Computer Security: Principles and Practice: Fourth Edition, Global Edition By: William Stallings and Lawrie Brown
Computer Security: Principles and Practice: Fourth Edition, Global Edition By: William Stallings and Lawrie Brown
Computer Security: Principles and Practice: Fourth Edition, Global Edition By: William Stallings and Lawrie Brown
Computers as
Computers as storage
Computers as targets communications
devices
tools
Using the computer to Crimes that are
store stolen password committed online,
Involves an attack on lists, credit card or such as fraud,
data integrity, system calling card numbers, gambling, child
integrity, data proprietary corporate pornography, and the
confidentiality, privacy, information, illegal sale of
or availability pornographic image prescription drugs,
files, or pirated controlled substances,
commercial software alcohol, or guns
Law Enforcement
Challenges
• The deterrent effect of law enforcement on computer
and network attacks correlates with the success rate of
criminal arrest and prosecution
• Law enforcement agency difficulties:
• Lack of investigators knowledgeable and experienced in dealing with
this kind of crime
• Required technology may be beyond their budget
• The global nature of cybercrime
• Lack of collaboration and cooperation with remote law enforcement
agencies
• Convention on Cybercrime introduces a common
terminology for crimes and a framework for
harmonizing laws globally
Table 19.1
Cybercrimes
Cited
in the
Convention
on
Cybercrime
(page 1 of 2)
Table 19.1
Cybercrimes Cited in the Convention on
Cybercrime (page 2 of 2)
Table 19.2
CERT 2007
E-Crime
Watch
Survey
Results
Cybercriminals
Are difficult to profile
Range of behavioral
characteristics is wide
No cybercriminal
databases exist that can
point to likely suspects
Are influenced
by the success
of
cybercriminals Cybercrime
and the lack of
success of law
enforcement
Victims
Digital
license
Clearinghouse Consumer
Requiring license
and paying
Information flow
Money flow
——————————————————————————————
SERVICES
ntit
y tent hts
Ide ment Con ment Rig ent
e e em
nag nag nag
Ma Ma Ma
——————————————————————————————
FUNCTIONS
n/
y/
urit n ticatio ing/
ec
S ptio hen tion Bill nts iver
y
ry Aut horiza me Del
Enc Aut Pay
Onward
Security Enforcement
transfer
United States Privacy Initiatives
Privacy Act of 1974
Reversible pseudonymity
Pseudonymity Pseudonymity
Alias pseudonymity
Unlinkability Unlinkability
Unobservability
e,
of car
Pro er ng
fess e r ord ell-bei
h
ion Hig cietal w
alis so
m
ue
-uniq
Eac ion nd ds
hp rofess ards a andar ics
rofe P and st th
ssio st alism, de of e
n ion co
rofess ssion's
p ofe
r
in p
1
• Be a positive stimulus and instill confidence
2
• Be educational
3
• Provide a measure of support
4
• Be a means of deterrence and discipline
5
• Enhance the profession's public image
Comparison of Codes of Conduct
• All three codes place their emphasis on the responsibility of
professionals to other people
• Do not fully reflect the unique ethical problems related to the
development and use of computer and IT technology
• Common themes:
• Dignity and worth of other people
• Confidentiality of information
3) People who knowingly use a particular computing artifact are morally responsible for
that use.
4) People who knowingly design, develop, deploy, or use a computing artifact can do so
responsibly only when they make a reasonable effort to take into account the
sociotechnical systems in which the artifact is embedded.
5) People who design, develop, deploy, promote, or evaluate a computing artifact should
not explicitly or implicitly deceive users about the artifact or its foreseeable effects, or
about the sociotechnical systems in which the artifact is embedded.
Summary
• Cybercrime and • Privacy
computer crime • Privacy law and regulation
• Types of computer crime • Organizational response
• Law enforcement challenges • Computer usage privacy
• Working with law enforcement • Privacy, data surveillance, big
data, and social media
• Intellectual property
• Ethical issues
• Types of intellectual property
• Intellectual property relevant to
• Ethics and the IT professions
network and computer security • Ethical issues related to
computers and information
• Digital millennium copyright act
systems
• Digital rights management
• Codes of conduct
• The rules