Kế toán doanh nghiệp - Chapter 11: Computer crime and information technology security

Chapter 11Computer Crime and Information Technology SecurityOutlineLearning objectivesCarter’s taxonomyRisks and threatsIT controlsCOBITLearning objectivesExplain Carter’s taxonomy of computer crime.Identify and describe business risks and threats to information systems.Discuss ways to prevent and detect computer crime.Explain the main components of the CoBIT framework and their implications for IT security.Carter’s taxonomyTargetTargets system or its dataExample: DOS attackInstrumentalityUses computer to further criminal endExample: PhishingFour-part system for classifying computer crimeA specific crime may fit more than one classificationThe taxonomy provides a useful framework for discussing computer crime in all types of organizations.Carter’s taxonomyIncidentalComputer not required, but related to crimeExample: ExtortionAssociatedNew versions of old crimesExample: Cash larcenyFour-part system for classifying computer crimeA specific crime may fit more than one classificationThe taxonomy provides a useful framework for discussing computer crime in all types of organizations.Risks and threatsFraudService interruption and delaysDisclosure of confidential informationIntrusionsMalicious softwareDenial-of-service attacksPlease consult the chapter for the full list.IT controlsConfidentialityData integrityAvailabilityC-I-A triadIT controlsPhysical controlsGuards, locks, fire suppression systemsTechnical controlsBiometric access controls, malware protectionAdministrative controlsPassword rotation policy, password rules, overall IT security strategyCOBITTwo main partsPrinciplesFive ideas that form the foundation of strong IT governance and managementEnablersSeven tools that match the capabilities of IT tools with users’ needsControl Objectives for Information and Related TechnologyInformation Systems Audit and Control Association (ISACA)Framework for IT governance and managementCOBITCOBIT