Date of Award


Document Type


Degree Name

Master of Science


This thesis presents a model of information to capture regarding unauthorized computer systems access attempts. This model takes a management focus, and incorporates the technical focus, intelligence focus, and legal focus as inputs. The author used an exploratory, qualitative methodology consisting of an extensive literature review and interviews with experts in the field. These efforts produced the proposed model, which was reviewed by experts in the field using a delphi technique. The model consists of information that is divided into the following areas: 1. What information was compromised. 2. What type of intrusion occurred. 3. How the intrusion was attempted. 4. Ability to report to law enforcement. 5. Prevention of future intrusions. This thesis concludes by recommending: 1. information should be captured by individual as close to the intrusion as possible. This is to reduce inaccuracies in the information. 2. Information should be passed in a timely and accurate manner to the organization's CERT. 3. The CERT should use the information to rectify the intrusion. 4. The CERT should conglomerate the information to evaluate the possibility of an organized intrusion attempt. 5. The CERT should pass relevant information to other 5 stem administrators to prevent future successful intrusion attempts.

AFIT Designator


DTIC Accession Number



Presented to the Faculty of the Graduate School of Logistics and Acquisition Management of the Air Force Institute of Technology