1
COMPUTER AND INTERNET CRIME
COMPUTER & INTERNET CRIME
It is an act performed by a knowledgeable computer user.
Internet crime is a computer crime with the use of Internet.
IT SECURITIES INCIDENTS: A MAJOR CONCERN
IT SECURITIES INCIDENTS :
A MAJOR CONCERN
The security of information technology used in business is of utmost importance.
WHY COMPUTER INCIDENTS ARE SO PREVALENT
- INCREASING COMPLEXITY INCREASES VULNERABILITY
- HIGHER COMPUTER USER EXPECTATIONS
- EXPANDING AND CHANGING SYSTEMS INTRODUCE NEW RISK
- INCREASED RELIANCE ON COMMERCIAL SOFTWARE WITH KNOWN VULNERABILITIES
TYPES OF EXPLOITS
TYPES OF EXPLOITS
- VIRUSES
- WORMS
- TROJAN HORSE
- DISTRIBUTED DENIAL-OF-SERVICE(DDoS) ATTACKS
- ROOTKITS
- SPAM
- PHISHING
- SMISHING AND VHISHING
TYPES OF PERPETRATORS
TYPES OF PERPETRATORS
- HACKERS & CRACKERS
- MALICIOUS INSIDERS
- INDUSTRIAL SPIES
- CYBERCRIMINALS
- HACKTIVIST & CYBERTERRORISTS
PHILIPPINE LAW FOR COMPUTER ATTACKS
PHILIPPINE LAW FOR COMPUTER ATTACKS
- E-Commerce Law (Republic Act 8792)
- It was signed into law on June 14, 2000.
- The law took effect on June 19, 2000.
- Cybercrime Prevention Act (Republic Act 10175)
- It was signed into law on September 12, 2012.
-This law is already in effect as the Supreme Court uphold its constitutionality on February 18, 2014.
SOURCES: https://ecommercebootcamp.digitalfilipino.com/lesson/the-e-commerce-law/
https://digitalfilipino.com/introduction-cybercrime-prevention-act-republic-act-10175/
IMPLEMENTING TRUSTWORTHY COMPUTING
IMPLEMENTING TRUSTWORTHY COMPUTING
A method of computing that delivers secure, private, and reliable computing experiences based on sound business practices - which is what organizations worldwide are demanding today.
RISK ASSESSMENT
RISK ASSESSMENT
It is the process of assessing security-related risks to an organization's computers and networks from both internal and external threats.
Its goal is to to identify which investments of time and resources will best protect the organization from its most likely and serious threats.
ESTABLISHING A SECURITY POLICY
ESTABLISHING A SECURITY POLICY
It refers to the organization's security requirements, as well as the controls and sanctions needed to meet those requirements.
EDUCATING EMPLOYEES AND CONTRACT WORKERS
EDUCATING EMPLOYEES AND CONTRACT WORKERS
Employees and contract workers must be educated about the importance of security so that they will be motivated to understand and follow the security policies.
PREVENTION
PREVENTION
- INSTALLING A CORPORATE FIREWALL
- INTRUSION PREVENTION SYSTEMS
- INSTALLING ANTIVIRUS SOFTWARE
- IMPLANTING SAFEGUARDS AGAINST ATTACKS BY MALICIOUS INSIDERS
- DEFENDING AGAINST CYBERTERRORISM
- ADDRESSING THE MOST CRITICAL INTERNET SECURITY THREATS
- CONDUCTING PERIODIC IT SECURITY AUDITS
DETECTION
DETECTION
Organizations should implement detection systems to catch intruders in the act. They often employ intrusion detection system to minimize the impact of intruders.
IDS is a software and/or hardware that monitors system and network resources and activities.
RESPONSE
- INCIDENT NOTIFICATION
- PROTECTION OF EVIDENCE AND ACTIVITY LOGS
- INCIDENT CONTAINMENT
- ERADICATION
- INCIDENT FOLLOW-UP
- COMPUTER FORENSICS
COMPUTER FORENSICS
COMPUTER FORENSICS
A discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices that can be used as evidence in the court of law.