Information Technology Reference
In-Depth Information
SUMMARY
Principle
Policies and procedures must be established to avoid
waste and mistakes associated with computer usage.
criminal hacker, also called a cracker, is a computer-savvy
person who attempts to gain unauthorized or illegal access
to computer systems to steal passwords, corrupt files and
programs, and even transfer money. Script bunnies are
crackers with little technical savvy. Insiders are employees,
disgruntled or otherwise, working solo or in concert with out-
siders to compromise corporate systems. The greatest fear
of many organizations is the potential harm that can be done
by insiders who know system logon IDs, passwords, and com-
pany procedures.
Computer crimes target computer systems and include
illegal access to computer systems by criminal hackers,
alteration and destruction of data and programs by viruses
(system, application, and document), and simple theft of com-
puter resources. A virus is a program that attaches itself to
other programs. A worm functions as an independent pro-
gram, replicating its own program files until it destroys other
systems and programs or interrupts the operation of com-
puter systems and networks. Malware is a general term for
software that is harmful or destructive. A Trojan horse pro-
gram is a malicious program that disguises itself as a useful
application and purposefully does something the user does
not expect. A logic bomb is designed to “explode” or execute
at a specified time and date. A variant is a modified version of
a virus that is produced by the virus's author or another per-
son by amending the original virus code. A password sniffer
is a small program hidden in a network or computer system
that records identification numbers and passwords. Spyware
is software installed on a personal computer to intercept or
take partial control over the user's interactions with the com-
puter without knowledge or permission of the user.
Identity theft is a crime in which an imposter steals per-
sonal identification information to obtain credit, merchandise,
or services in the name of the victim. Although Internet gam-
bling is popular, its legality is questionable within the United
States.
Because of increased computer use, greater emphasis is
placed on the prevention and detection of computer crime.
Antivirus software is used to detect the presence of viruses,
worms, and logic bombs. Use of an intrusion detection system
(IDS) provides another layer of protection in the event that an
intruder gets past the outer security layers—passwords,
security procedures, and corporate firewall. It monitors sys-
tem and network resources and notifies network security
personnel when it senses a possible intrusion. Many small
and mid-sized organizations are outsourcing their network
security operations to managed security service providers
(MSSPs), which monitor, manage, and maintain network
security hardware and software.
Software piracy might represent the most common com-
puter crime. It is estimated that the software industry loses
nearly $48 billion in revenue each year to software piracy.
Computer scams have cost people and companies thousands
of dollars. Computer crime is also an international issue.
Computer waste is the inappropriate use of computer tech-
nology and resources in both the public and private sectors.
Computer mistakes relate to errors, failures, and other prob-
lems that result in output that is incorrect and without value.
Waste and mistakes occur in government agencies as well as
corporations. At the corporate level, computer waste and
mistakes impose unnecessarily high costs for an information
system and drag down profits. Waste often results from poor
integration of IS components, leading to duplication of efforts
and overcapacity. Inefficient procedures also waste IS
resources, as do thoughtless disposal of useful resources and
misuse of computer time for games and personal processing
jobs. Inappropriate processing instructions, inaccurate data
entry, mishandling of IS output, and poor systems design all
cause computer mistakes.
A less dramatic, yet still relevant, example of waste is the
amount of company time and money employees can waste
playing computer games, sending unimportant e-mail, or
accessing the Internet. Junk e-mail, also called spam, and
junk faxes also cause waste.
Preventing waste and mistakes involves establishing,
implementing, monitoring, and reviewing effective policies
and procedures. Careful programming practices, thorough
testing, flexible network interconnections, and rigorous
backup procedures can help an information system prevent
and recover from many kinds of mistakes. Companies should
develop manuals and training programs to avoid waste and
mistakes. Company policies should specify criteria for new
resource purchases and user-developed processing tools to
help guard against waste and mistakes. Spam filters that
block unwanted mail should be installed.
Principle
Computer crime is a serious and rapidly growing area
of concern requiring management attention.
Some crimes use computers as tools (e.g., to manipulate
records, counterfeit money and documents, commit fraud via
telecommunications links, and make unauthorized electronic
transfers of money). Identity theft is a crime in which an
imposter obtains key pieces of personal identification infor-
mation to impersonate someone else. The information is then
used to obtain credit, merchandise, and services in the name
of the victim, or to provide the thief with false credentials.
A cyberterrorist is someone who intimidates or coerces a
government or organization to advance his political or social
objectives by launching computer-based attacks against
computers, networks, and the information stored on them. A
