Computer crime, Identity theft, Internal threat and Software vulnerability

Computer Crime

According to the definition, it includes "Any criminal offense including the use of computer technology for the victim's protection or inquiry." The size of the computer crime problem (how many compromised systems are there? How many people are involved, or how much overall harm is done?

A skilled and knowledgeable computer user commits an act of computer crime. An individual who steals or browses confidential data or information from a company or an individual is known as a hacker. This person or group of persons (individuals) may act intentionally in some cases and damage or corrupt the computer or data files.

Examples of Computer Crimes

The rapid advancement of information technology has led to a daily occurrence of numerous types of computer crimes. Here's a quick breakdown of a couple of them:

• Child Pornography
  • Making child pornography against the law. They are selling illegally.
• Cyber Terrorism
  • The hacking of private data. threats and blackmail directed at any company or individual.
• Cyberbully or Cyberstalking
  • Harassing an unidentified person online.
• Creating Malware
  • Writing, producing, and disseminating malware, such as spyware and viruses
• Denial of Service Attack (DOS)
  • Putting so many queries on a system. Thus, it is unable to fulfill typical requests.
• Espionage
  • Spying on a person or a business

Computer as a ‘Target’ of Crime

• Breaching the security of secret digital data, unauthorized access to a computer system.
• Accessing a protected or unauthorized computer on purpose to commit fraud
• Intentionally breaking into a secured or unauthorized computer and causing harm.
• Disseminating a software, command, or program code with the intent to harm or lose data on an unlicensed (protected) machine.

Computer as ‘Instrument’ of Crime

• Stealing a trade secret
• Unauthorized duplication of software or intellectual material protected by copyright, such as publications, music, articles, and videos
• Utilizing email to annoy someone
• Intentionally attempting to intercept a conversation over the internet
• Accessing voicemail and other types of electronic communication that have been held illegally.
• Utilizing a computer to send or handle child pornography.

Wireless Security Challenges

• Essay on radio frequency band scanning
• Determine the access point using service set identifiers (SSIDs).

Identity Theft

Identity theft has increased in importance with the development of the internet and e-commerce. Theft of a vital piece of personal information, such as a credit card number, social security number, or diving license number, is known as identity theft. The data may be used to obtain credit goods or services in the victim's name or to provide the thief a false identity.

Phishing

• It is an approach that is employed for spoofing. It entails creating phony websites or sending e-mails that appear to be from legitimate companies in order to solicit sensitive personal information from users. There are two phishing methods, and they are as follows:
  • Evil-Twin
    • They are wireless networks that advertise reliable internet connections to other users in public areas. The criminals attempt to obtain credit card numbers or passwords using evil-twin in order to commit crimes on the network.
  • Pharming
    • Even when a user enters the correct website address into their browser, it redirects them to fake (false) web pages.

Click-Fraud

• It happens when people or computer programs repeatedly click on web advertisements without intending to learn more about the advertiser.

Internal Threat

It is described as an internal corporate security issue. Employees have access to confidential information, and even in the presence of internal security measures, they frequently have free reign to move around a system without being seen.

Intruders looking to gain access to systems may pose as legitimate employees in need of information in order to deceive staff into disclosing their passwords. Social engineering is the practice behind this.

Software Vulnerability

A software vulnerability is a security hole, weak spot, or malfunction that has been discovered in an operating system (OS) or a piece of software and raises security questions. A buffer overflow is an illustration of a software fault. When users open a file that may be "too heavy" for the application to read, the software may crash or become unresponsive in this manner.

Business Value of Security and Control

Despite the fact that revenue growth is closely tied to the investment in security and control. The company should invest in security and control. The operation of the firm depends so much on the protection of the information system. Businesses must safeguard their highly valuable information assets. Frequently, systems contain private data on a person's taxes, wealth, health, and evaluation of their work performance. The system may also include data on business operations, such as trade secrets, plans for developing new products, and marketing tactics. Control and security could expose you to significant legal liability. Businesses must safeguard all of their information assets, including those of their clients, staff members, and business partners.

• Computer system failures may result in significant or complete loss of corporate operations.
• Businesses are more exposed than ever:
• Both private individual information and financial information
• Tactics, new products, and trade secrets
• A security compromise might nearly immediately reduce a company's market value.
• Adequacy in security and controls also raise liability concerns.

Legal and Regulatory Requirements for Electronic Records Management and Privacy Protection

• HIPAA
  • Medical privacy and security policies and practices
• Gramm-Leach-Bliley Act
  • Requires financial organizations to protect the privacy and security of consumer information.
• Sar-Bares-Oxley Act
  • Imposes obligations on businesses and their management to protect the integrity and accuracy of financial information that is utilized both internally and externally.

Electronic Evidence

• White-collar crime evidence is frequently available online (Data on computers, e-mail , instant messages, e-commerce transaction)
• When responding to a court discovery request, proper data control can reduce response times and costs.

Computer Forensic

• Data from computer storage media is collected, examined, authenticated, presented, and analyzed scientifically in order to be used as evidence in court.
• Consists of recovering ambient and concealed data

Ambient Data

On computer storage media, electronic evidence is kept in a type of data called ambient data that is hidden from the normal user. This information can be found in virtual memory files, file slack, unallocated clusters, and other locations that aren't used by active flies. Take the deletion of a file from a computer's hard drive as an example.

Reference

Laudon, Laudon, "Management Information Systems Managing the Digital Firm", twelfth edition