Computer and Internet Crime

CHAPTER 3
CYBERATTACKS AND
CYBERSECURITY
George W. Reynolds
LEARNING OBJECTIVES
•Why are computer incidents so prevalent, and what are their

effects?
•What can be done to implement a strong security program to
prevent cyberattacks?
•What actions must be taken in the event of a successful security
intrusion?
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
WHY MANAGERS AND
IT USERS MUST
UNDERSTAND ITS
SECURITY
20XX
Dilemmas Faced by Business
Managers Regarding IT Security
Amount to be spent to
safeguard against
computer crime
Handling difficulties caused

by lost sales and increased
costs due to recommended
security safeguards
Actions to be taken if a firm

is a victim of a computer
crime
Why Computer Incidents are so prevalent
Number of entry Cloud Computing: Virtualization Software:

points: Expanding and Operates in a software layer
As more devices are changing systems that runs on top of the
added, the number of introduce new risks operating system; enables
network entry points virtual machines to run on a
grows, increasing single computer
security risks
TYPES OF EXPLOITS
VIRUS WORM TROJAN HORSE DDOS OR DOS
• Disguised as • Stays in computer • Hidden malicious • Floods site with

something else memory and code demands, Keeping it
duplicates itself- may busy
• User opens, spread w/o human • May destroy hard
downloads, or visits intervention drives, remotely
infected websites control PC • Botnet/zombie PCs –
• Lost data, programs, computers controlled
• Macro virus- infects productivity, high • May launch attacks by hackers from
documents and costs or repair and against other remote locations
templates restoration computers without consent
TYPES OF EXPLOITS
PHISHING SMISHING VISHING
Fraudulently Uses voice

using email to Uses SMS mail message
get a recipient to
reveal personal
data
TYPES OF EXPLOITS
IDENTITY THEFT CYBERESPIONAGE

• Personal information stolen without permission • Secretly steals high-value data in the computer
systems
• Data Breach: Unintended release of sensitive
information • Sales, marketing, R & D , Schedules and budgets
• Product designs & processes
• Websites use encryption technology to protect
consumer information • Employee and customer personal information
TYPES OF EXPLOITS
CYBERTERRORISM
Intimidation of a government or a
civilian by using information
technology to disable critical
national infrastructure – done to
achieve political, religious, or
ideological goals
CREDIT CARD FRAUD PREVENTION
ENCRYPTION TECHNOLOGY
CARD VERIFICATION VALUE (CVV)
TRANSACTION-
RISK SCORING
SOFTWARE
SMART CARDS ZIP CODE

TRUSTWORTHY COMPUTING
• Delivers secure, private, and
reliable computing experiences
based on sound business
practices
• A strong security system
• Assesses possible threats to the

organization’s network
• Identifies actions that address

serious vulnerabilities
• Educates end users about the

risks involved and actions to take
TRUSTWORTHY COMPUTING (CONTINUED)
POLICIES AND PROCEDURES IMPLEMENTED TO PREVENT
• Help prevent security breaches

• Effectively employ hardware and software tools
NEED A CLEAR REACTION PLAN THAT ADDRESSES
• Notification and evidence protection

• Activity log maintenance
• Containment and eradication
• recovery
RISK ASSESSMENT
Goal Asset Loss event
Identify best Hardware,

software, Any
investments of occurrence
network, or
time & database used that has a
resources to by the negative
protect organization to impact on an
organization achieve
from threats objectives asset
Establishing a Security Policy
Good security policy describes the

responsibility and behavior expected of
the organization
Automated system rules should mirror

organization’s written policies
Companies including special security

requirements for mobile devices
Educating Employees and contract workers
Password Prohibiting others

protecting Ensuring that mobile
from using their
accounts technology is protected
passwords
Applying strict
Reporting unusual
access controls
policy
to protect data
Preventive Measures
• Guards between an Organization’s internal network

Firewall & and the internet
• blocks attacks by filtering network traffic based on
packet contents
• Software and/or hardware that monitors system

Intrusion resources and activities and issues an alert when it
Detection System detects network traffic attempting to circumvent
security measures
• Scan for viruses & virus signatures; should be regularly

Antivirus updated
Software
Preventive Measures
Safeguards against attacks by malicious insiders involve implementing a

Safeguards against combination of technical, administrative, and physical security measures to
mitigate the risks posed by individuals with authorized access to an
attacks by malicious
organization's systems and data who may intentionally or unintentionally
insiders compromise security.
•Security policy: A policy that defines an organization’s security requirements,

as well as the controls and sanctions needed to meet those requirements
•A good security policy delineates responsibilities and the behavior expected
Periodic IT Security
of members of the organization.
Audits
Security Audit: An audit that evaluates whether an organization has a well-
considered security policy in place and if it is being followed
United States Computer Emergency Readiness Team US-CERT
Serves as a
Partnership between
clearinghouse for
the Department of Protect the nation’s
information on new
Homeland Security internet infrastructure
viruses, worms and
and the public and against cyberattacks
other computer
private sectors
security topics
NIST Incident Response Life Cycle
RESPONSE PLANNING
Planning for Need Proper

unexpected adverse planning and
events execution
When the use of
Avoid severe
technology is
damage
disrupted
Business
Otherwise, may
operations may
never recover
cease
INCIDENT RESPONSE ACTIONS
• Detection – Recognition that an incident is

underway
• Reaction – Responding to the incident in a

predetermined fashion to contain and mitigate
its potential damage
• Recovery – Returning all systems and data to

their state before the incident
DETECTION TO REACTION
Notification of Key Personnel

• Notify the right people in the right order
• Send an alert message
• Notify other key personnel
Assignment of tasks
Documentation of the incident
• Who, what, when, where, why, and how of each

action taken
• Determine if the right actions were taken and if
they were effective
• Can also prove the organization did everything
possible to deter the spread of the incident
Computer/Digital Forensics
Identifies, collects, examines, and preserves

data from computer systems, networks, and
storage devices
• Preserves the integrity of the data gathered so

that it is admissible as evidence in a court of law.
• Combines elements of law and computer science
The investigation may be opened in response to a

criminal investigation or civil litigation
Digital Forensics
Digital
Forensics
Forensics
Coherent The preservation,
application of identification,
methodical extraction,
investigatory documentation,
techniques to and interpretation
present evidence of of digital media for
crimes in a court or evidentiary and/or
court-like setting root cause analysis
DIGITAL FORENSICS
• Item of potential evidentiary value

EVIDENTIARY • Info that could legally support the
MATERIAL
organization’s case
AN ITEM DOES • Formally admitted

NOT BECOME • By a ruling official
EVIDENCE
UNTIL IT IS
• To investigate allegations of
PURPOSES digital malfeasance
• To perform root cause analysis
Digital forensics Methodology
Acquire or seize Take steps to ensure

Identify the evidence that the evidence is at
relevant items without every step verifiably
of evidentiary alteration or authentic and is
value damage unchanged from the
time it was seized
Analyze the data Report the

without risking findings to the
modification or proper ruling
unauthorized authority
access
SUMMARY
Securing the organization has become more difficult as the sheer amount of technology has
increased and there has been more reliance on cloud computing and virtualization.
Common computer exploits include viruses and worms, Trojan Horses, DDOS, spam
and phishing
IT must lead the effort to implement security policies and procedures
Must implement a multilayer process for managing security vulnerabilities, including

assessment of threats and user education
Computer forensics is key to fighting computer crime in a court of law.

Computer and Internet Crime

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Computer and Internet Crime

Uploaded by

Copyright:

Available Formats

CHAPTER 3

•Why are computer incidents so prevalent, and what are their

Handling difficulties caused

Actions to be taken if a firm

Number of entry Cloud Computing: Virtualization Software:

VIRUS WORM TROJAN HORSE DDOS OR DOS

• Disguised as • Stays in computer • Hidden malicious • Floods site with

PHISHING SMISHING VISHING

Fraudulently Uses voice

IDENTITY THEFT CYBERESPIONAGE

SMART CARDS ZIP CODE

• A strong security system

• Assesses possible threats to the

• Identifies actions that address

• Educates end users about the

POLICIES​ AND PROCEDURES IMPLEMENTED TO PREVENT

• Help prevent security breaches

NEED A CLEAR REACTION PLAN THAT ADDRESSES

• Notification and evidence protection

Goal Asset Loss event

Identify best Hardware,

Good security policy describes the

Automated system rules should mirror

Companies including special security

Password Prohibiting others

• Guards between an Organization’s internal network

• Software and/or hardware that monitors system

• Scan for viruses & virus signatures; should be regularly

Safeguards against attacks by malicious insiders involve implementing a

•Security policy: A policy that defines an organization’s security requirements,

Planning for Need Proper

• Detection – Recognition that an incident is

• Reaction – Responding to the incident in a

• Recovery – Returning all systems and data to

Notification of Key Personnel

• Who, what, when, where, why, and how of each

Identifies, collects, examines, and preserves

• Preserves the integrity of the data gathered so

The investigation may be opened in response to a

• Item of potential evidentiary value

AN ITEM DOES • Formally admitted

Acquire or seize Take steps to ensure

Analyze the data Report the

IT must lead the effort to implement security policies and procedures

Must implement a multilayer process for managing security vulnerabilities, including

Computer forensics is key to fighting computer crime in a court of law.

You might also like

POLICIES AND PROCEDURES IMPLEMENTED TO PREVENT