Dear Lord and Father of all,

Thank you for today. Thank you for ways in

which you provide for us all. For Your
protection and love we thank you. Help us
to focus our hearts and minds now on what
we are about to learn. Inspire us by Your
Holy Spirit as we listen and write. Guide us
by your eternal light as we discover more
about the world around us.

We ask all this in the name of Jesus. Amen.

Lord, I thank you for sunshine

Thank you for rain

Thank you for joy
Thank you for pain
It's a beautiful Day ey ey ey ey
It's a beautiful Day ey ey ey
IT Professional Ethics
IT 304
Computer and Internet Crime
IT 304
Learning Objectives:
● Understand the trade-offs and ethical issues are
associated with the safeguarding of data and
information systems.
● Identify the most common types of computer
security attacks?
● Identify the primary perpetrators of computer crime,
and what are their objectives.
Why Computer Incidents
Are So Prevalent?
Why Computer Incidents Are So Prevalent?
1. Increasing Complexity of Technology
Why Computer Incidents Are So Prevalent?
1. Increasing Complexity of Technology
● Rapid Technological Advancements: The rapid pace of
technological change means that systems are often complex and
can have vulnerabilities that are not immediately apparent. New
features and technologies may introduce unforeseen security risks.
● Integration of Systems: Modern systems are highly interconnected,
which means that a vulnerability in one system can potentially
expose others. This interconnectedness increases the attack surface
for potential threats.
Why Computer Incidents Are So Prevalent?
2. Growing Attack Surface
Why Computer Incidents Are So Prevalent?
2. Growing Attack Surface
● Ubiquity of Digital Devices: With the proliferation of
smartphones, IoT devices, and other connected gadgets, the
number of potential entry points for attackers has expanded
significantly.
● Expansion of Online Services: The increase in online services and
cloud computing has expanded the amount of data stored and
transmitted online, creating more opportunities for cyberattacks.
Why Computer Incidents Are So Prevalent?

3. Human Factors
Why Computer Incidents Are So Prevalent?

3. Human Factors
● Human Error: Many incidents are the result of mistakes or
negligence by users, such as using weak passwords, falling
for phishing scams, or improperly configuring security
settings.
● Lack of Awareness: Inadequate training and awareness
about security practices can lead to vulnerabilities. Users
who are not educated about cybersecurity risks are more
likely to fall victim to attacks.
Why Computer Incidents Are So Prevalent?
4. Evolving Threat Landscape
Why Computer Incidents Are So Prevalent?
4. Evolving Threat Landscape
● Sophistication of Attacks: Cyberattacks have become more
sophisticated over time, with attackers using advanced
techniques such as artificial intelligence, machine learning,
and zero-day exploits.
● Emerging Threats: New types of threats and attack vectors
continue to emerge, such as ransomware and advanced
persistent threats (APTs), requiring constant vigilance and
adaptation.
Why Computer Incidents Are So Prevalent?

5. Economic Incentives
Why Computer Incidents Are So Prevalent?

5. Economic Incentives
● Profit Motives: Cybercriminals often have financial
incentives for their actions, such as stealing data for
ransom, committing fraud, or selling stolen information
on dark web marketplaces.
● Low Risk for Attackers: The anonymity of the internet
and the global reach of cyberattacks mean that
attackers often face minimal risk of being caught or
prosecuted.
Why Computer Incidents Are So Prevalent?

6. Inadequate Security Measures

Why Computer Incidents Are So Prevalent?

6. Inadequate Security Measures

● Legacy Systems: Many organizations still rely on outdated
systems that lack modern security features and are more
vulnerable to attacks.
● Insufficient Security Practices: Some organizations may
not implement comprehensive security measures or may
lack the resources to keep up with best practices, leading
to increased risk.
Why Computer Incidents Are So Prevalent?

7. Social Engineering
Why Computer Incidents Are So Prevalent?

7. Social Engineering
● Manipulation Techniques: Attackers use social
engineering tactics to manipulate individuals into
divulging confidential information or performing
actions that compromise security, such as clicking on
malicious links or providing login credentials.
Why Computer Incidents Are So Prevalent?

8. Insufficient Incident Response

Why Computer Incidents Are So Prevalent?

8. Insufficient Incident Response

● Delayed Detection: Many incidents go undetected for
long periods, allowing attackers to cause more damage
before any response is initiated.
● Response Challenges: Organizations may struggle with
effective incident response due to a lack of
preparedness, resources, or expertise, which can
exacerbate the impact of incidents.
Types of Exploits
Computers as well as smartphones can be target
Types of attacks:
● Virus
● Worm
● Trojan horse
● Distributed denial of service
● Spam
● Phishing
Viruses
A computer virus is a type of malicious software, or malware, that spreads
between computers and causes damage to data and software
● Usually disguised as something else
● Users spread infected files
● Cause unexpected and undesirable behavior
● Spread by actions of the “infected” computer user
Infected e-mail document attachments
2000
Downloads of infected programs
Visits to infected Web sites
Trojan Horse
Trojan Horse
A Trojan Horse Virus is a type of malware that
downloads onto a computer disguised as a
legitimate program. The delivery method
typically sees an attacker use social
engineering to hide malicious code within
legitimate software to try and gain users'
system access with their software.
Trojan Horse

2011
Worms
Worms
A computer worm is a subset of the Trojan horse malware
that can propagate or self-replicate from one computer to
another without human activation after breaching a
system.
Typically, a worm spreads across a network through your
Internet or LAN (Local Area Network) connection.
 Spam
Abuse of email systems to send unsolicited email to large numbers of people
Low-cost commercial advertising for questionable products
Method of marketing also used by many legitimate organizations
u
u
u
u
u
u
u
uCAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)
Phishing
● Phishing is a type of social engineering attack often used to steal user
data, including login credentials and credit card numbers.
● Act of using email fraudulently to try to get the recipient to reveal
personal data
● Legitimate-looking emails lead users to counterfeit

2015
Ransomware
uAtype of malicious software designed to block access to a
computer system until a sum of money is paid.
uA type of malware that prevents or limits users from accessing their
system, either by locking the system's screen or by locking the users'
files unless a ransom is paid.
2021
Types of Perpetrators

Perpetrators include:
● Thrill seekers wanting a challenge
● Common criminals looking for financial gain
● Industrial spies trying to gain an advantage
● Terrorists seeking to cause destruction
Types of Perpetrators
Perpetrators include:
● Thrill seekers wanting a challenge
● Common criminals looking for financial gain
● Industrial spies trying to gain an advantage
● Terrorists seeking to cause destruction
Hackers and Crackers
Hackers
A hacker is a person who breaks into a computer system.
The reasons for hacking can be many: installing malware,
stealing or destroying data, disrupting service, and more
uCrackers
U Cracking is a form of hacking
U Clearly criminal activity
Malicious Insiders
A malicious insider is an individual within
your organization who decides to use their
access credentials to steal, share, or leak
sensitive information or privileged accounts
outside your organization
Industrial spy
Industrial spying describes a series of covert
activities in the corporate world such as the theft of
trade secrets by the removal, copying, or recording of
confidential or valuable information in a company
Cybercriminal
Cybercriminals are individuals or teams of people
who use technology to commit malicious activities
on digital systems or networks with the intention of
stealing sensitive company information or personal
data, and generating profit.
Hacktivists and Cyberterrorists
uHacktivism
Hacking to achieve a political or social goal

uCyberterrorist
Attacks computers or networks in an attempt to intimidate or
coerce a government in order to advance certain political or social
objectives
Seeks to cause harm rather than gather information
U Uses techniques that destroy or disrupt services
Establishing a Security Policy
Must implement multilayer process for managing security vulnerabilities,
including:
Assessment of threats
Identifying actions to address vulnerabilities
User education
uIT must lead the effort to implement:
Security policies and procedures
Hardware and software to prevent security breaches
Establishing a Security Policy
Educating Individuals
● Help protect information systems by:
● Guarding passwords
● Not allowing sharing of passwords
● Applying strict access controls to protect data
● Reporting all unusual activity
● Protecting portable computing and data storage devices
Preventions
● Implement a layered security solution
● Make computer break-ins harder
● Installing a corporate firewall
● Limits network access
● Intrusion prevention systems
● Block viruses, malformed packets, and other threats
● Installing antivirus software
● Scans for sequence of bytes or virus signature
Establishing a Security Policy
uA security policy defines:
U Organization’s security requirements
U Controls and sanctions needed to meet the requirements
Delineates responsibilities and expected behavior
Outlines what needs to be done
Not how to do it
Automated system policies should mirror written policies
Computer Forensics
● Combines elements of law and computer science to identify,
collect, examine, and preserve data and preserve its integrity
so it is admissible as evidence
● Computer forensics investigation requires extensive training and
certification and knowledge of laws that apply to gathering of
criminal evidence
● Computer forensics is key to fighting computer crime in a court
of law