the article for computer security

Tweet

Tonight's topic is "Computer Security," a subject near and dear to my heart after catching fraud a few times, and cracking system security a few times. The only unfortunate part of this evening is that I have enough material to cover an intensive 2 or 3 day seminar and I only have something over an hour, so in addition to extensive notes from this presentation, I've put an article on viruses, and a PC virus detector program on diskette for you. 1. SCOPE OF COMPUTER SECURITY Computer security relates to any potential loss of information or your ability to operate, regardless of the source of the problem. Of course, all the publicity about computer security is going to the virus situation. I don't want to dissuade anyone from their concerns about viruses, because it's definitely a growing problem, and if you get hit, you'll be sorry you ever laid eyes on a computer. But, current estimates indicate that viruses represent only 3% of all the computer problems now occurring. Of course, if you're one of the 3%, like CNIB or Barclay's Bank Canada were last fall, you'll feel like you're the only one on earth. The difference between viruses and other computer security issues is apparently one of control: I hope to convince you that you have as much control over viruses and as little control over the other 97% of problems as to make them equal threats to the safety of your computer. I'm going to get to viruses later, their prevention, detection and cure, but I'd like first like to cover the other major problems that affect computer security - the other 97% - and I'd like to start with reasons why you should be concerned about security. 2. WHY SHOULD YOU BE CONCERNED? Your data is a valuable asset, just like premises, equipment, raw materials and inventory. Because so much of modern business depends on computers - financial systems, engineering design, medical diagnosis, production and safety control - the destructive potential is greater every year. There has been more than one company that's suffered great losses, and even gone under because of the loss of things like their accounts receivable records: no one is going to pay you if you don't send them a bill, and if they get word of your inability to invoice them, their darned unlikely to volunteer payment - so you're in a financial mess. The same goes for your design information, production data, the consequences if safety control systems malfunction, or even the simple loss of your customer list. Another reason why you should be concerned is, too often, people don't think about computer security until it's too late. There's a saying in my industry that, "He who laughs last probably made a backup." Another saying is, "Experience is something you don't get until just after you needed it the most." Well, if it means the life of your company, or the loss of potentially millions of dollars, or even just the information on your home computer, it might be wise to get at least some basic knowledge before the disaster strikes. - 3 - 3. TYPES OF SECURITY BREACHES Now that the 'why' is out of the way, let's break down the 97% of problems. These are not in a specific order, but just as they came to me. Nor have I attempted to attach percentages to each type of risk, because very few computer crimes are actually reported, so any figures that anyone could estimate would not be realistic: FRAUD/THEFT By far the biggest problem is fraud or theft. Some examples of this are: CHAOS - 1987 - Hamburg - NASA data bank info sold to USSR Foreign exchange } famous because of big $ Electronic Funds Transfer } amounts, and because of the Insider Trading } publicity they've received Most common: Cookie jar technique - e.g., interest, income tax (aka 'Salami' technique - take a little and no one will notice) Specific examples I've caught were in Payroll (no crash on