By Topic

Holding management accountable: a new policy for protection against computer crime

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
C. Wilson ; Comput. Security Officer for the Congressional Res. Service, Libr. of Congress, USA

Attacks by cyber criminals can be potentially just as damaging to the national infrastructure as attacks by cyber terrorists. Effective security countermeasures to combat computer crime parallel those used to protect against potential threats due to cyber terrorism and information warfare. Federal data about crime indicate that the growth in prosecution of computer crime is lower than the growth of computer incidents. A survey of the attitudes and activities of college students also revealed that current policy does not provide a strong deterrent to computer crime. Current policy, as expressed in the Computer Fraud and Abuse Act, does not hold organizational management accountable when their computers are broken into by hackers. However, security organizations repeatedly state that many if not most, computer intrusions occur largely because the host operating system has not had the latest fixes applied. Sometimes notices of system vulnerabilities have been widely published for months, but because available fixes were not applied, hackers using sophisticated attack tools, were able to locate exposed hosts on the Internet and attack those vulnerabilities. Hackers share vulnerability information via informal groups linked through the Internet, while government and private industry are reluctant to share vulnerability information. This characteristic gives attackers an advantage that helps them exploit host weaknesses. A recommendation is made to hold managers in the government and private sector more accountable for keeping their computer assets updated with the latest operating system fixes, to improve computer security and protect the national infrastructure

Published in:

National Aerospace and Electronics Conference, 2000. NAECON 2000. Proceedings of the IEEE 2000

Date of Conference: