NCJ Number
205203
Date Published
February 2004
Length
6 pages
Annotation
Intended primarily for staff with organizational responsibilities for online services in Queensland (Australia), this paper intends to raise their awareness of the crime, misconduct, and security risks inherent in the cyber environment.
Abstract
The author advises that e-mail, intranets, and the Internet are inherently insecure; yet they are being increasingly used by organizations to open up their networks and make data and applications available to clients, partners, and suppliers. Cyber crime can impact any organization that uses information and communication technologies, and the volume of computer crime and security incidents in Australia is increasing rapidly, despite organizations' heavy investment in security technologies. The 2003 Australian Computer Crime and Security Survey found that the primary source of computer crime losses in the previous 12 months, as reported by responding organizations, were financial fraud; laptop theft; and virus, worm, and Trojan infections. Perpetrators have most often been insiders who are best placed to know the organization's greatest vulnerabilities and have greater legitimate access to information systems. Key security strategies discussed in this paper are to make security a priority, develop a corruption-resistant organizational culture, ensure senior management commitment, use the internal audit function, be unpredictable, and move quickly to investigate any breach of security. Key controls recommended in this paper are to develop clear security policies and procedures, conduct a regular risk assessment, and develop effective internal controls. The general advice for preventing crime and misconduct in the cyber environment is to integrate both "high-tech" and "low-tech" technological solutions. Organizations must recognize, however, that cyber security threats are not just a technology problem but also a people problem. 2 tables and 12 references