Date of Award
Master of Science
This thesis presents a model of information to capture regarding unauthorized computer systems access attempts. This model takes a management focus, and incorporates the technical focus, intelligence focus, and legal focus as inputs. The author used an exploratory, qualitative methodology consisting of an extensive literature review and interviews with experts in the field. These efforts produced the proposed model, which was reviewed by experts in the field using a delphi technique. The model consists of information that is divided into the following areas: 1. What information was compromised. 2. What type of intrusion occurred. 3. How the intrusion was attempted. 4. Ability to report to law enforcement. 5. Prevention of future intrusions. This thesis concludes by recommending: 1. information should be captured by individual as close to the intrusion as possible. This is to reduce inaccuracies in the information. 2. Information should be passed in a timely and accurate manner to the organization's CERT. 3. The CERT should use the information to rectify the intrusion. 4. The CERT should conglomerate the information to evaluate the possibility of an organized intrusion attempt. 5. The CERT should pass relevant information to other 5 stem administrators to prevent future successful intrusion attempts.
DTIC Accession Number
Himebrook, Leslie F., "A Model for Determining Information to be Captured Regarding Unauthorized Computer Entry of an Air Force Computer System" (1997). Theses and Dissertations. 5662.