chapter 3 ethics: computer and internet crime
Post on 22-Jan-2018
49 Views
Preview:
Transcript
A risk assessment is the process of assessing security –
related risks to an organization’s computer
and networks from both internal and external threats
The goals of risk assessment is to identify which investments of time and resources will best protect the organization from its most likely and seriousthreats.
1. Identify the set of IT assets about which the organization is most concerned.
2. Identify the loss events or the risk or threats that could occur ,such as a distributed denial-of –services attack or insider fraud
3. Asses the frequency of events or the likelihood of each potential threat; some threats, such as insider fraud ,are more likely to occurto others
4. Determine the each impact of each threat occurring . 5. Determine the each threat can be mitigated so that it becomes much
less likely to occur or, if it does occur ,has less of an impact on the organization.
6. Assess the feasibility of implementing the mitigation option.7. Perform a cost benefit analysis to ensure that your efforts will be cost
effective .8. Make the decision on whether or not to implement a particular counter-
measure.
To obtain useful and more accurate analysis results, a complete inventory list and security requirements for a system shall be made available as inputs to the identification and analysis activities.
Due to the high demand of expert knowledge and experiences in analysing the collected information and justifying security measures, a security risk assessment should be performed by qualified security expert(s).
DEFINATION:A security policy defines an organization security requirements ,as well as the controls and
sections needed to meet those requirements.
• A good security policy delineats responseibilities and the Behaviour of the members of the organization• NIST 800 series of documentation
which provides a useful defination ,policies,standards, and guidelines related to computer security .
• Automated system policies can often be put into practice using the configuration in a softwareprogramme
• The use of e-mail attachments is a critical security issue that should be addressed in a organization’ssecurity policy.
• Another growing area of concern is the use of wire less devices to access corporate e-mail ,store confidential data, and run critical applications ,such as inventory management and sales force automation
AVirtual private network:
A virtual private network works by using the internet to relay communication ; it maintains privacy through security procedures and tunneling protocols ,which encrypt data at the sending end and decrypt data at the receiving end
EDUCATING EMPLOYEES ,CONTRACTORS AND PART TIME WORKERS
• Guarding their passwords to protect against
unathorized access to accounts
• Prohobiting others from using their systems
• Applying strict access controles to protect data
from disclouser and distruction
• Reporting all unusual activities to the organization’s it security
group
FOLLOWING ARE THE METHOD WHICH ARE USED FOR SECURITY PURPOSE
1) FIREWALL
2) INTRUSION PREVENTION SYSTEMS (IPS s)
3) ANTIVIRUS
o NORTONE ANTIWIRUS
o PERSONAL FOREWALL FROM McAfee
Firewall standard guard between an organization internal network and the internet and its limit network access based on the organization access policy.
Installing a firewall can lead to an other serious security issue_copmlancency .
work to prevent an attack by blocking virus mal-form
packets ,and other threats
from getting into the protected network.
a firewall and a network IPS are complementry
ANTI VIRUS SOFTWARESHOULD BE INSTALL ON EACH USERS ,PERSONAL USER TO SCAN A COMPUTER .
ANTIVIRUS SOFTWARE CAN SCAN FOR A SPECIFIC SEQUENCE OF BYTES KNOWN AS A VIRUS SIGNATURE
Even when preventive measure are implemented ,no organization is completely secure from a determined attack
INTRUSION DETECTION SYSTEM It is a software and/or
hardware that monitors systems and network resources and activities, and notifies network security personnel when it identify possible intrusion from out side the organization or misuse from with in the organization
1) Incident Notification
2) Protection Of Evidence And Activity Logs
3) Incident containment
4) Eradication
5) Incident follow-up
The key element of any response plan is to define who to
notify who not to notify.
Most security experts recommends against giving out
specific information about a compromise in public forms
,such as a news paper report, conferences ,professional
meetings and online discussion groups.
And organization should document all detail of security
incident as it works to resolve the incident .
Documentation capture value able evidence for a future
prosecution and provide data to help during the incident
eradication and follow up phases .
It is especially important to capture all system events
,specific action ( what, when ,who)and all external
conversation in a log book.
Often it is necessary to act quickly to contain an attack to keep a bad situation from becoming even worse.
How such decision are made ,how fast they are made ,who makes them are all element of an effective response plan.
Before the IT security groups begin the eradication effort ,it must collect and log all possible criminal evidence from the system and then verify that all necessary backups are current ,complete ,and free of any virus
A reviwe should be conducted after an incident to determined exactly what happen and to evaluate how the organization responded.
However it is important to look deeper then immediate fix to discover why the incident occur.
top related