In the lecture about "Components of Information Security" by Prof.Losavia. For information,confidentiality,intergrity and availablity is the three requirements for secure information. There is kind of comprise between these three. Some inforatiom may put more emphasis on confidentiality, some may put more emphasis on intergrity and some availability, it depends on the content of the information. The lecture also gave the explanation about vulenrability,threats , attack and control.
For the system administrator, vulnerabilty is the first thing to check for the system, patch every holes known, establish rules to combat the possible attacks, develop procedures to recover from the real attacks ,catch and punish the attackers. To combat the computer or information crime, the most important thing is not to patch the holes, because I do not think it is an efficient way to deal with that, because no system can be perfect without any flaws, the patches for the holes will never end. We can not avoid the crimes by only doing some repairing stuff. The good way to deal with the computer crimes should be based on education and policy and punnishment. Educate the potential hackers to devote and put their intelligence to the development of the society. They can earn the money or become famous to do some constructive work not destructive work such as sending out virus to crash millions of computers to become a famous guy.
We can check the following website to familize ourselves with the on-going computer crimes.
http://www.cybercrime.gov/
One of news which is interesting and meaningful is
Phisher" Sentenced to Nearly Six Years in Prison After Nation's First Can-Spam Act Jury Trial Conviction .
It is a real good news, maybe we should broadcast this news, and if every country in the world can establish this kind of statue, how can we everyday receive hundreds of spams phishing us to give out our bank account or some other private information. But I am just wondering why the euro countries do not have such kind of law( if they have, why there are a lot of spams or lottery phishsing from UK ?). Why the government can not collect the phishing email's information and establish a database to catch these guys and punish them according to the law?
The problem now is that maybe no single unit or dept in the government to deal with the online or computer crime. It is a heaven for the hackers and hell for the victims. Except the commited computer crime is large or the loss is large enough, no government or administration action will perform to prevent this crimes. Can this situation be changed soon?
Actually, the total cost for computer crimes is already large enough for business units according to
http://news.com.com/Computer+crime+costs+67+billion,+FBI+says/2100-7349_3-6028946.html
What about the costs of the personal victims? I think almost every person who has the access to the internet will have the frustating experience being attacked by the virus. The cost is certain to be huge.
The reason for the people to suffering from this virus is that the way to catch and punish the evil hackers is not efficient enough. Almost everybody knows that"rob or steal" is a crime, but not everybody realizes that coding a virus and spread it will cost much more to the society than simple theft or robbery. The government should take the immediate action to fight this , let the potential hackers realize the result of their actions.
Combing the technologies to track and control the hackers with the policy and statue, the computer crime can be reduced or extinguished in the near future. So the destructive force will become the constructive force for the society.
Technology with law can crack down the computer crimes finally, I think.
No comments:
Post a Comment