Computer Crime and Security Essay Example | Topics and Well Written Essays - 1500 words

Computer Crime and Security - Essay ExampleLater investigations revealed that it was an insider concomitant, involved the thieving of subsequent selling of patients credit card numbers, and that the activities emanates from the Call Centre. Having provided you with a general overview of the situation, I will now explain its potential and actual consequences, summarize the results of the post-mortem and clarify some(prenominal) lessons learnt and future action.In regulating channel related to the expenditure of computers, the United States government currently defines a computer as an electronic, optical, electrochemical, or other(a) high-speed data processing device performing logical, arithmetic, or terminus functions, and includes any data storage facility or communications facility directly related to or operating in mating with such a device (United States Computer Fraud and Abuse Act (e)(l), 1984, cited in Kipper, 2007, p. 194). This definition accounts for the sort i n which IT has fused data storage, computing and telecommunications technologies and in so doing, touches upon the potential of both the computing and telecommunications technologies to go against the integrity and confidentiality of the stored data. The United States Department Of Commerce (2000) highlighted this threat in its report on the proliferation of computer use and internet access, not just in the United States but, across the world. As the greater majority of corporations, both in the United States and worldwide, are relying on IT for data storage and processing, increased popular access to IT renders merged systems vulnerable to unauthorized penetration and the associate accessing of private and confidential data (U.S. Department of Commerce, 2000). While it is the debt instrument of corporate entities to ensure the securitization of their networks, absolute inviolability is practically impossible to achieve. It is, thus, that recent years have witnessed the ever-incr easing adoption of computers in the commission of crimes of fraud and theft (Power, 2000). Our company has recently fallen victim to one such incident.3Incident OverviewOn January 16th, 2008, a periodic review of our IT activities logs evidenced a string of unusual activities. nearly 10,000 patient files had been accessed and the data they contained had been transferred to an external medium, possibly an external hard drive. The IT department had no record of authorizing any individual this level of access and, indeed, there was no legitimate justification for the access of 10,000 patient files. The incident was terribly worrisome as these files contain sensitive data such as patients social security, damages and credit card numbers, not to mention home and place of employment addresses and contact information. The IT department straightway contacted the Legal Department and appraised its Director of the situation who, in turn, contacted law enforcement and did the same. 4Post Mo rtemAfter report the incident to the Legal Department and law enforcement officials, the IT department launched an intensive post mortem investigation. The investigation, which followed standard procedures which will be described shortly, had several objectives. These were the identification of the source, as in whether it was an insider or outsider incident