Information Systems Security

Type of Crime and Appropriate Procedure

Computer intrusion (i.e. hacking)
Report immediately to Supervisor. Leave computer screen on and isolate computer system. Contact Security and the Helpdesk/Information Assurance Team immediately.
 
Password trafficking
Report immediately to Supervisor, Security and the Helpdesk/Information Assurance Team.
 
Copyright (software, movie, sound recording) piracy
Report immediately to Supervisor; Supervisor will contact Security and the Helpdesk/Information Assurance Team. Security will notify the Department of Review and Evaluation.
 
Theft of trade secrets, government owned research
Report immediately to Supervisor. Contact SEC. Security will contact the Department of Review and Evaluation.
 
Trademark counterfeiting
Report immediately to Supervisor. Report to Security and the Helpdesk/Information Assurance Team. SEC will notify the Department of Review and Evaluation.
 
Child Pornography or Exploitation
Report immediately to Supervisor. Leave computer screen on and isolate computer system. Contact Security and the Helpdesk/Information Assurance Team. Security will contact NCIS.
 
Internet harassment
Save any email. Do not delete. Leave on if possible. Notify Supervisor and Security immediately. Security will notify the Helpdesk/Information Assurance Team.
 
Internet bomb threats or threat to US government and agency
Report immediately to Supervisor and SEC immediately. Security will notify the Helpdesk/Information Assurance Team. DO NOT DELETE screen or close the email or internet site. Isolate area and computer if possible. Security will notify NCIS.
 
Trafficking in explosive or incendiary devices or firearms over the Internet
Report immediately to Supervisor and Security immediately. Security will notify the Helpdesk/Information Assurance Team. DO NOT DELETE screen or close the email or internet site. Isolate area if possible.
 
Internet Fraud in connection with computers – knowingly and with intent to defraud, accesses a protected computer without authorization or exceeding authorized access, obtaining financial record, financial institutions, information from any agency, information from any protected computer or classified source
Report immediately to Supervisor and Security. This is a Federal offense. DO NOT DELETE and save any evidence or printouts – notify Security and the Helpdesk/Information Assurance Team immediately. Security will notify NCIS and the FBI will be notified. DRE will be alerted of fraud.
 
Threats to person or government agency through email or internet intrusion
Report immediately to Supervisor, Security and the Helpdesk/Information Assurance Team. DO NOT DELETE or close email. Print screen if possible. Isolate area. Note the time and date of incident and any suspicious activity. Security will contact NCIS and FBI immediately.
 
Email and internet abuse. E-bombs, chain letters, destroying or modifying data. Attack on confidentiality
Report to Supervisor and SEC immediately. DO NOT DELETE or close email. Security will notify the Helpdesk/Information Assurance Team and NCIS. Note any suspicious activity or individuals. Security will also notify the Department of Review and Evaluation.
 
Destruction of government owned PC files, diskettes, hardware or software
Report immediately to Supervisor and Security. Note date and time of incident and any suspicious individuals. Isolate the area if possible. Security will report it to the Helpdesk/Information Assurance Team and NCIS. The Department of Review and Evaluation and Logistics will be informed if destruction of hardware.

Threats and Areas of Compromise

The Threat
Foreign Intelligence
Economic competitors
Information Brokers
Interest Groups
Hackers
Insiders Intelligence
Email
Identity and Credit card theft
 
Areas of compromise
Pay and Finance
Personnel files
Sensitive research information
Medical data
Privacy issues
Don’t put risk information in your email that you don’t want published or privacy act information.
 
Insiders motivations
Any electronic media is allowed into and out of sensitive areas.
Once it is on the Internet it is gone.
Audit logs – of sensitive information before you take it off the Internet.
Establish security patches and solutions
Have a response and a disaster recovery plan.
 
Computer Network auditing
Turn on
Reviewed
How long retained (12 months)
Know your policy for reporting
Diskettes should be destroyed
Turn off (fast save) on Microsoft Word
Disk drive locks can not move data from computer

Security on the Internet

Spying in cyberspace is quick and easy. If someone on the Internet finds that, because of the type of information you offer, you could be a good "source," he or she will have no problem finding out more about you. It is very possible that an interested party can get your social security number; address; spouse’s name; children’s names; employer name;’ location, phone and fax number; and even telephone numbers and immediate neighbors – all from accessible online sources.
 
You may also be targeted because of what you access on the Internet or Web. When you passively use the net to view or collect information, you are giving out information; you are giving out information about you by tracking your use of the Internet, including web sites.
 
Countries and companies still collect information by any means they can. The Internet gives them a new and effective-means of collecting both economic and defense information.
 
Each time you log on, you create an audit trail and that trail may be a matter of public record. If you only read, retrieve, or comment on files pertaining to specific subjects, such as aerospace, high technology developments, or defense matters, you may attract interest.

References
SECNAVINST 5239.3     DOD DIRECTIVE 5200.28
 
Computer Crimes- Attacks on
Confidentiality
Integrity or
Availability of information or systems
Theft of information, services, or damage
 
Theft of Services
Phreaking: penetration of telephone switching system to steal long-distance calling services
Using supercomputers to crack passwords
"Weaving" to prevent detection
 
The Outsider
Hacker locates a victim system
Finds a weak password or other hole in operating system security, then breaks in
Uses hacker tools to exploit operating system
Gains "superuser" status
Modifies accounting system to hide tracks
Accesses email, files
Uses compromised system as platform to attack other systems
Advertises compromised site and vulnerabilities
 
The Insider
Former or current employee with access to system, inside firewalls
Exceeds authorized access to increase status to "superuser"
"owns" the system
Theft of Information
Government information
military
law enforcement
Business information
Trade secrets
Financial information
Credit card or other account numbers
Dollar value
Personal information
Privacy Act Information

Resources