Fighting Computer Crime

A New Framework for Protecting Information

Donn B. Parker

Publisher: Wiley, 1998, 512 pages

ISBN: 0-471-16378-3

Keywords: Information Security

Last modified: June 28, 2021, 8:09 p.m.

Who are the cybercriminals and what can we do to stop them? From the #1 cybercrime expert, a revolutionary new approach to…

Fighting Computer Crime

A top computer crime expert explains why current computer security methods fall dangerously short of the mark and what we can do to fix them. Based on his 30 years as a cybercrime fighter, during which he interviewed more than 200 perpetrators and their victims, Donn B. Parker provides valuable technical insight about the means cybercriminals employ, as well as penetrating psychological insights into their criminal behavior and motivations. Using many riveting real-life crime stories to illustrate his points, he reveals:

  • Who your greatest security threats really are (be prepared for some surprises!)
  • Why employees undergoing divorce can be your organization's greatest computer security risk
  • How to overcome cyberterrorists who will employ any high-tech or low-tech means necessary to crash your systems.
  • Effective countermeasures for each threat covered in the book
  • How to neutralize even the most powerful cybercrime scheme attempts
  • Why and how the incorrect, incomplete, inarticulate security folk art must be revitalized
  1. The Myth of Information Security
    • The Big Picture
    • Learning from Experience
    • Weaknesses in Information Security Controls
    • The Human Factor
    • How We Got into This Mess
    • The Extent of Crime in Cyberspace
    • The Cyberspace Crimoid Syndrome
    • Back to Basics
    • Fortifying Installed Controls
    • How Do We Fix Information Security?
  2. What Are We Protecting?
    • Primary Characteristics of Information
    • Kinds of Information
    • Representations of Information
    • Forms of Information
    • Media
    • Owners of Information
    • Conclusions
  3. The Rise of Cybercrime
    • Abuse and Misuse
    • Trends of Business Crime
    • The Role of Collusion in Business Crime
    • Small-Business Crime in Cyberspace
    • The Rise of Cybercrimoids
    • Reporting Cybercrimes
    • Distorted Portrayals of Cybercrime in the Entertainment World
    • Cybercrime Law
    • The Future of Cybercrime
  4. Computer Abuse and Misuse
    • Computer Viruses and Related Crimes
    • Data Diddling
    • Superzapping
    • Computer Larceny
    • Extortion and Sabotage
    • Information Anarchy Using Encryption
    • Desktop Forgery and Counterfeiting
    • Software Piracy
    • Perceived Loss of Privacy in Cyberspace
    • International Commercial Espionage
    • Information Warfare
    • Summary of Computer Abuse and Misuse
  5. Network Abuse and Misuse
    • Internet Crime
    • LANarchy
    • Electronic Banking and Electronic Data Interchange (EDI) Fraud
    • Automated Crime
    • Conclusions
  6. Cyberspace Abusers and Misusers
    • Characterizing the Perpetrators of Cybercrime
    • Motives and the Cybercriminal
    • Seven Kinds of Cybercrirninals
    • The Cybercrime Rationalization
    • Social Engineering and Gullibility
    • A Summary of Protective Techniques
  7. The Disastrous Hacker Culture
    • What Is Hacking?
    • Who Is a Hacker?
    • How Much Hacking Is There?
    • How a Hacker Hacks
    • Understanding the Hacker Culture
    • Hacking As a Crime
    • Conferences Where Hackers Gather Together
    • The New Generation of Hackers
    • How to Treat Our Hacker Adversaries
  8. The Artisans of Information Security
    • Occupational Organization
    • The Role of Criminal Justice in Information Security
    • A Multidisciplinary Approach to Information Security
    • Advancing the Strategic Values of Information Security in Business
  9. The Current Foundation for Information Security
    • The Current Framework Model
    • Generally Accepted System Security Principles
    • The British Code of Practice
    • CobiT: Control Objectives for Information and Related Technology Framework
    • Conflicting Definitions: Message Confidentiality, Integrity, and Authenticity
    • Neumann's View of Information Security Terms
    • Implications of the Confusion Surrounding Security Terminology
    • Conclusion
  10. A New Framework for Information Security
    • Proposal for a New Information Security Framework
    • Six Essential Foundation Elements
    • Comprehensive List of Information Losses
    • The Functions of Information Security
    • Threats, Assets, Vulnerabilities Model
    • Clark-Wilson Integrity Model: A Framework for Business Applications Security
    • Conclusions
  11. Information Security Assessments
    • Risk Assessment
    • Problems with Quantitative Risk Assessment Methodologies
    • Alternative Techniques
    • The Baseline Approach
  12. How to Conduct a Baseline Security Assessment
    • Good Security in a Small Business or Home Environment
    • A Summary of the Baseline Security Review Process
    • Guidelines for Conducting Baseline Information Security Reviews
    • A Methodology for Information Owners Untrained in Information Security
    • The Methodology for Information Security Experts
  13. Good and Bad Control Objectives
    • Control Effectiveness Strategy
    • Use of Elements to Identify and Select Control Objectives
    • How to Use the Guides to the Control Principles
    • Descriptions of the Guides
    • Conclusion
  14. Tactics for Effective Information Security
    • Information Security Controls for Organization Changes
    • The Changing Needs for Confidentiality and Classification
    • Cryptography
    • Authenticated Logon Control
    • Testing System Security
    • Protection from Social Engineering and Gullibility
    • The Limitations of Technical Security
  15. Strategies for Effective Information Security
    • Strategic Values of Information and Security
    • Subtle Roles and Strategic Effects of Security
    • Ethics: The Essence of Good Security
    • Legal Concerns
    • Recommendations for Security Advisors and Conclusions
  16. Organizing for Security
    • Fitting Security into the Organization
    • The Size, Nature, and Location of Information Security Units
    • General Methodology for Distributed Computing Security
    • Open and Closed Distributed Environments
    • Policies and Management Support
    • Standards and Distributed Information Security Administrators
    • Guidelines and Technical Support
    • Motivating End-Users for Information Security
    • Other Information Security Management Issues
  17. Doing It Right and Preparing for the Next Millenium
    • Moving Information Security Forward
    • Solving the Hacker Menace
    • Dealing with the Privacy Problem
    • Solving the Cryptography Information Anarchy Problem
    • Some Final Thoughts for Better Information Security

Reviews

Fighting Computer Crime

Reviewed by Roland Buresund

Excellent ********** (10 out of 10)

Last modified: May 21, 2007, 3:04 a.m.

The title suggests that this book is about computer security. Nothing could be more wrong. This book is about strategic information security, whatever the form it takes.

I rate this alongside such classics as Commander Smith's Commonsense Computer Security.

If you're looking for a technical book or a book solely about computer security you will be disappointed. If you're trying to grapple with the larger concept of information security, this book will give a solid ground for your future work and even some ideas on how to sell it to your management.

It is packed with information, ideas, war stories, and commonsense advice, you can't loose by buying it. Just his re-definition of the CIA (Confidentiality, Integrity, Availability) into Availability, Authenticity, Confidentiality, Integrity, Utility and Possession makes this a book worth reading.

Mandatory reading for any serious information security professional/manager.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required