U.S. flag

An official website of the United States government, Department of Justice.

Cyber Traps: An Overview of Crime, Misconduct and Security Risks in the Cyber Environment

NCJ Number
Narelle George
Date Published
February 2004
6 pages
Intended primarily for staff with organizational responsibilities for online services in Queensland (Australia), this paper intends to raise their awareness of the crime, misconduct, and security risks inherent in the cyber environment.
The author advises that e-mail, intranets, and the Internet are inherently insecure; yet they are being increasingly used by organizations to open up their networks and make data and applications available to clients, partners, and suppliers. Cyber crime can impact any organization that uses information and communication technologies, and the volume of computer crime and security incidents in Australia is increasing rapidly, despite organizations' heavy investment in security technologies. The 2003 Australian Computer Crime and Security Survey found that the primary source of computer crime losses in the previous 12 months, as reported by responding organizations, were financial fraud; laptop theft; and virus, worm, and Trojan infections. Perpetrators have most often been insiders who are best placed to know the organization's greatest vulnerabilities and have greater legitimate access to information systems. Key security strategies discussed in this paper are to make security a priority, develop a corruption-resistant organizational culture, ensure senior management commitment, use the internal audit function, be unpredictable, and move quickly to investigate any breach of security. Key controls recommended in this paper are to develop clear security policies and procedures, conduct a regular risk assessment, and develop effective internal controls. The general advice for preventing crime and misconduct in the cyber environment is to integrate both "high-tech" and "low-tech" technological solutions. Organizations must recognize, however, that cyber security threats are not just a technology problem but also a people problem. 2 tables and 12 references