Term
| Many computer crimes go unreported |
|
Definition
| Because it is difficult to estimate |
|
|
Term
|
Definition
-Crimes against the computer
-Crimes using a computer |
|
|
Term
|
Definition
| Hogging system resources to point of degraded service |
|
|
Term
|
Definition
| Unauthorized penetrations |
|
|
Term
|
Definition
| Interception of computer terminal images through use of Radio Frequency (RF) Signals. U.S. Government developed Tempest to defeat this by shielding RF. |
|
|
Term
|
Definition
| Using social skills to gain information |
|
|
Term
|
Definition
| Using computer to perpetuate crimes, i.e. auctions of non-existent merchandise |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Going through garbage to find paper trails |
|
|
Term
|
Definition
| Viruses and Trojan Horses |
|
|
Term
|
Definition
| Inserting false IP to disguise original location |
|
|
Term
|
Definition
| Pretending to be someone else |
|
|
Term
|
Definition
| Illegally acquiring funds |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Violates government laws for the protection of the people. Financial penalties and imprisonment |
|
|
Term
|
Definition
| Wrong inflicted upon an individual or organization results in damage or loss, no prison |
|
|
Term
|
Definition
| Standards of performance and conduct, financial penalties and imprisonment |
|
|
Term
|
Definition
| Provides owner legally enforceable right to exclude others for specified time (U.S. 17 years) |
|
|
Term
|
Definition
| Protects original works of authorship, can be used for software and databases |
|
|
Term
|
Definition
| Secures confidentiality of proprietary technical and business related information |
|
|
Term
|
Definition
| Establishes word, name, symbol, color or sounds used to identify and distinguish goods |
|
|
Term
| US Computer Fraud and Abuse Act |
|
Definition
| Addresses fraud using government omputers can be found at 18 U.S.C. § 1030 (1986) |
|
|
Term
| Title 18 of the 1992 Edition of the U.S.C. |
|
Definition
| Contains Crimes and Criminal Procedures. Many computer crimes are prosecuted under this title. |
|
|
Term
|
Definition
| Keystroke monitoring, e-mail monitoring, surveillance cameras, badges and magnetic card keys all allow monitoring of individuals. |
|
|
Term
|
Definition
-Inform users that all e-mail is being monitored by displaying log-on banner
-Banner should state: logging on to system consents user to being monitored. Unauthorized access is prohibited. Subject to prosecution.
-Ensure monitoring is uniformly applied
-Explain acceptable use
-Explain who can read e-mail and how long it is backed up
-No guarantee of privacy |
|
|
Term
|
Definition
| Occurs after individual has gained unlawful access to a system, then lured to an attractive area “honey pot” in order to provide time to identify the individual |
|
|
Term
|
Definition
| Encourages the commitment of a crime that the individual had no intention of committing |
|
|
Term
|
Definition
| Collecting information from and about computer systems that is admissible in a court of law. |
|
|
Term
| Chain of Command components |
|
Definition
-Location of evidence
-Time evidence obtained
-Identification of individual who discovered evidence
-Identification of individual who obtained evidence
-Identification of individual who controlled/maintained possession of evidence |
|
|
Term
|
Definition
-Discovery and recognition
-Protection
-Recording
-Collection
-Identification (tagging and marking)
-Preservation
-Transportation
-Presentation in court
-Return to evidence owner |
|
|
Term
|
Definition
| Must be related to the crime, shows crime has been committed |
|
|
Term
|
Definition
| Obtained in lawful manner |
|
|
Term
|
Definition
| Not been tampered or modified |
|
|
Term
|
Definition
| Identified without changing or damaging evidence |
|
|
Term
|
Definition
| Not subject to damage or destruction |
|
|
Term
|
Definition
| Original or primary evidence rather than a copy |
|
|
Term
|
Definition
| A copy of evidence, or description of contents |
|
|
Term
|
Definition
| Proves or disproves a specific act based on witness testimony using five senses |
|
|
Term
|
Definition
| Incontrovertible, overrides all evidence |
|
|
Term
|
Definition
| May offer opinion based on expertise and facts |
|
|
Term
|
Definition
| May testify only to the facts |
|
|
Term
|
Definition
| Inference on other information |
|
|
Term
|
Definition
| Not based on first hand knowledge, not admissible in court, often computer generated reports fall under this rule. |
|
|
Term
| Corporate investigation should include |
|
Definition
-Management
-Corporate security
-Human Resources
-Legal department
-other appropriate staff |
|
|
Term
|
Definition
|
|
Term
| 1991 US Federal Sentencing Guidelines |
|
Definition
-Unauthorized possession without the intent to profit is a crime
-Address both individuals and organizations
-Degree of punishment corresponds to level of due diligence
-Invoke “prudent man” rule due care of Senior Officials – Civil Law
-Place responsibility on Senior Management for prevention and detection programs up to $290 Million |
|
|
Term
|
Definition
| Means to prevent computer resources from being used as a source of attack on another organization |
|
|
Term
|
Definition
| Steps that are taken to show that a company has taken responsibility for the activities that take place within the corporation and have taken the necessary steps to help protect the company, its resources and employees. |
|
|
Term
|
Definition
| Continual activities that make sure the protection mechanisms are continually maintained and operational. |
|
|
Term
|
Definition
| To perform duties that prudent people would exercise in similar circumstances. |
|
|
Term
|
Definition
Certified professionals are morally and legally held to a higher standard.
Should be included in organizational computing policy |
|
|
Term
|
Definition
1.Conduct themselves with highest standards of ethical, moral and legal behavior
2.Not commit any unlawful or unethical act that may impact the reputation of the profession
3.Appropriately report unlawful behavior
4.Support efforts to promote prudent information security measures
5.Provide competent service to their employers and clients; avoid conflicts of interest
6.Execute responsibilities with highest standards
7.Not misuse information in which they come into contact with during their duties |
|
|
Term
| Computer Ethics Institute Top Ten |
|
Definition
1.Not use a computer to harm others
2.Interfere with other’s computer work
3.Snoop around other files
4.Use a computer to steal
5.Use a computer to bear false witness
6.Not copy or use proprietary software
7.Not use others computer without permission
8.Not appropriate others intellectual output
9.Think about social consequences of the programs you write
10.Ensure considerations and respect for others |
|
|
Term
| Internet Activities Board (IAB) Unacceptable actions |
|
Definition
-Seeks to gain unauthorized access to resources of the Internet
-Disrupts intended use of the internet
-Wastes resources
-Compromises privacy of others
-Involves negligence in conduct of Internet Experiments |
|
|
Term
|
Definition
| A device that simulates a tone that tricks the telephone company’s system into thinking the user is authorized for long distance service, which enables him to make the call. |
|
|
Term
|
Definition
| Simulates the sound of coins being dropped into a payphone |
|
|
Term
|
Definition
| Manipulates the line voltage to receive a toll-free call. |
|
|
Term
| 1996 National Information Infrastructure Protection Act |
|
Definition
| Amended the computer fraud and abuse act patterned after the OECD. |
|
|
Term
| GAASSP – Generally Accepted Systems Security Principles |
|
Definition
-Computer security supports the business mission
-Computer security is integral to sound management
-Computer security should be cost effective
-System Owners have responsibility outside of their organization
-Computer security requires a comprehensive integrated approach
-Computer security should be periodically reassessed
-Computer security is constrained by societal factors |
|
|
Term
| n 1996 U.S. Kennedy-Kassenbaum Health Insurance portability and Accountability Act. |
|
Definition
|
|
Term
| n 1996 – US Economic and Protection of Proprietary Information Act |
|
Definition
| Industrial and corporate espionage |
|
|
Term
| 1995 Council Directive Law on Data Protection for the European Union |
|
Definition
| Declares EU is similar to OECD |
|
|
Term
| 1994 - Computer Abuse Amendments Act |
|
Definition
-Changed federal interest computer to a computer used in interstate commerce or communications
-Covers viruses and worms
-Includes intentional damage as well as reckless disregard
-Limited imprisonment for unintentional damage to one year
-Provides civil action for compensatory damages |
|
|
Term
| 1992 OECD – Guidelines to serve as Total Security Framework |
|
Definition
| Laws, policies, procedures, training |
|
|
Term
| 1991 US Federal Sentencing Guidelines |
|
Definition
-Unauthorized possession without the intent to profit is a crime
-Address both individuals and organizations
-Degree of punishment corresponds to level of due diligence
-Invoke “prudent man” rule due care of Senior Officials – Civil Law
-Place responsibility on Senior Management for prevention and detection programs up to $290 Million - Civil Law |
|
|
Term
| 1990 United Kingdom Misuse Act |
|
Definition
| defines computer related crimes |
|
|
Term
| 1987 – Computer Security Act |
|
Definition
Requires federal government to:
-Provide security-related training
-Identify sensitive systems
-Develop security plan for sensitive systems
-Developed Sensitive But Unclassified (SBU) designation
-Split responsibility between National Institute of Standards and Technology (NIST) and National Security Agency (NSA)
*NIST – commercial and SBU
*NSA – cryptography and classified government and military applications |
|
|
Term
| 1986 Electronic Communications Privacy Act |
|
Definition
|
|
Term
| 1986 (Amended 1996) – US Computer Fraud and Abuse Act |
|
Definition
Clarified 1984 law, Added three laws:
-use of federal interest computer to further intended fraud
-altering or destroying information on federal interest computer that causes $1,000 in loss or medical treatment
-Trafficking in computer passwords if it affects commerce or allows access to government computers |
|
|
Term
| 1984 – US Medical Computer Crime Act |
|
Definition
| Illegal alteration of computerized medical records |
|
|
Term
| 1980 Organization for Economic Cooperation and Development (OECD) |
|
Definition
| Data collection limitations |
|
|
Term
|
Definition
| Applies to federal agencies |
|
|
Term
| 1973 – US Code of Fair Information Practices |
|
Definition
|
|
Term
| 1970 - US Racketeer Influenced and Corrupt Organization Ace |
|
Definition
| Racketeers influencing business |
|
|
Term
| 1970 – US Fair Credit Reporting Act |
|
Definition
| Consumer reporting agencies |
|
|
