Chapter 11 - Computer crime and information technology security. After studying this chapter you will be able to: Explain Carter’s taxonomy of computer crime, identify and describe business risks and threats to information systems, discuss ways to prevent and detect computer crime, explain the main components of the CoBIT framework and their implications for IT security. | Chapter 11 Computer Crime and Information Technology Security Outline Expected outcomes Computer crime Risks and threats Computer criminals Internal control issues CoBIT framework Expected outcomes Explain Carter’s taxonomy of computer crime. Identify and describe business risks and threats to information systems. Name & describe common types of computer criminals. Discuss ways to prevent & detect computer crime. Explain CoBIT’s information criteria & accountability framework. Explain how CoBIT can be used to strengthen internal controls against computer crime. Computer crime Carter’s taxonomy Target Targets the system or its data Instrumentality Uses computer to further a criminal end; ., to commit the crime Incidental Computer not required, but related to crime Associated New versions of old crimes A single crime can fit more than one category. Risks and threats Fraud Error Service interruption and delays Disclosure of confidential information Intrusions Information theft Information manipulation Malicious software Denial-of-service attacks Web site defacements Extortion Computer criminals Script kiddies Hackers Cyber-criminals Organized crime Corporate spies Terrorists Insiders Lecture break 11-1 Divide the class into seven groups. Assume the “identity” of one type of computer criminal. Suggest how your “type” might enact one or two of the risks / threats from the previous slide. The idea of this lecture break is to get students thinking about the relationship between these two topics. For example, how might a hacker be involved in information manipulation? How might organized crime be involved in disclosure of confidential information? Internal control issues C-I-A- triad With respect to information systems, organizations need to protect: Confidentiality Integrity Availability Confidentiality Integrity Availability Internal control issues Physical controls Protect the physical aspects of information systems Examples Locked doors Security . | Chapter 11 Computer Crime and Information Technology Security Outline Expected outcomes Computer crime Risks and threats Computer criminals Internal control issues CoBIT framework Expected outcomes Explain Carter’s taxonomy of computer crime. Identify and describe business risks and threats to information systems. Name & describe common types of computer criminals. Discuss ways to prevent & detect computer crime. Explain CoBIT’s information criteria & accountability framework. Explain how CoBIT can be used to strengthen internal controls against computer crime. Computer crime Carter’s taxonomy Target Targets the system or its data Instrumentality Uses computer to further a criminal end; ., to commit the crime Incidental Computer not required, but related to crime Associated New versions of old crimes A single crime can fit more than one category. Risks and threats Fraud Error Service interruption and delays Disclosure of confidential information Intrusions Information .
