CHAPTER I
INTRODUCTION
Organizations that use mid-range computers need to be aware of exposures that
may lead to computer crime or abuse. These organizations need to determine if a
threat exists and take measures to protect computer hardware, software and data.
Computers are found in most offices in the United States. Most schools use
computers in their curriculum. Many families have personal computers at home,
some having the capability to remotely access other computers via a modem. Most
offices depend upon timely, accurate information processed by computers.
Computers easily communicate using standard telecommunication technology.
With the introduction of inexpensive personal computers in the early 1980's,
millions of personal computers are now in use in businesses and homes throughout
the world. Most people use computers to access data bases, prepare reports,
prepare documents, analyze data or prepare graphic information. Personal
computers are used to increase productivity, to educate and to entertain. Some
computer users commit crimes with the help of computers.
Computer crime and abuse have been a problem for many years. As technology
changed, the types of computer hardware and software involved has changed.
Today, personal computers and mid-range computers are as common as mainframe
systems were twenty years ago. Computer crime may involve the theft of hardware,
software and services. Computer crime may involve harassment, stalking or the
transmission of pornographic materials. Chapter two highlights example cases,
defines categories of computer crime and abuse as well as reviews the legal
environment.
One goal of this thesis was to study computer crime and abuse since 1980 to
determine if the users of mid-range computers are experiencing computer crime
and abuse. Recommendations of ways mid-range computer users can protect their
hardware, software and data assets by minimizing the threat of computer crime
and abuse have been made. An assessment of computer security needs of mid-range
computer users in regards to the possible internal and external threats of
computer crime and abuse has been made.
For the purposes of this study, the following definitions will be used.
Computer crime and abuse: any violation of local, state or federal law dealing
with computer hardware, software, data storage or data transmission. This
definition does not include office guidelines or policies that some
organizations have established.
Mid-range computer: a multi-user computer system having 20-200 workstations
attached and used for business processing rather than scientific processing.
This definition excludes individual personal computers, the small personal
computer local area networks and large mainframe computer systems. The IBM
AS/400 has been the primary mid-range computer for this study.
Modem: an electronic device that attaches to a computer or data transmission
equipment to allow data communications with another computer, usually at a
remote location. A modem allows a computer to communicate with another remote
computer via telephone lines using attached modems.
The focus has been on mid-range computers in the United States since 1980.
The scope focused on, but was not limited to, computer crime and abuse committed
using personal computers or remote terminals communicating to a remote computer
via a modem. The focus does not include events prior to 1980 or events outside
the United States.
One limitation has been the significant amount of computer crime and abuse that
goes unreported. The thesis will show that it is often common for organizations
that experience computer crime or abuse to take actions internally, without
notifying authorities, thus minimizing potential negative publicity.
The scope includes a study has been the current legal environment. Laws have
been strengthened during the second half of the 1980's.
The scope of the survey of AS/400 users was limited to the Minneapolis,
Minnesota area.
The outcomes for this study are: increased awareness of state and federal laws
regarding computer crime and abuse for mid-range computers and increased
awareness of the numbers and type of problems that have been reported. Further
outcomes are measuring the awareness of the Twin Cities area mid-range users
about the laws, violations in their organizations and the use of methods to
minimize the problem of computer crime and abuse. A needs assessment was done to
determine if mid-range computer users have problems and if they feel the threat
is real. The needs assessment culminated in recommendations to organizations to
minimize the risk of exposure to computer crime and abuse. General and AS/400
specific recommendations, contained in chapter five, list many
preventative measures that can implemented within days.
The chapter two literature review discusses the dollar impact, example cases,
legal environment and categories of computer crime and abuse. The next chapter
also provides information on who commits computer crime.
The following chapters discuss the methodology used and the results that were
obtained from the literature review, key informant interviews and a survey of
AS/400 users.