Лекция: Prevention of Computer Crimes in Banking
Computer crime (cybercrime, e-crime, hi-tech crime) generally refers to criminal activity where a computer or network is the source, tool, target or place of a crime. Computer crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception, data interference (unauthorized damaging, deletion, alteration of computer data), system interference, forgery (ID theft) and electronic fraud.
A common example is when a person starts stealing information from sites, or cause damage to a computer or computer network. There are also problems of privacy when confidential information is lost, say, when an e-mail is intercepted whether through illegal hacking, legitimate monitoring (increasingly common in the workplace) or when it is simply read by an unauthorized person.
A computer can be the tool, used, for example, to plan or commit an offence such as larceny or the distribution of child pornography. The growth of international communication and in particular the Internet has made these crimes both more common and more difficult to police. Types of computer crimes: cyber crime, malicious code, hacking, computer virus, cyber terrorism, information warfare, fraud and identity theft, phishing, virtual crime.
Applying the modern technical means of the information security has become the significant element of the computer crime prevention in banking (prevention implies the access restriction or the use of the whole computer system or just part of it). The Regulations about technical information security indicates that technical information security with the restricted access in the automated systems and means of computer engineering is directed on preventing the disturbance of data integrity with the restricted access and its leaking in the way of:
· unauthorized access;
· in-taking and analyzing the collateral electromagnetic radiations and inducing;
· the use of the laying devices’;
· the implementation of computer viruses.
There are main means of information security: physical measures, hardware means, software means, hardware and software means, cryptographic and organizational methods.
The physical means of protection are the measures which are necessary for outer protection of a computer, the territory and the objects on the basis of computer engineering which are specially meant for creating the physical obstacles on possible ways of penetration and access the potential infringes to the components of information systems and data which are under protection.
The main functions of hardware means of security are:
· the inhibition of the unauthorized remote access to the distant user;
· the protection of software integrity.
These functions are carried out in the way of:
· identification of the subjects (users, maintenance staff) and the objects (resources) of a system;
· authentication of the subject in accordance with the given identifier;
· inspection of authorities which implies checking the permit for certain kinds of work;
· registration (logging) with reference to the forbidden resources;
· registration of the attempts of unauthorized access.
Software security means are necessary to accomplish logical and intellectual functions of security which embedded in the software tools of the system. There are some aims of the safety which are realized with the help of software security means:
· check of the loading and login with the help of a password system;
· delimitation and check of access rights to the system resources, terminals, constant and temporary data sets;
· file protection from viruses;
· automatic control of users’ operations in the way of logging their activity.
The hardware and software security means are the means, which are based on the synthesis of program and hardware means. These means are widely used in authentication of users of the automated banking systems. Authentication is the inspection of the user’s identifier before its access to the system resource. The use of smart cards containing passwords and users’ codes are widespread in the automated banking systems.
The organizational security means of the computer information make up the set of measures concerning staff recruitment, inspection and training of the staff who participate in all stages of information process.