COMPUTER CRIME PREVENTION
Almost all types of computer crime can be prevented in one way or another. World experience shows that to meet this challenge law enforcement agencies should use the various preventive measures. In this case, preventative measures should be understood as an activity aimed at identifying and eliminating the causes of crime and conditions conducive to them. In our country, the development of methods and means of preventing computer-related crime is forensic science. This science of the movement patterns of criminal relevant information in the commission of crimes and the investigation and based on these methods of disclosure, investigation and prevention of crimes. As seen from the definition of crime prevention is an important part of the methodology criminology.
Currently, there are three main groups of measures to prevent computer crimes. By allocating them, I immediately disclose their meaning.
This group of measures of prevention of computer crimes primarily include legislation to criminalize the wrongful acts in the computer field. Turning to history, we see that the first legal instrument of this type was adopted by American states of Florida and Arizona in 1978. The law called «Computer crime act of 1978». Then, in almost all States have been adopted similar legislation. These regulations have become the foundation for the further development of legislation to implement measures to prevent computer crimes. As for our country, the first step in this direction can be considered the Federal Law «On legal protection of software and databases» of 23 September 1992. Similar laws in foreign countries was taken at 5-10 years earlier. 20 and 25 January 1995 the Federal Assembly have been taken 2 of the Act respectively: «On the connection» and «On information, informatization and protection of information». These regulations were a progressive step in the development of this area, they are:
Dayut legal definition of the main components of information technology as an object of legal protection
Establish and reinforce the rights and responsibilities of ownership of these facilities
determine the legal regime for the operation of information technology
defines categories access certain subjects to specific types of information
Establish category secrecy of data and information
defines and limits of the legal use of the term «confidential information»
Similar laws exist in Western countries for more than 20 years.
crucial legislative chord in this area can be considered adoption, in June 1996, the Penal Code, which establishes criminal liability for computer crimes. The information in it - the object of criminal law protection.
organizational and technical measures to prevent computer crimes.
I consider these measures applied in western countries.
The positive considered separately, in my opinion, organizational and technical measures to prevent computer crimes used in developed countries
Currently, the leadership prevention of computer crimes in these countries is carried out in the following areas
1) line management procedures requirements of computer security;
2) development of technical protection of computer rooms and computer equipment;
3) development of data standards and standards for computer security;
4) The implementation of personnel policies to ensure computer security;
For example, the National Bureau of Standards USA has developed the basic safety requirements for computer networks. Among them:
- Fitness - a guarantee that the network is suitable to ensure authorized access;
- Controlled availability - a guarantee that the network will provide access to only authorized users to meet mandated targets;
- Integrity - data protection from unauthorized alteration and destruction;
- Confidentiality - protecting data from unauthorized disclosure;
- Safety data - a guarantee that the identification of users, the quality of data, time and duration of the data provided.
Based on these requirements have been set up appropriate mechanisms for technical controls that meet the following criteria:
1) integrity - basic reliability, guaranteeing that the mechanism works as it should;
2) The ability to verify - the ability to record information that may be relevant in the detection and investigation of attempted attacks on the means of computer technology and other developments relating to security systems.
As a result, the practical implementation of these measures became possible:
- Monitor physical access to computer technology (ACT);
. to control electromagnetic radiation hardware SKT;
- Monitor the possible threat of SKT and record each such attempt (by monitoring).
As seen from above, the objectives and guidelines to protect information in foreign countries on a number of basic positions coincide with Russian and include:
a) prevent the diversion, theft, loss, distortion and falsification of information;
b) to prevent threats to security, society and state;
c) prevent unauthorized actions on the destruction, modification, mutilation, copying, blocking information, preventing other forms of unlawful interference with information resources and systems;
d) ensuring the legal regime for the operation of documented information as property;
d) the preservation of state secrets and confidential information documented;
e) ensuring the rights of actors in the information and processes in the development, production and use of information systems, technologies and equipment for their security.
On the use of certain organizational and technical measures to prevent computer crime specialists alone are three basic groups
3) integrated (combining individual techniques of the first two groups).
Arrangements for protection ACT includes a set of arrangements for the selection of verification and coaching staff involved at all stages of information formatsionnogo process, the development of a recovery plan information objects after their failure; organizing software and maintenance SKT; assigning disciplinary proceedings against persons on Safety specific SKT, the implementation of the regime of secrecy in the operation of computer systems to ensure the physical protection of the regime, logistics, etc., etc. Arrangements, in the view of many professionals who deal with the security of computer systems is an important one and an effective means to protect information, both as a foundation on which to build further the whole system of protection.
Analysis of domestic criminal cases leads to the conclusion that the main causes and conditions contributing to commit computer crime, in most cases are:
1) the uncontrolled access to the control board staff (keyboard) of the computer used as a stand-alone or as a desktop automated network for remote transmission of primary accounting records in the process of implementing financial transactions;
2) lack of control over the actions of staff, which allows the perpetrator to freely use referred to in paragraph 1 computer as a weapon to commit a crime;
3) low level software that does not have control of protection that ensures compliance and verification of the correctness of the input information;
4) inadequacy of password protection against unauthorized access to the workstation and its software, which does not provide reliable identification of a user on individual biometric parameters;
5) the absence of an official in charge of the regime of secrecy and confidentiality of commercial information and security in the protection of computer equipment from unauthorized access;
6) The lack of kategoriynosti admission officers to the documentation of strict financial reporting, including in a form of computer information;
7) the absence of agreements (contracts) with employees for non-commercial and official secrets, personal data and other confidential information.
In the functional responsibilities of these persons must first include the following entries to make the security measures SKT:
1) ensuring support from the leadership of a particular organization claims the protection of SKT;
2) develop a comprehensive plan to protect the information;
3) identify priority areas for protection of information in accordance with the specifics of the organization;
4) a total cost estimate for funding conservation activities in accordance with the plan and approve it as an annex to the plan, the leadership of the organization;
5) The definition of responsibilities of the organization for information security within its competence, set by the conclusion of appropriate agreements between staff and management;
6) Development, implementation and monitoring of every kind of personal instructions, rules and orders governing the admission forms, levels of classified information, individuals authorized to work in secret (confidential) data, etc.;
7) Develop effective measures against violators of protection SKT.
In doing so, experience has shown that the most reliable means of improving the effectiveness of security measures SKT is to train and familiarize staff working with the applicable in a particular organization organizational and technical measures of protection.
Technical measures are the use of various special-purpose devices:
The devices screening equipment, lines and wire communications facilities, which is computer technology.
The devices integrated phone.
The devices fire protection.
Remedies port on the computer.
Also, to protect the software you enter the settings for the computer. Access can be defined as:
- General (of course provided by each user);
- Refusal (unconditional waiver, such as permission to remove portions of information);
- Dependent on events (event driven), provides for blocking the user, for example, in certain intervals or when the computer system at a particular terminal;
- Depending on the content of the data (in this case, the decision on access based on current data, for example, some users are prohibited from reading or other data);
- Depending on the (dynamic state of the computer system), is dependent on the current state of the computer system, program managers and system protection, for example, may be denied access to the file, if the media machine is not in a position to «read-only» or until open drive containing the file;
- Frequency-dependent (for example, allow users to access only one or a number of times - thus prevents the possibility of dynamic control events);
- By name or other user (for example, a user must be over 18 years);
- Dependent authority (provided the user to the data, depending on the mode: read-only, only the implementation, etc.)
dependent on the background of
to resolve (password required)
As for antivirus software, the scientists agree that currently there is sufficient quantity to defuse almost any virus. Of Russia's development can be distinguished: AVP Kaspersky, AIDSTEST, Adinf, Sheriff, Doctor Web,. About the last program, we can say that it destroys even samokodiruyuschiesya viruses, which I highlighted in the third chapter. Anti-virus software protects your computer from viruses by 97%. Three percent is also confirmation that there is no absolutely reliable. Generally, if abide by simple rules (to create the archives of the program is not installed on your computer storage media of dubious origin, periodically check the computer for the emergence of viruses, etc.) you can avoid unnecessary problems.
In closing this chapter, I would like to note that developments in the field of computer security depends very much. Ultimately, this should lead to the education industry of computer security systems and technologies.
Статьи по теме:
Desk Microsoft Windows XPSpam and how to cope with it Potential problems in WindowsTime to create protection Software can be downloaded from Vareznyh Sites or whether Buy for sale onlineThe company Janet Systems Llc Presented Soa-Platform The exhibition «E-Kazakhstan»What is the standard CompactPCI?Zao «Light Kommunikeyshn» confirm its status «Microsot Gold Certified Partner» In 2008Learn the truth about your child doing surfing habitsThe story of software Escrow Netpromoter: New Opportunities Professional Web statisticsImplementation Crm Systems Sales Expert 2 The Company «Sibaeroinzh»History of Opera browserPerfect System Digital Surveillance Uniteco Dvs Tips software and programs connected branch PC Peripherals Mikrokontrolleryne SystemDevelopment of Software Development ProjectsThe signals under UNIXTame your registration with the Windows software cleaning registryFree Internet Or How to Become a HackerAll font - Using Type1 I TruetypeBacking up the blog on Blogspot. Blogger Backup utilityGoogle on the Internet malicious softwareLASER (LED) Plotters The development control information tools for PADSEnabling Windows XPRepair permissions for sluggish computerThe total points in the organization LANMicrosoft Great Plains to customers in Russia: how to find a consultant and the most frequent questionsThe scheme of the free acceleration of InternetFree software, whether or not to beBacking up data. Should I pay?The possibility of CompactPCI have more than 8 slotsPrint ManagerElectrostatic Plotters Determination of computers as an object of design Tracing processes in UNIXIntroduction to WindowsWindows Media PlayerLaw Bezopasnosti The world softwarePrinting without a printing press? It is possibleComputer technology and GenealogyLinux: Gentoo Vs Ubuntu Functionality«Rolling» to previous versions of Microsoft WindowsAutomation planning printing by Apple (Mac)Bus EISA Theft of computer dataRestoring WindowsVarieties of computer crimeThe counterfeiting of computer informationHackers can control a PC without the knowledge of their owners More Software invites you to Docflow 2008!What brings Sp1 For Windows Vista?