computer security management: assessment and forensics session 8

22
Computer Security Management: Assessment and Forensics Session 8

Upload: myles-hicks

Post on 01-Jan-2016

216 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Computer Security Management: Assessment and Forensics Session 8

Computer Security Management: Assessment and Forensics

Session 8

Page 2: Computer Security Management: Assessment and Forensics Session 8

Computer crime means a crime involving computer resources, including using a computer to commit a crime.

Computer fraud means using computer resources to defraud .

Page 3: Computer Security Management: Assessment and Forensics Session 8

Using a computer to defraud.

Fraud is an intentional act to deceive or mislead, convert assets to one’s own benefit, or make intentional false statements or misrepresentations often accompanied by omission, manipulation of documents or collusion.

Computer fraud is criminal.

Page 4: Computer Security Management: Assessment and Forensics Session 8

Hacking. Deliberate virus spreading. Theft of information, software or hardware. Theft of computer resource usage. Denial of computer services by means of

malicious software or messages. Message interception.

Page 5: Computer Security Management: Assessment and Forensics Session 8

Scams Phishing Defamation of character. Disseminating hate propaganda. Threats Developing, holding or spreading child

pornography.

Page 6: Computer Security Management: Assessment and Forensics Session 8

A perpetrator lacking integrity or ethics

Motivation to commit fraud

Opportunity to commit and conceal fraud

False representation to a substantial degree

Page 7: Computer Security Management: Assessment and Forensics Session 8

Factor to induce a victim or accomplice to act

Intent to defraud

Injury or loss sustained

Page 8: Computer Security Management: Assessment and Forensics Session 8

The fraud provisions of the Criminal Code have been used to prosecute people who used computers to commit frauds.

The Internet is increasingly used to perpetrate fraud because of its reach and the impulse responses of Web surfers.

Page 9: Computer Security Management: Assessment and Forensics Session 8

A complex accounting system raises the potential for “creative accounting” and consequently fraud

The general perception that computerized information is reliable makes computer fraud less susceptible to challenge than fraud committed on paper

Page 10: Computer Security Management: Assessment and Forensics Session 8

Manipulating systems or causing glitches to “smooth” quarterly earnings

Salami, rounding down interest calculation and deposit difference to programmer’s own account

Employee selling of customer lists to competitor

Fictitious insurance policies to defraud insurers and reinsurers

Page 11: Computer Security Management: Assessment and Forensics Session 8

A scheme that uses one or more components of the Internet - such as chat rooms, e-mail, message boards, or Web sites - to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or others connected with the scheme.

Page 12: Computer Security Management: Assessment and Forensics Session 8

Auction or sales inducing the victim to send money or give out credit card numbers for promised goods

Business opportunity Work-at-home program

Page 13: Computer Security Management: Assessment and Forensics Session 8

Investment scheme

Stock market manipulation by spreading fictitious news about public companies

Identity theft

Page 14: Computer Security Management: Assessment and Forensics Session 8

Segregation of duties

Management and independent review

Restricted access

Code of business conduct to outline what is not acceptable, what is not supposed to be done with organization IT resources, what constitutes conflict of interest.

Page 15: Computer Security Management: Assessment and Forensics Session 8

Intrusion detection and prevention systems

Encryption

Security education

Analytical review

Page 16: Computer Security Management: Assessment and Forensics Session 8

System monitoring

Security check on new hires and contractors

An established process for whistle blowing and investigation

Exemplifying management culture

Page 17: Computer Security Management: Assessment and Forensics Session 8

Lock laptops when not attended to

Scheduled refreshment of web sites from the backup version to nullify even minor changes by hackers such as changing a key word in the user agreement or a rate

Page 18: Computer Security Management: Assessment and Forensics Session 8

Management Actions in Reaction to Computer Crime Damage control by pulling equipment off

the network. Preserve evidence, do not turn off

computers. Call a forensic expert to image the

computer hard disks. Do not use the computer until the hard disk

is successfully captured

Page 19: Computer Security Management: Assessment and Forensics Session 8

Management Actions in Reaction to Computer Fraud Do not set off alarm, let the suspect

continue. Damage control, by making backup of data

and providing an alternate plan. Continue to monitor suspect. Collect evidence behind the scene. Depending on severity, may need to

terminate access or reassign suspect immediately.

Sanitize data behind the scene.

Page 20: Computer Security Management: Assessment and Forensics Session 8

Gathering evidence◦ Rules of Evidence must be carefully followed◦ Chain of custody critical◦ Interviewing personnel◦ Invigilation◦ Indirect methods of proof

Page 21: Computer Security Management: Assessment and Forensics Session 8

Screwdriver and pliers Disk imaging software Hash calculation utility Search utilities File and data recovery tools File viewing utilities Password cracking software Digital camera

Page 22: Computer Security Management: Assessment and Forensics Session 8

Computer crime and computer fraud on the rise

Organizations should adopt a code of business conduct.

Organizations should have chief ethic officers