IT1720

COMPUTER AND INTERNET CRIMES make up the top three (3) most valuable information that
organizations would like to protect as shown in Table 1.
• Confidential business data and private customer and employee • In the same conducted survey, Table 2 shows that the most
information must be safeguarded, and systems must be protected successful cybercrimes contain phishing and malware as starting
against malicious acts of theft or disruption. points. Attacks focused on disruption and stealing money rank
• Although the necessity of security is obvious, it must often be third and fourth.
balanced against other business needs and issues. • Computer crime is a crime that is executed using computers or
• Business managers, IT professionals, and IT users all face networks of computers. It is done to damage people’s or
several ethical decisions regarding IT security. organizations’ reputation. Some of the ways computer crimes
p pose threats are as follows:
Rank Valuable Information − Threat to an individual
1 Customer information (17%) − Threat to an organization
2 Financial information (12%) − Threat to groups
3 Strategic plans (12%)
− Threat to a nation
4 Board member information (11%)
5 Customer password (11%)
6 Research and development (R&D) information (9%)
Why Computer Incidents are Prevalent
7 Mergers and acquisition (M & A) information (8%) • Increasing Complexity Increases Vulnerability
8 Intellectual property (6%) - The number of possible entry points to a network expands
9 Non-patented (5%) continually as more devices are added, increasing the
10 Supplier information (5%) possibility of security breaches.
Table 1. Top 10 most valuable information to criminals (2018–2019 Global survey) • Higher Computer User Expectations
Source: https://www.ey.com/Publication/vwLUAssets/ey-global-information-security-survey- - Time means money. The earlier the active computer
2018-19/$FILE/ey-global-information-security-survey-2018-19.pdf
users can resolve a problem, the more productive they
can be. As a result, computer support desks are under
Rank Cyber threats extreme pressure to counter very instantly to user’s
1 Phishing (22%) questions.
2 Malware (20%) • Technological Advancement Introduce New Risks
3 Cyberattacks (to disrupt) (13%) - With expanded business needs, globalization,
4 Cyberattacks (to steal money) (12%)
collaborative working, and new technological
5 Fraud (10%)
breakthroughs today, information is being shared on
6 Cyberattacks (to steal IP) (8%)
7 Spam (6%) networks with millions of other computers.
8 Internal attacks (5%) • Increase Reliance on Commercial Software with Known
9 Natural disaster (2%) Vulnerabilities
10 Espionage (2%) - Many companies are increasingly relying on commercial
Table 2. Top 10 biggest cyber threats to organizations software with known vulnerabilities. Even when
Source: https://www.ey.com/Publication/vwLUAssets/ey-global-information-security-survey- vulnerabilities are exposed, many corporate IT
2018-19/$FILE/ey-global-information-security-survey-2018-19.pdf organizations prefer to use already installed software “as
• According to EY Global Information Security Survey 2018–2019, is” rather than implement security fixes that will either
customer information, financial information, and strategic plans make the software harder to use or eliminate “nice-to-

06 Handout 1 *Property of STI

 [email protected]

Page 1 of 6

have” features suggested by current users or potential
customers, which will help sell the software.
• Bringing your own device (BYOD) policy
- Employees access company data by using their devices
such as mobiles, tablets, and personal laptops to have all-
time availability and connection with the work, which
generates a security threat.
• Delay in software updates
- Most organizations do not understand the upcoming risks
and delay software updates for multiple reasons such as
time shortage, extra cost involved, or just negligence,
making the organization’s computer vulnerable to attack.
Types of Exploits
In computing, an exploit is an attack on an information system that
takes advantage of a particular system vulnerability due to poor
system design or implementation.
Types of Computer Attacks
1. Viruses
- A virus is a piece of programming code, usually
disguised as something else, that causes a computer
to behave unexpectedly and often undesirably.
- It is spread to other machines when a computer user
opens an infected file or visits infected Web sites.
2. Worms
- A worm is a harmful program that resides in the active
memory of the computer and duplicates itself without
human intervention.
- The negative impact of a worm attack on an
organization’s computer can be considerable – lost
data and programs, lost productivity due to workers
being unable to use their computers, additional lost
productivity as workers attempt to recover data
programs, and lots of effort for IT workers to clean up
the mess and restore everything to as close to normal
as possible.
3. Trojan Horses
- A Trojan horse is a program in which malicious code
is hidden inside a seemingly harmless program.
06 Handout 1

[email protected]
IT1720
- The program’s harmful payload can enable the
hacker to destroy hard drives, corrupt files, control the
computer remotely, launch attacks against other
computers, steal passwords or social security
numbers, and spy on users by recording keystrokes
and transmitting them to a server operated by a third
party.
4. Botnets
- A botnet is a large group of computers controlled from
one or more remote locations by hackers, without the
knowledge or consent of their owners.
- This is frequently used to distribute spam and
malicious code.
5. Distributed Denial-of-Service (DDoS) Attacks
- A DDoS happens when a malicious hacker takes over
computers on the Internet and cause them to flood a
target site with demand for data and other small tasks.
- A DDoS attack does not involve infiltration of the
targeted system. Instead, it keeps the target so busy
responding to a stream of automated requests that
legitimate users cannot get in – the Internet
equivalent of dialing a telephone number repeatedly
so that all other callers hear a busy signal.
6. Rootkits
- A rootkit is a set of programs that enables its user to
gain administrator-level access to a computer without
the end user’s consent or knowledge.
- Attackers can use the rootkit to execute files, access
logs, monitor user activity, and change the
computer’s configuration.
7. Spam
- E-mail spam is the abuse of e-mail systems to send
unsolicited e-mail to large numbers of people.
- Most of the spam are a form of low-cost commercial
advertising, sometimes for questionable products
such as pornography, phony get-rich-quick schemes,
and worthless stock.
8. Phishing
- Phishing is the act of using e-mail fraudulently to try
to get the recipient to reveal personal data.
*Property of STI
Page 2 of 6

- In a phishing scam, a fraud person sends legitimate-
looking e-mails, urging the recipient to take action to
avoid negative consequences or to receive a reward.
- Spear-phishing is a variation of phishing in which the
phisher sends fraudulent e-mails to a certain
organization’s employees.
Types of Perpetrators
A perpetrator is a person who carries out a harmful, illegal, or immoral
act.
Types of Perpetrator Typical Motives
Hacker Test limits of the system and/or gain publicity
Cracker Cause problems, steal data, and corrupt systems
Malicious insider Gain financially and/or disrupt a company’s
information systems and business operations
Industrial spy Capture trade secrets and gain competitive
advantage
Cybercriminal Gain financially
Hacktivist Promote political ideology
Cyberterrorist Destroy infrastructure components of financial
institutions, utilities, and emergency response
units
Table 3. Classification of perpetrators of computer crime
• Hackers
- They test the limitations of information systems out of
intellectual curiosity to see whether they can gain
access and how far they can go.
- They have at least a basic understanding of
information systems and security features, and much
of their motivations come from a desire to learn even
more.
• Crackers
- They break into other people’s networks and systems
to cause harm such as defacing Web pages, crashing
computers, spreading harmful programs or hateful
messages, and writing scripts and automated
programs that let other people do the same things.
06 Handout 1

[email protected]
IT1720
• Malicious Insiders
- They are extremely difficult to detect or stop because
they are often authorized to access the very systems
they abuse.
- They know individual systems, which often include
the procedures, to gain access to login IDs and
passwords.
• Industrial Spies
- They use illegal means to obtain trade secrets from
competitors of their sponsor.
- Trade secrets are most often stolen by insiders, such
as disgruntled employees and ex-employees.
- Competitive intelligence uses legal techniques to
gather information that is available to the public.
Participants gather and analyze information from
financial reports, trade journals, public filings, and
printed interviews with company officials.
- Industrial espionage can involve the theft of new
product designs, production data, marketing
information, or new software source code.
• Cybercriminals
- Cybercriminals are motivated by potential crime for
monetary gain. They hack into corporate computers
to steal – often by transferring money from one
account to another – leaving a hopelessly
complicated trail for law enforcers to follow.
- They are engaged in all forms of computer fraud:
stealing and reselling credit card numbers, personal
identities, and cellphone IDs.
• Hacktivists and Cyberterrorists
- Hacktivism is a combination of the words “hacking”
and “activism.” This is done to achieve political or
social goal.
- A cyberterrorist launches a computer-based attack
against other computers or networks in an attempt to
*Property of STI
Page 3 of 6

intimidate or coerce a government in order to
advance certain political or social objectives.
- Cyberterrorists seek to cause harm rather than gather
information, and they use techniques that destroy or
disrupt services. Extremely dangerous, they consider
themselves to be at war, have a very high acceptance
of risk, and seek maximum impact.
Implementing Trustworthy Computing
• Trustworthy computing is a method of computing that
delivers secure, private, and reliable computing experiences
based on sound business practices.
• The security of any system or network is a combination of
technology, policy, and people. It requires a wide range of
activities to be effective.
• A strong security program begins by assessing threats to the
organization’s computers and network, identifying actions that
address the most serious vulnerabilities, and educating end
users about the risk involved and the actions they must take
to prevent a security incident.
• Microsoft has pledged to deliver on a trustworthy computing
initiative designs to improve trust in its software products, as
summarized in Figure 1 and Table 3.
Activities for Implementing Trustworthy Computing
Risk Assessment
Figure 1. Microsoft’s Four Pillars of Trustworthy Computing
06 Handout 1

[email protected]
IT1720
Pillar Actions taken by Microsoft to support trustworthy
computing
Security - Invest in the expertise and technology required to create a
trustworthy environment.
- Work with law enforcement agencies, industry experts,
academe, and private sectors to create and enforce secure
computing.
- Develop trust by educating consumers on secure
computing.
Privacy - Make privacy a priority in the design, development, and
testing of products.
- Contribute to standards and policies created by industries,
organizations, and government.
- Provide users with a sense of control over their personal
information.
Reliability Build a system so that:
- they continue to provide service in the face of internal or
external disruptions
- in the event of a disruption, they can be easily restored to
a previously known state with no data loss
- they provide accurate and timely service whenever needed
- required changes and upgrades do not disrupt them
- on release, they contain minimal software bugs
- they work as expected or promised.
Business Be responsive – take responsibility for problems and take
Integrity action to correct them.
Be transparent – be open in dealings with customers, keep
motives clear, keep promises, and make sure customers know
where they stand in dealing with the company.
Table 4. Actions taken by Microsoft to support trustworthy computing
• This is the process of assessing security-related risks to an
organization’s computers and networks from both internal and
external threats.
• Its goal is to identify which investments of time and resources
will best protect the organization from its most likely and
serious threats.
• In the context of IT risk assessment, an asset isany hardware,
software, information system, network, or database that is
*Property of STI
Page 4 of 6
 IT1720

used by the organization to achieve its business obejctives.

Figure 2 illustrates a general security risk assessment
process.
Step 1. Identify the set of IT assets about which the organization is
most concerned. Priority is typically given to assets that
support the organization’s mission and the meetings of its
primary goals.
Step 2. Identify the loss events or the risks/threats that could occur,
such as a DDoS attack or insider fraud.
Step 3. Assess the frequency of events or the likelihood of each
potential threat; some threats, such as insider fraud, are more
likely to occur than others.
Step 4. Determine the impact of each threat occurring.
Step 5. Determine how each threat can be mitigated so that it
becomes much less likely to occur or, if it does occur, has less
of an impact on the organization.
Step 6. Assess the feasibility of implementing the mitigation options.
Step 7. Perform a cost-benefit analysis to ensure that one’s efforts will
be cost-effective.
Figure 2. General Security Risk Assessment
Step 8. Decide whether or not to implement a particular counter-
measure. Educating Employees, Contractors, and Part-Time Workers
• They must be educated about the importance of security so
Establishing a Security Policy that they will be motivated to understand and follow the
• A security policy defines an organization’s security security policies.
requirements, as well as the controls and sanctions needed
• Users must understand that they are a key part of the security
to meet requirements.
system and that they have certain responsibilities like:
• Organizations should have written policies on the following: - Guarding their passwords to protect against
- The use of automated system (password guidelines) unauthorized access to their accounts
- The use of e-mail attachments - Prohibiting others from using their passwords
- The use of wireless devices to access corporate e- - Applying strict access controls (file and directory
mail, store confidential data, and run critical permissions) to protect data from disclosure or
applications. destruction
- Reporting all unusual activity to the organization’s IT
security group.
Prevention
• Implementing layered-security solution will give difficulty to an
attacker to break-in into a computer until giving-up eventually.
• These are the layers of protective measures:

06 Handout 1 *Property of STI

 [email protected]

Page 5 of 6

- Installing a corporate firewall – A firewall stands as
guard between an organization’s internal network and
the Internet. It also limits network access based on
the organization’s access policy.
- Intrusion prevention systems (IPSs) – These work to
prevent an attack by blocking viruses, malformed
packets, and other threats from getting into the
protected network.
- Installing Antivirus Software on Personal Computers
– Antivirus software scans for a specific sequence of
bytes, known as a virus signature, that indicates the
presence of specific viruses. If it finds a virus, the
antivirus software informs the user, and it may clean,
delete, or quarantine any files, directories, or disks
affected by the malicious codes.
- Implementing safeguards against attacks by
malicious insiders – Organizations need to define
employee roles carefully and separate key
responsibilities properly so that a single person is not
responsible for accomplishing a task that has high
security.
- Addressing the most critical internet security threats
– The actions required to address these issues
include installing a known patch to the software and
keeping applications and operating systems up to
date. Those responsible for computer security must
make it a priority to prevent attacks using these
vulnerabilities.
- Conducting periodic IT security audits – Security
audit is a prevention tool that evaluates whether an
organization has a well-considered security policy in
place and if it is being followed (e.g., password policy,
system access, and level of authority).
Detection
• An intrusion detection system is a software and/or hardware
that monitors system and network resources and activities. It
also notifies network security personnel when it identifies
06 Handout 1

[email protected]
IT1720
possible intrusions from outside the organization or misuse
from within the organization.
Response
• A response plan should be developed well in advance of any
incident and be approved by both the organization’s legal
department and senior management.
• Sample response plan:
- Incident notification – It defines who to notify and who
not to notify
- Protection of evidence and activity logs – It
documents all details of a security incident as it works
to resolve the incident
- Incident containment – It acts quickly to contain an
attack and to keep a bad situation from becoming
even worse
- Eradication – Before the IT security begins the
eradication effort, it must collect and log all possible
criminal evidence from the system. Then it must verify
that all necessary backups are current, complete, and
free of any virus.
- Incident follow-up – An essential part of follow-up is
to determine how the organization’s security was
compromised so that it does not happen again.
REFERENCES:
Bott, F. (2005). Professional issues in information technology. UK: British
Computer Society, Ltd.
Kessel, P. (2019). Is cybersecurity about more than protection? EY Global
Information Security Survey 2018-19. Retrieved from
https://www.ey.com/Publication/vwLUAssets/ey-global-information-
security-survey-2018-19/$FILE/ey-global-information-security-survey-
2018-19.pdf
Quinn, M. (2014). Ethics for information Age (6th Ed.). USA: Pearson.
Reynolds, G. (2010). Ethics in information technology (3rd Ed.). Boston, USA:
Cengage Learning.
*Property of STI
Page 6 of 6