Knowledge and Information Security - Essay Example

Research Exercises PTR220 Knowledge and Information Security Trimester 2, 2008 Research Exercise Week 2’s topic, en d Cyber crime, provides anoutline of specific Internet-based crime. It will describe the vulnerability of electronic information held by individuals to a variety of threats. It will touch on the following areas of interest: E-commerce and ATM Vulnerability Credit Card Abuse SPAMs and Scams Viruses and Worms Trojan Horses, Logic Bombs and Sniffers Electronic counter-measures to combat these threats, including: Firewalls and Anti-virus applications Week 3’s topic entitled, Criminal Conspiracy - Database Attack, centres on a hypothetical scenario in Australia, to allow you to examine the motivation and methodologies of conspirators attempting to illegally obtain information from a police crime database. It will introduce the threat to information security as seen through the eyes of an attacker, and will cover: The nature and methodology of a criminal conspiracy Planning of a criminal attack Selection, recruitment, development and exploitation of human source assets Information collection and analysis used by criminals in an attack Motivation and evaluation of human source assets The Research Exercises will enable you to commence research relating to: The nature of cyber-crime, and the vulnerability of electronic information held by individuals, to a variety of threats Specific threats posed to individuals A variety of such threats and gain a more objective perspective of the actual risk they pose A range of counter-measure and their efficacy in protecting knowledge and information security relating to the individual Understanding the nature and methodology of a criminal conspiracy The motivation of person’s involved in the unauthorised acquisition of confidential records PLEASE NOTE: Please use the attached answer sheets to record your research submissions. You may then submit these through the MyLMS assignment submission facility. Please use Microsoft Word format and do not submit .zip files. Please ensure that you also submit the coversheet with each research exercise submission. Beginning your Research Please visit the Murdoch Library site: http://wwwlib.murdoch.edu.au/help/begin.html Please use the Subject Guides to Library Resources to identify appropriate resources in your subject area at: http://wwwlib.murdoch.edu.au/guides/ Please try out Google Scholar Linking to Full Text: SFX Find It at: http://wwwlib.murdoch.edu.au/aarlin/sfx.html), Richard Boddington PTR220 Unit Coordinator Perth, April 2008 RESEARCH EXERCISE 01 Three (3) Research Questions Please provide answers to the following three (3) questions. The results of your investigations may be, summarised in a table like the one below. A word count of between 300 and 400 words for each answer is required. Please do not exceed the word count, as this will not gain any additional marks. Each answer must include references to each article you have used to answer each question: Question 1 - Computer Crime and Fraud Losses from computer crime have escalated in recent years. Please use the Library Portal to find three (3) sources of information that clarifies this claim. Summarise the nature and extent of the problem based on the information you used from your selected articles. Information Summary (Minimum word count 300 words - use extra space if required) There is no doubt that the frequency of computer related fraud and crime had grown in the past few years. One of the rampant and challenging problems is digital piracy of entertainment material and software applications. Craig Kuhl, in his New York Times article, points out the prospects and problems facing the digital media industry in light of threat from piracy and copyright infringement: “The stakes are high: Worldwide online video revenue is expected to exceed $4.5 billion by 2012, up from $1.2 billion in 2008. And by 2012, according to In-Stat, 90% of U.S. households will have access to broadband, with 94% watching online video. An IMS Research study estimates that by 2013, 255 million TV households worldwide will be watching HDTV and the number of unique HD titles increased by 161% over the first six months of this year, and the number of on-demand orders jumped to 3 billion in 2007. Meanwhile, the Motion Picture Association of America puts annual losses to film piracy at a whopping $18 billion”. (Craig Kuhl, 2008, p.22) Surely, 18 billion dollars is a significant loss to an industry that is also vulnerable to several other risk factors. Other threats to computer systems worldwide come in the form of viruses, worms and Trojan horses. The issue of financial and information losses from these criminal activities have reached such proportion that computer security is a $30 billion industry now. One of the leading players in computer security industry is McAfee, which has recently announced a revamp of its anti-malware technology in a bid to retain its leadership position in this segment. This further goes on to show the widespread and difficult-to-control nature of computer crimes. In a world that is increasingly dependent on technology for banking, education, governance, health-care, etc, the prevailing situation requires robust security systems to prevent such crimes. Source Reference include URL AND details of the text or journal you used 1. Craig Kuhl, Putting a Mark on Content Security. Multichannel News 0276-8593 Sept 8, 2008, v29 i35, p22, 2008,ISSN 0276-8593 2. Wright, Charles, Cyber)crime fighters, Intheblack (Prahran, Vic.), v.76, no.8, Sept 2006: 49-51, 2006 3. Hauser, Christine, Camera Phones Are Enlisted To Fight Crime.(Metropolitan Desk, The New York Times 0362-4331 Sept 10, 2008, v157 i54429, pB1(L), 2008, ISSN 0362-4331 Tutor’s Comments Marking Guide: Relevance and accuracy of material submitted Evaluation of the summary for form and content Appropriate reference of sourced material Max 10 points Question 2 - Viruses and Worms Go to the following site and read the article on Viruses and Worms, which will give you a general overview of the threat they pose: http://secinf.net/Network_Security/Information-Workers-Security-Handbook.html Please use the Library Portal to locate three (3) articles that describe malware such as Viruses, Worms and Trojan Horses and then summarise their characteristics, and the threats that they pose to organisations information assets. Information Summary (Minimum word count 300 words - use extra space if required) Software such as Viruses, Worms, Trojan Horses, etc are designed with malicious intentions and discreetly embedded into sources of information such as hard disks and servers, with the intention of corrupting or manipulating the data. If a computer system is infected with any of these software, which are collectively called as malware, then information stored in its memory could be spoiled. There is a new variant in malware software called sypware, which attacks vulnerable computer systems not so much to corrupt data as to access important and confidential information, which could later be misused. In this context, the book by Michael Erbschloe, titled ‘Trojans, Worms, and Spyware: a computer security professional’s guide to malicious code’ provides “practical, easy to understand, and readily usable advice to help organizations to improve their security and reduce the possible risks of malicious code attacks” (Erbschloe, 2005). The book also contains an introduction to various types of malware. For example, the book explains that a virus is a malicious program that attaches itself to a program or file in a computer so that it can spread to other computers when copied to them. But worms differ slightly from viruses in that they don’t need help from human beings to transport them unawares from one system to another. A Trojan Horse on the other hand is more complex than viruses and worms. A Trojan Horse will appear to be a benign software program, but once opened will display its hidden intent, which is not so much to corrupt data as to annoy users by playing pranks with the desktop interface. Of course, there are some varieties of Trojan Horses which do damage the system. The threat to information systems posed by these malware have evidently not subsided. That is why “information systems security remains one of the more in-demand professions in the world today. Further, with the widespread use of the Internet as a business tool, more emphasis is being placed on information security than ever before” (Erbschloe, 2005). Source Reference include URL AND details of the text or journal you used 1. Michael Erbschloe, Trojans, worms, and spyware: a computer security professionals guide to malicious code, 2005 2. Ben Worthen, McAfee Redesigns Tools in Fight Against Malicious Software, Wall Street Journal; Eastern edition; New York, N.Y. Sep 8, 2008 p. B.6, 2008 3. Mike Williams, PC Tools Internet Security 2008, Personal Computer World; London Sep 2008 p. n/a. Tutor’s Comments Marking Guide: Relevance and accuracy of material submitted Evaluation of the summary for form and content Appropriate reference of sourced material Max 10 points Question 3 – Misuse of confidential government records Locate three (3) articles through government department websites that describe cases involving the misuse of government records since 2000. Summarise your research and describe the factors you believe were the motivating reasons for these incidents. Information Summary (Minimum word count 300 words - use extra space if required) One of the issues confronting Australian government over the last decade or so is illegal immigration. While the government recognizes the genuine need to accommodate asylum seekers and other refugees, it is against illegitimate infiltration of foreign nationals into Australia. Cases of corruption in the immigration department have forced law-enforcement authorities to make use of state-of-the-art technology in citizen identification. According to the website of Department of Foreign Affairs and Trade, the ePassport initiative is in response to the numerous cases of identity fraud and fraudulent misuse and tampering of passports, etc that have been reported over the last decade or so. The Office of the Privacy Commissioner is a government agency that is responsible for maintaining confidentiality of citizen demographic information and health history. When the agency conducted an online survey a few months back, it found out that privacy is a major issue for net users in Australia. The concerns expressed by citizens include “a lack of transparency regarding the use and disclosure of personal information by websites, the tracking of an individuals activities at websites and concerns about the security of personal information in the Internet environment. It is widely considered that individuals need to trust that their privacy will be protected before they make significant use of the Internet for services such as Electronic Commerce and Electronic Service Delivery” (www.privacy.gov.au, 2008). As a result of this finding, the Office of the Privacy Commissioner has issued security guidelines for all Federal and local government websites in Australia. The National Archives of Australia (NAA) is another government body whose objective it is to inform citizens, public administrators and business owners about their legislative obligations in the area of content security. The Privacy Act and Electronic Transactions Act were particularly conceived to tackle the growing concern over misuse of government records in recent years. The Archives Act is also an important piece of legislation in that it empowers the NAA to preserve actual accounts of Australian history by keeping original de-classified documents. Source Reference include URL AND details of the text or journal you used 1. Department of Foreign Affairs and Trade – Issue of ePassports, retrieved from 2. Office of the Privacy Commissioner, retrieved from 3. National Archives of Australia, Relevant Legislations, retrieved from Tutor’s Comments Marking Guide: Relevance and accuracy of material submitted Evaluation of the summary for form and content Appropriate reference of sourced material Max 10 marks Total Marks Question 1 /10 Question 2 /10 Question 3 /10 Total out of 30 /30 (total x 5 ÷ 30) As a percentage /5% Name: __________________________________________________________________________ Given Names Surname Student Number Unit Code & Title: PTR220 Knowledge and Information Security Name of tutor: Day & Time of tutorial: _________________ Assignment Number: _____ Due Date: _______________ Date Submitted: ______________ If the given name by which your tutor knows you differs from your name on university records, you should indicate both names above. Your assignment should meet the following requirements. Please confirm this (by ticking boxes) before submitting your assignment. o Above details are fully completed and clearly legible. o You have retained a copy. o Declaration below is completed. All forms of plagiarism, cheating and unauthorised collusion are regarded seriously by the University and could result in penalties including failure in the course and possible exclusion from the University. If you are in doubt, please contact the Unit Lecturer. Declaration Expect where I have indicated, the work I am submitting in this assignment is my own work and has not been submitted for assessment in another unit. ___________________________(Typing your name here indicates compliance with the above declaration) Signature OFFICE USE ONLY Date received Marked by Date marked Marks/Grades Read More