A Model for Determining Information to be Captured Regarding Unauthorized Computer Entry of an Air Force Computer System
Abstract
This thesis presents a model of information to capture regarding unauthorized computer systems access attempts. This model takes a management focus, and incorporates the technical focus, intelligence focus, and legal focus as inputs. The author used an exploratory, qualitative methodology consisting of an extensive literature review and interviews with experts in the field. These efforts produced the proposed model, which was reviewed by experts in the field using a delphi technique. The model consists of information that is divided into the following areas: 1. What information was compromised. 2. What type of intrusion occurred. 3. How the intrusion was attempted. 4. Ability to report to law enforcement. 5. Prevention of future intrusions. This thesis concludes by recommending: 1. information should be captured by individual as close to the intrusion as possible. This is to reduce inaccuracies in the information. 2. Information should be passed in a timely and accurate manner to the organization's CERT. 3. The CERT should use the information to rectify the intrusion. 4. The CERT should conglomerate the information to evaluate the possibility of an organized intrusion attempt. 5. The CERT should pass relevant information to other 5 stem administrators to revent future successful intrusion attempts.
Document Details
- Document Type
- Technical Report
- Publication Date
- Dec 01, 1997
- Accession Number
- ADA338787
Entities
People
- Leslie F. Himebrook
Organizations
- Air Force Institute of Technology