Firion Cyber Security Policy and Implications
May 10, 2011
Contents
Security Policy Structure as it Relates to Humans 3
Cyber Crime & Cyber Warfare 4
Profile and Motivations of a Cyber Criminal 4
Attack Methods and Firion Vulnerabilities 5
Cyber Crime Trends 7
Laws and Regulations Driving Company Security Policies 8
Cooperation Frameworks 9
Liability and Taking Responsibility 9
Security Policies 9
Setting Backgrounds and Screen Savers Policy 11
Intellectual Property and Licensing Policy 11
Information Systems Expectable Use Policy 11
User Email Responsibilities 12
Information Systems Expectable Use Policy 13
Software License Policy 13
Data Transfer Policy 13
Reference Checks Policy 14
Least Privilege Policy 16
…show more content…
It would have been uncommon for teenagers to commit these types of crimes in the past, but their generation is growing up with computers and skills. Criminals range from teens, adults, to terrorist organizations, and can carry out crimes with the anonymity and the help of computers. Businesses are also putting vast amounts of critical information on computers and most of our financial transactions are conducted online.
The criminal no longer has the requirement to be in the geographic location in order to commit the crime. The profile of a cyber criminal can be a disgruntled employee, business rival, professional hacker, political activist, or even a family member of an employee. We at Firion also understand that anyone can be a victim, but the most vulnerable are the inexperienced, desperate, or greedy; so we do our best to identify any problems as soon as possible. Criminals can act alone or find help online to commit their crimes. Criminals often meet online with other criminals to share methods, and collaborate on future crimes.
Attack Methods and Firion Vulnerabilities Denial of service, spyware, hacking, virus dissemination, fraud, phishing, spoofing, and extortion are just some of the cyber crimes that we at Firion try to protect against (Ciampa, 2010). With all our efforts, Firion has discovered some vulnerabilities based on various employee actions that were
* Review the results of a qualitative Business Impact Analysis (BIA) for a mock organization
The main difficulties that the police agencies face during the online crime investigation include the multi jurisdictions, obtaining the warrant for search and seize, anonymity, significant amount of data, and consistently evolving technologies and techniques(Wall, 2012). Specifically in the online predators crime, the idea of obtaining a warrant is the most critical difficulty the police agencies have. Similarly to other actual physical criminal cases such as murder or assault, the key component in conducting the successful investigation is to identify and obtain the actual evidences that can prove the offense(Power, 2013). However in terms of the cyber crimes, most evidences are contained in the actual computer itself, which, it explains that the
Some of the most common cyber-crimes are cyberstalking, identity theft, spam and phishing among others. Cyber stalking has been classified as one of prevalent cybercrimes with many internet users falling victims of cyber bullying. Cyber stalkers meet their victims in different ways; mostly they normally have a relationship either in the real world or online world. Cyberstalking starts when this relationship ends. However, strangers who have collected information on the internet can also be cyber stalkers. The desire to control and even harm their victims is what motivates cyber stalkers. They may go to the measures of personifying their victims and post messages or controversial posts on the boards and chat rooms. In this real regard, cyberstalking is a real crime (Mansourabadi, 2014).
Cyber security policy is largely dominated by two separate but similar incidents, cyber terrorism and state sponsored events. A cyber terrorist attack may be defined as a computer based attack, the purpose of which is to cause enough destruction that it intimidates a government into compliance for political purposes (XX1). State sponsored attacks, by contrast, is the intentional use of cyberspace by governments to illegally obtain classified information from another state. Such information may be used for malicious purposes, such as assessing an enemy state's weaknesses (XX). As mentioned in Chapter 3, Canada's cyber security agencies have existed since the early days of the Cold War. However, the maintenance of Canada's
For example a clerk will only be able to access a limited amount of information, such as inventory at each store. The limitations will be different for an accountant or the mangers. All information will be protected with several different layers of security. The first layers will be simple hardware protection for access to the network; from there the security will increase with password protection and restrictions to users. (Merkow & Breithaupt 2006)
The Department of Justice report entitled "Investigations Involving the Internet and Computer Networks" (2007) states that the Internet may be used by criminals for various reasons including the trading or sharing of information, concealing or assuming another identity, identifying and gathering information on victims and communicating with co-conspirators. The Internet may also be used by criminals for the distribution of information or alternatively misinformation and for the coordination of meetings,
While others use computers for online gambling others use the cyberspace as an easy tool to seek for sex. Perpetrators use the technology to hide their identities, some participants are married, well-educated with a college degree, politicians, male, and white, seeking being sex stimulated. Pornography Cyber-stalkers use the cyber space for harassing, and threat people by sending emails, letters, and text messages to their victims causing fear. In some cases stalkers use this technology to find personal information of their victims, such as address, phone number, email. People may use Cyber-hate to send anonymously hate messages toward others. This method also is use to express discrimination against minority groups through the cyberspace. Every day more and more crimes are committed thought the internet. If someone being victimized of a cyber-crime on the internet, is encourage to reporter it to the local law enforcement agency, resulting in
For the healthcare industry it is important to have an Information Security Policy Framework within the organization to protect information that is accessed across the network by staff personnel and patients. In accordance with ISO/IEC 27799:2008, we begin to define the guidelines to support the interpretation and implementation of healthcare information protection. ISO/IEC 27799:2008 references the basic controls and guidelines of ISO/IEC27002:2005 will provide the minimum protection necessary to meet organizational needs. Healthcare organizations that
The internet has brought upon a new revolution of global interconnection where contacting someone on the other side of the world is just a click away, but with this international phenomenon comes an increased susceptibility with unfamiliar technology. Internet crime is compiled of all non-physical crime with the aid of a computer. Although broad in definition internet crimes are largely composed of acts such as cyber fraud, ‘phishing’ (username and password hacking), cyber stalking and hacking. Internet crime does not pose an overwhelming issue in society in terms of its
Just in the last decade, there has been a 29% increase in crimes committed against residents and a 22% increase for business losses due to online crimes (Meyer). Another large issue with technology is that they monitor an individualś every move, for example, a phone company, AT&T, was monitoring their customers phones to be able to “use your individual Web browsing information, like the search terms you enter and the Web pages you visit, to tailor ads and offers to your interests” (Silverman 282). Although the increase in such crimes can potentially cause many issues and obstacles for an individual, they do not physically harm anyone. Such crimes as internet fraud and any other crime that can be committed online, are all fixable and can be prevented. There are security systems that can help protect against frauds and prevent any more from occurring, which makes this issue much less crucial to stop. It is also possible to contact police and bankers to stop this from occurring and they can help you regain all of your losses. The government also has the NSA, the National Security Agency, to monitor all internet movements, which helps stop many of these issues. New technology has helped prevent an immense amount of street crimes, that without the internet, would have only continued to rise, while millions of people would have continued to be murdered.
Based on Dauphin County First Assistant District Attorney Fran Chardo, “We become a very electronic-oriented society.” (Marc Goodman). With this increase usage of electronic, we see a new set of criminals and crimes. With the cellular telephone, criminals use it, not only to communicate with one another, but also to target people and as a triggering device. For example, if the criminals are searching for someone they can text each other with the description of a person and then upon verification proceed with an order, possible death. With this same cellular telephone technology, law enforcement can use someone’s cellular telephone to track their movements or identify their location to help with investigations. The new set of crimes is cybercrimes. A cybercrime is any crime that involves the use of computer or the manipulation of digital data. Zackary J. Miller, section Chief of the FBI’s Cyber Criminal Division stated, “I think there is a growing cybercrime problem that we are continuing to chase a bit behind the curve… bank robbery and fraud are all facilitated by the internet.” (Bernice Young, 2011). There are five types of computer crimes: (1). internal computer crimes, such as viruses; (2). internet and telecommunication, which is hacking; (3). criminal enterprises, databases supporting drug distribution; (4). computer manipulation, embezzlement; and (5). hardware, software, and information theft. (Schmalleger,
The creation go of the Internet has helped spawn new forms of criminals and crimes, and has always helped make older criminal schemes easier to execute, identity theft, child pornography, copyright violations, hacking and you could go on and on. In a 2003 survey conducted by the CSI with the participation of the San Francisco Federal Bureau of Investigation’s Computer Intrusion Squad, of the 530 respondents made up of U.S. corporations, government agencies, financial institutions, medical institutions and universities, 56% reported unauthorized use of their computer systems (2003 CSI/FBI Computer Crime and Security Survey).
When you begin to examine how the internet and crime are related, you must first examine exactly what the internet is and how it works. The internet is a global system of computers and networks that are interconnected and service billions of users at any given time. This could be considered a cybercriminals’ playground. Because billions of computers are connected via a vast array of private and public networks including many government agencies, it is easy to see how a cybercriminal could obtain valuable information or unleash denial of service attacks that could cripple many of these systems.
The rapid growth of the internet has made it easier to commit traditional crimes by providing criminals an alternate method for launching attacks with relative anonymity. Effects of such technology has been great but , with the
The agencies employed by governments to police the web in order to protect the vulnerable have seen an increase in child pornography and online fraud. The speed at which information can be distributed and the number of people that can be reached attracts those that are intent on causing harm. The term “cybercrime” is becoming more widely used. The financial gains that can be made and the anonymity the internet can provide, make the virtual world of cyberspace a haven for criminals. Although the internet has huge benefits for information gathering and social networking, in the wrong hands it can cause harm to the vulnerable and criminals are able to vanish into the underground with the use of false identities that are hard to track online.