Information Technology Reference
In-Depth Information
Crime Prevention by Corporations
Companies are also taking crime-fighting efforts seriously. Many businesses have designed
procedures and specialized hardware and software to protect their corporate data and
systems. Specialized hardware and software, such as encryption devices, can be used to
encode data and information to help prevent unauthorized use. As discussed in Chapter 7,
encryption is the process of converting an original electronic message into a form that can
be understood only by the intended recipients. A key is a variable value that is applied using
an algorithm to a string or block of unencrypted text to produce encrypted text or to decrypt
encrypted text. Encryption methods rely on the limitations of computing power for their
effectiveness—if breaking a code requires too much computing power, even the most deter-
mined code crackers will not be successful. The length of the key used to encode and decode
messages determines the strength of the encryption algorithm.
As employees move from one position to another at a company, they can build up access
to multiple systems if inadequate security procedures fail to revoke access privileges. It is
clearly not appropriate for people who have changed positions and responsibilities to still
have access to systems they no longer use. To avoid this problem, many organizations create
role-based system access lists so that only people filling a particular role (e.g., invoice approver)
can access a specific system.
Fingerprint authentication devices provide security in the PC environment by using
fingerprint recognition instead of passwords. Laptop computers from Lenovo, Toshiba, and
others have built-in fingerprint readers used to log on and gain access to the computer system
and its data. The JetFlash 210 Fingerprint USB Flash Drive requires users to swipe their
fingerprints and match them to one of up to 10 trusted users to access the data. The data on
the flash drive can also be encrypted for further protection.
61
Fingerprint authentication devices
provide security in the PC
environment by using fingerprint
recognition instead of passwords.
(Source: Permission granted by Pay
By Touch.)
Crime-fighting procedures usually require additional controls on the information system.
Before designing and implementing controls, organizations must consider the types of
computer-related crime that might occur, the consequences of these crimes, and the cost and
complexity of needed controls. In most cases, organizations conclude that the trade-off
between crime and the additional cost and complexity weighs in favor of better system con-
trols. Having knowledge of some of the methods used to commit crime is also helpful in
preventing, detecting, and developing systems resistant to computer crime (see Table 14.1).
Some companies actually hire former criminals to thwart other criminals.
Although the number of potential computer crimes appears to be limitless, the actual
methods used to commit crime are limited. The following list provides a set of useful guide-
lines to protect your computer from criminal hackers.
•
Install strong user authentication and encryption capabilities on your firewall.
•
Install the latest security patches, which are often available at the vendor's Internet site.
•
Disable guest accounts and null user accounts that let intruders access the network
without a password.
