developed than code production; consistent and successful application to large production systems is a challenge.

16 Process Improvement Development stages: –system requirements design –software requirements analysis –preliminary design –detailed design –coding and unit testing –component integration and testing –subsystem integration and testing –system integration and testing

17 Process Improvement Each of these phases has the following requirements: –software development management: planning, organisation, reviews –software engineering: development, decomposition, adherence to standards for coding and language –formal qualification testing –software product evaluation –configuration management

18 Capability Maturity Model Software Engineering Institute (SEI) grants CMM levels from 1 to 5, 5 being the highest standard –Initial –Repeatable –Defined –Managed –Optimising

19 Administrative Controls Standards of program development Enforcing program development standards –security audits –segregation of duties

Download ppt "Cmpe 471 Computer Crime: Techniques and Countermeasures."

Similar presentations

Configuration Management

Configuration Management
NetPay provides best and effective solution for company Managers to maintain their employee scheduling task (including staff in/out details, overtime,

NetPay provides best and effective solution for company Managers to maintain their employee scheduling task (including staff in/out details, overtime,
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
ITAuditing Using GAS & CAATs

ITAuditing Using GAS & CAATs
COMPSCI 105 S2 2014 Principles of Computer Science 12 Abstract Data Type.

COMPSCI 105 S Principles of Computer Science 12 Abstract Data Type.
Software Engineering CSE470: Process 15 Software Engineering Phases Definition: What? Development: How? Maintenance: Managing change Umbrella Activities:

Software Engineering CSE470: Process 15 Software Engineering Phases Definition: What? Development: How? Maintenance: Managing change Umbrella Activities:
Design Concepts and Principles

Design Concepts and Principles
Dr Gordon Russell, Napier University Unit 5.3 - Data Dictionary 1 Data Dictionary Unit 5.3.

Dr Gordon Russell, Napier University Unit Data Dictionary 1 Data Dictionary Unit 5.3.
Software Engineering and Design Principles Chapter 1.

Software Engineering and Design Principles Chapter 1.
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.

R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
Design The goal is to design a modular solution, using the techniques of: Decomposition Abstraction Encapsulation In Object Oriented Programming this is.

Design The goal is to design a modular solution, using the techniques of: Decomposition Abstraction Encapsulation In Object Oriented Programming this is.
Jump to first page 1 System Design (Finalizing Design Specifications) Chapter 3d.

Jump to first page 1 System Design (Finalizing Design Specifications) Chapter 3d.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Fundamentals of Information Systems, Second Edition

Fundamentals of Information Systems, Second Edition
Chapter 1 Principles of Programming and Software Engineering.

Chapter 1 Principles of Programming and Software Engineering.
Principles of Information Systems, Sixth Edition 1 Systems Investigation and Analysis Chapter 12.

Principles of Information Systems, Sixth Edition 1 Systems Investigation and Analysis Chapter 12.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Investigation and Analysis Chapter 12.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Investigation and Analysis Chapter 12.
9 1 Chapter 9 Database Design Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.

9 1 Chapter 9 Database Design Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.

© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
Software Engineering CSE470: Systems Engineering 35 Computer System Engineering Computer System Engineering is a problem-solving activity. Itemize desired.

Software Engineering CSE470: Systems Engineering 35 Computer System Engineering Computer System Engineering is a problem-solving activity. Itemize desired.

Similar presentations

Ads by Google