Chapter 11: Computer Crime, Fraud, Ethics, and Privacy Introduction Computer Crime, Abuse, and Fraud Three Examples of Computer Crimes Preventing Computer Crime and Fraud... Computer Cri
Trang 1Chapter 11: Computer Crime, Fraud,
Ethics, and Privacy
Introduction
Computer Crime, Abuse, and Fraud
Three Examples of Computer Crimes
Preventing Computer Crime and Fraud
Trang 2Computer Crime, Abuse, and Fraud
High level of public interest
Data on incidents is limited
Sources of information
Computer Security Institute (CSI) annual survey
KPMG surveys
Trang 3Computer Crime, Abuse, and Fraud
Computer Crime
Manipulation of a computer or computer data
Dishonestly obtain money, acquire property, or
something of value, or cause a loss
Computer Abuse
Trang 4Computer Crime Examples
Trang 5Computer Crime, Abuse, and Fraud
Fraudulent Financial Reporting
Intentional falsification of accounting records
Intend to mislead analysts, creditors, investors
Misappropriation of Assets
Misuse of company assets
Trang 6Asset Misappropriation
Examples
Trang 8CFAA Fraudulent Acts
Unauthorized theft, use, access, modification,
copying, or destruction of software or data
Theft of money by altering computer records or the theft of computer time
Intent to illegally obtain information or tangible
Trang 9CFAA Fraudulent Acts
Use, or the conspiracy to use, computer
resources to commit a felony
Theft, vandalism, destruction of computer
hardware
Trafficking in passwords or other login
information for accessing a computer
Trang 10Federal Legislation Affecting
the Use of Computers
Trang 11Federal Legislation Affecting
the Use of Computers
Trang 12State Legislation
Every state has a computer crime law
State law provisions
Define computer terms
Define some acts as misdemeanors
Declare other acts as felonies
Trang 13Study Break #1
Which of the following pieces of computer legislation is
probably the most important?
A Cyber Security Enhancement Act of 2002
B Computer Security Act of 1987
C The Computer Fraud and Abuse Act of 1986
D Federal Privacy Act of 1974
Trang 14Study Break #1 - Answer
Which of the following pieces of computer legislation is
probably the most important?
A Cyber Security Enhancement Act of 2002
B Computer Security Act of 1987
C The Computer Fraud and Abuse Act of 1986
D Federal Privacy Act of 1974
Trang 15Study Break #2
Which legislation might help discourage computer hacking?
A Federal Privacy Act of 1974
B Computer Fraud and Abuse Act of 1986
C USA Patriot act of 2001
D CAN-SPAM Act of 2003
Trang 16Study Break #2 - Answer
Which legislation might help discourage computer hacking?
A Federal Privacy Act of 1974
B Computer Fraud and Abuse Act of 1986
C USA Patriot act of 2001
D CAN-SPAM Act of 2003
Trang 17Computer-Crime Statistics
Limited availability of data
Private companies handle abuse internally
Most computer abuse is probably not discovered
Growth of computer crime
Exponential growth in use of computer resources
Trang 18Importance of Computer Crime and Abuse to AISs
Impact on AISs
Favored target due to control of financial resources
Prized target for disgruntled employees
Responsible for designing, selecting, and implementing
controls that protect AISs
Reliance on auditors to verify financial statement
Additional Items
Trang 19Compromising Valuable Information:
The TRW Credit Data Case
Summary
Credit rating company
Altered company credit ratings for a fee
Clients relied on inaccurate information
Analysis
Trang 20Wire Fraud and Computer Hacking:
Edwin Pena and Robert Moore
Summary
Voice over Internet Protocol (VoIP)
Hacked into other provider’s network
Billed those companies
Analysis
Trang 22Protecting Systems
Preventing Viruses
Firewalls
Antivirus software
Antivirus control procedures
Organizational Control Procedures
Discourage free exchange of computer disks or external
programs
Trang 23Common Types of Computer
Crime and Abuse
Trang 24Preventing Computer Crime
and Fraud
Enlist Top-Management Support
Increase Employee Awareness and Education
Assess Security Policies and Protect Passwords
Strong passwords
Social engineering
Trang 2510 Simple Steps to Safer PCs
Trang 2610 Simple Steps to Safer PCs
Trang 27Preventing Computer Crime
Education, Gender, and Age
Don’t Forget Physical Security
Trang 28Occupations of Computer
Abuse Offenders
Trang 29Fraud Losses and Education
Level of Perpetrator
Trang 31Study Break #3
Which of these is not helpful in attempting to thwart
computer crime and abuse?
A Enlist the support of top management
B Keep employees in the dark so that they cannot perpetrate them
C Use strong passwords
Trang 32Study Break #3 - Answer
Which of these is not helpful in attempting to thwart
computer crime and abuse?
A Enlist the support of top management
B Keep employees in the dark so that they cannot perpetrate them
C Use strong passwords
Trang 33Study Break #4
Most computer criminals:
A Have nontechnical backgrounds
B Have noncriminal backgrounds
C Have little college education
D Are young and bright
E Have probably not been caught, so we don’t know much
Trang 34Study Break #4 - Answer
Most computer criminals:
A Have nontechnical backgrounds
B Have noncriminal backgrounds
C Have little college education
D Are young and bright
E Have probably not been caught, so we don’t know much
Trang 35Ethical Issues, Privacy, and
Identity Theft
Ethics
A set of moral principles or values
Governs organizations and individuals
Ethical behavior
Making choices and judgments that are morally
Trang 36Ethical Issues, Privacy, and
Identity Theft
Ethical Issues and Professional Associations
Codes of Ethics/Professional Conduct
Certification programs and Ethics committees
Meeting the Ethical Challenges
Inform employees of importance of ethics
Ethics training
Trang 37Ethical Issues in Computer
Usage
Trang 38Ethical Issues, Privacy, and
Identity Theft
Company Policies with Respect to Privacy
Who owns the computer and data stored on it?
What purposes the computer may be used?
What uses are authorized or prohibited?
Identity Theft
Dumpster diving
Trang 39Identity Theft Methods
Trang 41Study Break #5 - Answer
Smishing is a form of:
A Dial-back system
B Local area network
C Computer worm
D Identity theft
Trang 42Copyright 2012 John Wiley & Sons, Inc All rights reserved
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the
express written permission of the copyright owner is unlawful
Request for further information should be addressed to the
Permissions Department, John Wiley & Sons, Inc The purchaser
may make backup copies for his/her own use only and not for
distribution or resale The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the
Trang 43Chapter 11