© 1998 by British Computer Society
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
Protecting IT Systems from Cyber Crime
1 Visiting Professor, Imperial College, London, University College, London, University of Bristol, 13 Bellhouse Walk, Kingsweston, Bristol BS11 OUE, UK, 2 Independent consultant, specializing in Information Security, 4 Palmers Green, St Johns, Worcester WR2 4JY, UK, 3 Professor of Computing Science, Department of Computing Science, University of Newcastle, Newcastle upon Tyne NE1 7RU, UK
Large-scale commercial, industrial and financial operations are becoming ever more interdependent, and ever more dependent on IT. At the same time, the rapidly growing interconnectivity of IT systems, and the convergence of their technology towards industry-standard hardware and software components and sub-systems, renders these IT systems increasingly vulnerable to malicious attack. This paper is aimed particularly at readers concerned with major systems employed in medium to large commercial or industrial enterprises. It examines the nature and significance of the various potential attacks, and surveys the defence options available. It concludes that IT owners need to think of the threat in more global terms, and to give a new focus and priority to their defence. Prompt action can ensure a major improvement in IT resilience at a modest marginal cost, both in terms of finance and in terms of normal IT operation.