Problem Statement

Organizations that use mid-range computers need to be aware of exposures that may lead to computer crime or abuse. These organizations need to determine if a threat exists and take measures to protect computer hardware, software and data.


Computers are found in most offices in the United States. Most schools use computers in their curriculum. Many families have personal computers at home, some having the capability to remotely access other computers via a modem. Most offices depend upon timely, accurate information processed by computers. Computers easily communicate using standard telecommunication technology.

With the introduction of inexpensive personal computers in the early 1980's, millions of personal computers are now in use in businesses and homes throughout the world. Most people use computers to access data bases, prepare reports, prepare documents, analyze data or prepare graphic information. Personal computers are used to increase productivity, to educate and to entertain. Some computer users commit crimes with the help of computers.

Computer crime and abuse have been a problem for many years. As technology changed, the types of computer hardware and software involved has changed. Today, personal computers and mid-range computers are as common as mainframe systems were twenty years ago. Computer crime may involve the theft of hardware, software and services. Computer crime may involve harassment, stalking or the transmission of pornographic materials. Chapter two highlights example cases, defines categories of computer crime and abuse as well as reviews the legal environment.

One goal of this thesis was to study computer crime and abuse since 1980 to determine if the users of mid-range computers are experiencing computer crime and abuse. Recommendations of ways mid-range computer users can protect their hardware, software and data assets by minimizing the threat of computer crime and abuse have been made. An assessment of computer security needs of mid-range computer users in regards to the possible internal and external threats of computer crime and abuse has been made. 


For the purposes of this study, the following definitions will be used.

Computer crime and abuse: any violation of local, state or federal law dealing with computer hardware, software, data storage or data transmission. This definition does not include office guidelines or policies that some organizations have established.

Mid-range computer: a multi-user computer system having 20-200 workstations attached and used for business processing rather than scientific processing. This definition excludes individual personal computers, the small personal computer local area networks and large mainframe computer systems. The IBM AS/400 has been the primary mid-range computer for this study.

Modem: an electronic device that attaches to a computer or data transmission equipment to allow data communications with another computer, usually at a remote location. A modem allows a computer to communicate with another remote computer via telephone lines using attached modems. 


The focus has been on mid-range computers in the United States since 1980.

The scope focused on, but was not limited to, computer crime and abuse committed using personal computers or remote terminals communicating to a remote computer via a modem. The focus does not include events prior to 1980 or events outside the United States.

One limitation has been the significant amount of computer crime and abuse that goes unreported. The thesis will show that it is often common for organizations that experience computer crime or abuse to take actions internally, without notifying authorities, thus minimizing potential negative publicity.
The scope includes a study has been the current legal environment. Laws have been strengthened during the second half of the 1980's.

The scope of the survey of AS/400 users was limited to the Minneapolis, Minnesota area. 


The outcomes for this study are: increased awareness of state and federal laws regarding computer crime and abuse for mid-range computers and increased awareness of the numbers and type of problems that have been reported. Further outcomes are measuring the awareness of the Twin Cities area mid-range users about the laws, violations in their organizations and the use of methods to minimize the problem of computer crime and abuse. A needs assessment was done to determine if mid-range computer users have problems and if they feel the threat is real. The needs assessment culminated in recommendations to organizations to minimize the risk of exposure to computer crime and abuse. General and AS/400 specific  recommendations, contained in chapter five, list many preventative measures that can implemented within days.

The chapter two literature review discusses the dollar impact, example cases, legal environment and categories of computer crime and abuse. The next chapter also provides information on who commits computer crime.

The following chapters discuss the methodology used and the results that were obtained from the literature review, key informant interviews and a survey of AS/400 users.