Thursday, July 22, 2010

How would you describe some of the computer crime prevention measures that government agencies?

How would you describe some of the computer crime prevention measures that government agencies and private corporations are taking. Explain which ones you think are most effective and why.





(I am doing a survey for my final project and would appreciate any positive input.)

How would you describe some of the computer crime prevention measures that government agencies?
A good site for federal and private computer security practices can be found at:





http://csrc.nist.gov/pcig/index.html








1. Most computer crime is conducted by "insiders", especially computer security types who are very familiar with the weaknesses of computer systems.





So THE most important computer crime prevention measure is a strong internal controls policy, including background investigations, disclosure of income sources, personal observations of spending habits, etc.





You can also log employee computer use for unusual patterns (this nabs many low level types).








2. Passwords are the primary means of enforcing computer security and the most effective. And using another person's password is still the best way to breach computer security.





Make sure people know they should NEVER reveal their password to anybody. System administrators can "reset" a password to a new password, but even they cannot read a user's password on a computer system.








3. "Trojan Horse" attacks bypass all computer security measures, since the victim actively participates in the breach of security. It works as effectively today as it did in the Greek siege of Troy thousands of years ago.





A good one is to send a message saying the victim has lots of money in an account, and needs to provide information to access it. This plays on the greed of the victim, and encourages them to keep their mouth shut out of embarassment when they get scammed.





To mitigate this attack, computer security education is utilized within government. Just circulating a list of computer crime scams can be very effective.








The absolute most egregious computer crimes are never reported outside the victimized agency, because it would alert copy cats how to pull off the scam, and destroy all confidence anyone has in that particular company or agency.
Reply:In a few words, in general:





too little, too late, too ineffective.





government itself is rife with internal corruption and sleaze.





all they do is hire their friends and political wuzzies, give them big salaries with huge benfits, and have them do nothing except waste government resources that you and I pay for.


No comments:

Post a Comment