Exam 14: Computer Crime and Information Technology Security

Computer crime taxonomy, computer criminals and internal controls For each independent situation below, indicate: (a) the type of computer crime based on Carter's taxonomy, (b) the type of computer criminal and (c) one internal control that would address the crime. Note to instructor: The situations in this problem are different from those in Problem 8.

A hacker extracts clients' social security numbers from a company's information system, then offers to sell the numbers back to the company to prevent their disclosure. The hacker's actions are an example of:

Information systems professionals would most likely consult with legal professionals for advice regarding which of COBIT's information criteria?

The main difference between hackers and cyber-criminals is:

Indicate one group from COBIT's accountability framework that applies to each item below. Some groups may be repeated. ______________1. Chairman must have accounting or financial management expertise ______________2. Charter must be filed every three years with SEC ______________3. Included in the scope of corporate governance accountability ______________4. Included only in the scope of information governance accountability ______________5. Initiates disclosures about financial and internal control ______________6. Initiates disclosures about information governance control ______________7. Initiates sign-off on all forms of control ______________8. Provide independent review of accounting information system ______________9. Receives recommendations about information governance control ______________10. Source of accountability

On a monthly basis, internal auditors review an organization's information security policy over a specific group of physical computer assets. The review is an example of a(n):

Carter identified four categories of computer crime. Explain which categories are most appropriate for Tim's action.

A computer criminal initiates a denial of service attack designed to shut down a country's air traffic control system. The computer criminal is best described as a(n):

Calvin works as an accountant for RRI Inc., a corporation that manages the financial assets of wealthy clients, such as movie stars and politicians. Calvin has not received a pay increase in three years and has grown unhappy in his position. He has been approached by a tabloid newspaper with an offer for significant monetary compensation in exchange for personal facts about RRI's clients. Because he feels unappreciated and underpaid, Calvin is seriously considering the tabloid's offer, even though it violates RRI's information security policy and the agreements RRI has with its clients. -If Calvin carries out the tabloid's request, RRI's information system will fail to meet which of COBIT's information criteria?

COBIT's accountability framework can enhance internal control by assigning responsibility and designating authority for various tasks related to information systems security. Which of the following groups is most suited to develop technical security controls?

List the seven information criteria associated with the COBIT framework. Which criteria will be compromised if Tim activates the program?

The textbook identified eleven specific business risks/threats associated with information technology. Discuss three that apply in this situation.

Corporate spies are most closely associated with which of the following business risks?

In MRT Corporation, users must say a specific phrase to gain access to information systems. The system identifies both the phrase and the user's voice before allowing access. MRT's system is an example of a(n):

As a form of internal control, fingerprint scans are most likely to prevent:

A terrorist posts a threatening message on a web site. The post is an example of which element of Carter's taxonomy?

COBIT's accountability framework can enhance internal control by assigning responsibility and designating authority for various tasks related to information systems security. Which of the following groups is ultimately responsible for developing and maintaining a strong internal control system?

As an administrative security control, a well-written conflict of interest policy would be most helpful in punishing which category of computer criminal?

An unhappy employee has installed a logic bomb in an organization's information system. If the bomb is activated, which of COBIT's information criteria is most likely to be compromised?

Calvin works as an accountant for RRI Inc., a corporation that manages the financial assets of wealthy clients, such as movie stars and politicians. Calvin has not received a pay increase in three years and has grown unhappy in his position. He has been approached by a tabloid newspaper with an offer for significant monetary compensation in exchange for personal facts about RRI's clients. Because he feels unappreciated and underpaid, Calvin is seriously considering the tabloid's offer, even though it violates RRI's information security policy and the agreements RRI has with its clients. -Which of the following internal controls would be most effective in preventing Calvin from carrying out the tabloid's request?