1. Chapter 9 Enhancing Information/Computer Security

2. Valuable Proprietary Information  Specific threats to security of proprietary information include:  Employees.  Nondisclosure agreements.  Noncompete agreements.  Secrecy agreements.  Discarded information--in most states, garbage in dumpsters can be legally searched.  Unsecured telecommunication.  Acoustical surveillance.

3. Telecommunication Security  Telecommunication security includes information communicated by:  Voice, fax and computer.  Using wirelines, microwave links, satellite systems and fiberoptic lines.

4. Computer Crime Defined  Computer crime includes accessing a computer’s database without authorization or exceeding authorization for the purpose of sabotage or fraud.  It includes theft or destruction of software and hardware as well.

5. Seriousness of Computer Crime  Computer crimes cost hundreds of millions of dollars annually.  In fact, computer crime or failure might destroy a business.

6. Threats to Computer Centers  The greatest security threats to computer centers are:  Theft by fraud or embezzlement.  Hackers.  Sabotage.  Employee carelessness or error.  Fire.

7. Computer Crime Legislation  Most common offenses:  Access to defraud.  Access to obtain money.  Computer fraud.  Offenses against computer users.  Offenses against intellectual property.  Offenses against computer equipment and supplies.  Unauthorized access.  Unauthorized or unlawful computer use.

8. Electronic Communications Privacy Act of 1986  The Act makes it illegal to intentionally access, without authorization, a facility providing electronic communication services, or to intentionally exceed the authorization of access to such a facility.

9. Reducing Computer Crime Loss  Security measures for computer systems include:  Logical controls.  Physical access controls.  Administrative controls.  Protecting against fire.  Maintaining a backup system.

10. Investigating Computer Crime  Factors to consider in investigating computer crime include:  Investigator’s knowledge and whether outside expertise is required.  Likelihood of victim or an employee being involved.  The difficulty in detecting such crimes.

11. The Computer Criminal  The typical computer “criminal” is:  a young, middle-class technical person.  highly educated.  with no prior criminal record.  employed by the firm reporting the crime.

12. Prosecuting Perpetrators of Computer Crime  The chance of a computer criminal being caught and going to jail is approximately one in twenty-seven thousand.

13. Summary Questions  How can valuable proprietary information be obtained by competitors or criminals?  Can trash be legally searched by others?  What does telecommunications security involve?  What constitutes computer crime?  How serious is computer crime?  What are the greatest threats to computer centers?

14. Summary Questions  What legislation pertains to computer crime?  What security measures can be taken to reduce losses from computer crime?  What factors should be considered when investigating a computer crime?  Who is the typical computer criminal?  What is the probability of computer crime detection and the risk of prosecution?