Question Regards of Security

Discussion in 'other security issues & news' started by asd, Oct 23, 2004.

Thread Status:
Not open for further replies.
  1. asd

    asd Registered Member

    Joined:
    Oct 23, 2004
    Posts:
    2
    Hi, I'm new here, and I have a question in regards of security topics. I have three questions that i need to know, since i dont know much in this topic, maybe some of you guys know what the answer are.

    Here are the question;

    1. Why is hte amount of involved in computer fraud are soo high, and what is it hard to find the culprit ?

    2. Majority of criminal who commited computer fraud were insider, that is an employees of one's organization, what measures should we take to minimize that ?

    3. What is the main obstacle in adopting Biometric technology for access control to IS's, and what is the advantage of using password over such technologies ?

    I know those threee questions might seem newb, for most of you guys, but those questions confused me a lot. I hope you guys want to help me out and give me your opinion what the answer should be OR maybe give me good sites about all those.

    Thank You
     
  2. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi asd and welcome to Wilders.

    1. The amount of money involved is large as almost all monetery transactions are computerized [ie. funds transfer, eftpost, creditcard etc.]
    The detection methods are always playing catch up to the various exploits used.


    2. Remove access to sensative information to all non-essential employee's, if the buget allows employ a security specialist, Monitor the network usage and log the phone calls, internet conections etc.

    3. Biometric technology [finger print recognition etc.] is a growing area of IT security, the main obsticle is cost and employee privacy issues [unions etc]
    The benifits over passwords are great, it's alot harder to fake a finger print then to steal/copy a password. Passwords can be cracked/guessed.


    Closed networks are a good idea, restricting only the PC's that must have net access, removing all CD drives, floppy drives etc. So that you only have workstations connected to a central server that is easier to monitor.
     
  3. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    1. The fraudsters know what they are doing; they know the technologies they're dealing with and the methods used to track them down, so they learn how to slip under the radar. The ones that don't aren't around long enough to pose much of a problem. :)

    2. I suppose that depends on what kind of things you are trying to protect. There's a lot of different methods and products for securing different things in different ways. It all depends on what you need to do, what you need to protect, and what you can sacrifice for security (time, money, functionality, etc) Generally speaking, securing your network/restricting access is the first major step (like Sweetie said.)

    To ammend what Sweetie was saying, if you are using XP Pro, you should go through the Group Policy Editor (Start > Run: gpedit.msc), you can restrict access to all removable media, further limit access restrictions, and more. Turning on Auditing (in gpedit) can make it easier to track things down when something goes wrong, too. Win2000 has this kind of functionality as well, but it's not as easy.

    I agree that it would be a good idea to hire a security expert. To truely answer your questions would require being able to see how your network is structured, how you use it, and what you need to protect.
     
  4. asd

    asd Registered Member

    Joined:
    Oct 23, 2004
    Posts:
    2
    Thank you guys ... That answered me a lot ... Sure .. i'll consider your opinion to try hire security expert for this kind of problem... :D
     
  5. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Answering this kind of questions can be hard, and I salute Sweetie(*)(*) for the neat answers.

    There are some neat global information security surveys avalable from kpmg, E&Y and PriceWaterhouseCoopers. Just do a google search:

    E & Y 2004
    kpmg 2002
    pwc 2004

    I don't know if you posed the question because you're company is under threat of fraud, or if you're uncertain about that. In that case: it's not only an information security or IT issue. Your organization needs a thorough investigaton. The need for external experts seems high. I don't know from what country you're from and the urgency,so it's hard to point you anywhere else than to the Big Four accountancy firms.

    Have an IT auditor check you systems and the alignment between business processes and infosystems.

    Do you have a current security policy in order?
     
Loading...
Thread Status:
Not open for further replies.