=>There are many people who are using computers in this generation,Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and child grooming, other people using the web sites like pornography and they didn't know that they can impluence to others and because of this it is spreading around the world of computers.
2.What are some characteristics of common computer criminals including their objectives.
The following are the objectives of criminals:
1.To foster, greater and in-depth analysis understanding of existing and proposed legislation on cyber crime
2.To foster debate analysis and research on latest legislative approaches on legal issues concerning regulating cyber crime.
3.To conduct training of different stake holders on various issues pertaining to cyber crime, law and policy as well as regulation.
4.To foster International Corporation amongst relevant stakeholders to provide for better understanding of how cyber crimes can be more effectively regulated in the borderless medium of cyber space.
5.To be a part of relation of important information pertaining to regulation of cyber crime across nations.
6.To do other allied activities those have relevance upon evolution and growth of cyber crime regulation and policies.
7.To also liaison and interact with International Organization working in cyber crime policy and regulation.
8.To contribute its thought, leadership on the new trends that legislations of countries need to adopt, for being more effective in their fight against cyber crime.
9.To be a fertile ground for the evolution of more sophisticated legislative approaches processes and procedures aims towards effective regulation of cyber crime
10.To contribute to the ever growing jurisprudence on cyber crimes policies and legislation.
11.To conduct events seminars and conferences towards disseminating more awareness about the various facets of cyber crime policy and regulations
General Characteristics :
Of course, cybercriminals are of various types and they come from all walks of life. But there are certain generic facets of the human personality that differ between criminals and non-criminals. External motivations are not sufficient to determine who is a criminal or who is not, in the same way that oxygen alone is not sufficient to start a fire. In the cybercriminal's case, there also needs to be a deep understanding of networks and technology on top of the typical criminal mindset.
A substantial amount of technical knowledge
It may be easier than ever to use the Net, send email etc. but to get unauthorized access into another network or someone else’s computer requires much more than just that much knowledge. It takes a long time to get the required level of expertise to successfully commit and get away with cybercrime, which explains why most cybercriminals specialize in only one type of crimeContempt for the law or feeling above the law
Like “real” criminals, cybercriminals usually need to justify their actions to themselves and they do so by thinking that the laws cause harm, are unnecessary or plain dumb. Many feel that such laws deserve to be independently tested for validity or effectiveness. Some even feel that because of their position, intelligence or skill set, they are above the law and can do what they see fit to it. Manipulative and risk-taking nature
One often wonders why hackers put in so much effort to try to rob banks and con artists spend so much time dreaming up scams for so little profit and so much risk when they could have earned much more by having proper jobs. They also run the risk of getting caught. Maybe it is the thrill of doing something forbidden or committing the crime for crime’s sake which makes such people act irrationally. They get a “high” feeling when they circumvent maximum security, fool or manipulate people into buying into their scams or when they dodge the law.An active imagination
Many cybercriminals use the Internet to create new personalities which are pleasant to believe in and can even help to avoid tracking down. In this way, con artists create elaborate scams based on what they would like to believe in. Cyberstalkers and paedophiles, of course, have sexual fantasies. Hackers like to believe that they are using the cyberworld to do what they find hard to do in the real world: take over other people through their own systems.3.What action must be taken in response to a security incidents?
Incident Response Capability :
A great deal of damage has been done to organizational reputations and a great deal of information has been lost in organizations that do not have fully effective incident response programs in place. Without an incident response plan, an organization may not discover an attack in the first place, or, if the attack is detected, the organization may not follow proper procedures to contain damage, eradicate the attacker’s presence, and recover in a secure fashion. Thus, the attacker may have far higher impact on the target organization, causing more damage, infecting more systems, and possibly exfiltrating more sensitive data than would otherwise be possible with an effective incident response plan.
If there is an incident and it’s identified as an attack, there are several things that can be done. The worst of course is the “lets close our eyes and maybe it will go away.” This happens more often than not. So with that said there are two ways to approach incident response: Reactive and Proactive. Either is better then nothing, but if you can set your organization up to incorporate both you have a plan that will carry you through the worst situations.
A good reactive plan involves policies and training to identify what requires response, what should be done when an incident is identified, and the best course of action to take. A good proactive plan puts in place all of the necessary components towards identifying or stopping potential attacks before they are able to be completed.
Incident response is key when safeguarding data once an incident has occurred. If an incident is identified and personnel identifying it are able to respond appropriately, the ability to safeguard data and recover back to an operational state has increased. In some cases a properly developed incident response plan can prevent a small incident from becoming a catastrophe. Incident response is more than a group of people responding to an incident. A good response team is developed with a strong set of procedures in place to ensure each member knows their role and that the individual who identified the incident also knows the proper reporting procedures.
For any good process to work, management must see the value of having the policies and process. This is a key element towards developing a working response plan. There are numerous guides and standards that outline response procedures and methods. It is important to know which guidelines your organization falls under and incorporate your own standards that meet or exceed government minimum standards. A good baseline is the NIST Guidelines.
Once the standards have been identified, ensure that all team members are aware of their roles and responsibilities. Conduct training to reinforce the policies and incident response roles for both team members and managers. Executive management should be involved in various aspects of the incident response plan to ensure buy-in and support.
Before an incident response can be initiated there must be set policies that identify what actions must be taken for the different types of incidents. Policies and training will ensure that the proper methodology is followed to ensure a successful outcome to the incident. Policies should be clear and not left for interpretation by members of the organization or contractors.
When an incident occurs, all aspects of training and policy must be followed. This will ensure a positive outcome. All reports should be based on an organization-wide template to ensure uniformity.
The key element of this process is the reporting and documentation of the incident. The documentation can be useful in identifying shortfalls and high points. Documentation will allow for good audit reviews and process improvements as well as protection from legal repercussions due to an incident.
All reports should be clear and concise, they should contain only factual observations and information. A report should not contain information based on conjecture.
For additional details on the controls, please go to SANS 20 Critical Security Controls. Portions of the above are taken from version 2.0 of The Twenty Critical Controls.
No comments:
Post a Comment