After completing this chapter, students will be able to: Detail the principal types of international investment flows and their recent growth, discuss the reasons why firms operate in more than one country and become MNEs, show how portfolio investment has grown in recent decades as governments liberalized investment flows and financial markets have developed,. | Chapter 11 Computer Crime and Information Technology Security Outline Learning objectives Carter’s taxonomy Risks and threats IT controls COBIT Learning objectives Explain Carter’s taxonomy of computer crime. Identify and describe business risks and threats to information systems. Discuss ways to prevent and detect computer crime. Explain the main components of the CoBIT framework and their implications for IT security. Carter’s taxonomy Target Targets system or its data Example: DOS attack Instrumentality Uses computer to further criminal end Example: Phishing Four-part system for classifying computer crime A specific crime may fit more than one classification The taxonomy provides a useful framework for discussing computer crime in all types of organizations. Carter’s taxonomy Incidental Computer not required, but related to crime Example: Extortion Associated New versions of old crimes Example: Cash larceny Four-part system for classifying computer crime A specific crime may fit more than one classification The taxonomy provides a useful framework for discussing computer crime in all types of organizations. Risks and threats Fraud Service interruption and delays Disclosure of confidential information Intrusions Malicious software Denial-of-service attacks Please consult the chapter for the full list. IT controls Confidentiality Data integrity Availability C-I-A triad IT controls Physical controls Guards, locks, fire suppression systems Technical controls Biometric access controls, malware protection Administrative controls Password rotation policy, password rules, overall IT security strategy COBIT Two main parts Principles Five ideas that form the foundation of strong IT governance and management Enablers Seven tools that match the capabilities of IT tools with users’ needs Control Objectives for Information and Related Technology Information Systems Audit and Control Association (ISACA) Framework for IT governance and management COBIT . | Chapter 11 Computer Crime and Information Technology Security Outline Learning objectives Carter’s taxonomy Risks and threats IT controls COBIT Learning objectives Explain Carter’s taxonomy of computer crime. Identify and describe business risks and threats to information systems. Discuss ways to prevent and detect computer crime. Explain the main components of the CoBIT framework and their implications for IT security. Carter’s taxonomy Target Targets system or its data Example: DOS attack Instrumentality Uses computer to further criminal end Example: Phishing Four-part system for classifying computer crime A specific crime may fit more than one classification The taxonomy provides a useful framework for discussing computer crime in all types of organizations. Carter’s taxonomy Incidental Computer not required, but related to crime Example: Extortion Associated New versions of old crimes Example: Cash larceny Four-part system for classifying computer crime A specific crime may fit .