The proliferation of cyber crime — both corporate and criminal — has created a new frontier for law enforcement.
As more and more technology-based arrests are being made — from child pornography to embezzlement — a greater emphasis is being placed on the policing of information systems.
Ferris State University has designed a program for information technology security measures in its Master of Science in Information Systems Management with specially designed programs to help police and protect materials stored or conveyed over the Internet and on hardware and software.
“It has created a very interesting response,” said William Boras, Ph.D., chair of Ferris State’s Department of Business Graduate Programs. “Ironically, the time you need these types of programs the most always seems to be the time with largest budget constraints for the public sector and private sector. But no company is immune.
“A worm or virus may hit an accounts receivable file or a subscription base, and things like that can put you out of business. You’ve got to stay on top of it and have to know what you are going to do when it happens and what to do when you catch someone.”
Ferris State offers both a security management degree and a related master’s degree program. Similar information technology classes also are incorporated into criminal justice programs.
“What we’ve done is really separated them out into two distinct needs,” Boras said. “The first is corporate — with a primary focus on security and, to a lesser extent, preservation of evidence — and the second one is the graduate program in criminal justice where the entire focus is entirely on forensics.
“We approach it in two different ways. If you’re a victim, you have to secure the evidence. For law enforcement, you have to secure evidence for conviction.
“This is not just goofy stuff. We’re talking about catching child pornographers, embezzlers and terrorists. This is on the cutting edge, and we’re using the same equipment as the federal government does for these things.”
The programs are tailored to accommodate both law enforcement officials and corporate executives and programmers.
“We would love to have both,” said Rick Misland, a Ferris State professor who helped develop the program curriculum. “If somebody is a computer technician, he or she may have a lot of knowledge about PCs and the network, but they may not be introduced to securing the network. So even though they may know how to build it, they might not know how to secure it.
“For a CEO, it’s the management level aspect of the service,” Misland added. “What do I need to know about information or about encrypted e-mails? Should we even encrypt them at all or have a firewall? What about a spam filter?
“What are the things that I, as a CEO, need to know for organizations to be successful and reduce that risk?”
From aerospace defense manufacturers to law firms and retail operations, sensitive information that is exposed can be disruptive or even destructive to the company’s success.
“Every bit of knowledge about that company is sitting in the data base somewhere with its life history — where it’s been and where it’s going,” Boras said. “Once it becomes vulnerable, or once somebody breaches it, you literally put the whole organization at risk.”
The program for IT security was implemented at FSU just over a year ago.
“Originally, we thought there was a niche there with law enforcement, because the interest is there,” Misland said. “But there has been a lot of response from the business community as well. We’ve had good response and it is just growing at this point.
“Corporations have to work within these guidelines to protect themselves and law enforcement officials have to analyze good evidentiary evidence for courtroom presentations,” Misland added. “We’re on the cusp of it with these two courses.
“The class has been in place, but we are tweaking it a little bit. We’re looking at it as not just law enforcement, but also the corporate world.”
In the summer of 2003, Ferris State professors met with assistant district attorney Richard Murray — along with FBI, CIA and DEA agents and a couple of software companies — to comprise a computer analysis response team.
“What’s really neat about it is the experts put this together all in Grand Rapids,” Boras said.
Law enforcement officials worked with Ferris State personnel to develop a program that will enhance both law enforcement and corporate security measures. Other West Michigan-based organizations battling cyber crime include Information Systems Security Association in Grand Rapids and the High Technology Crime Investigators Association.
“The courses are for criminal justice people or corporation CEOs because they examine cyber criminology and the cyber criminal mind,” Misland said. “The other is cyber forensics for law investigations.”
Misland said that an additional outgrowth of the program is an actual book of how to handle computer incidents from a law enforcement perspective. The three-chapter book is titled “A Strategic Guide to Computer Crime Incidents” and provides a step-by-step guide of how to police e-mail harassments, fraudulent online businesses, personal information and identity theft. It will be published this spring, according to Misland.
“The book shows you how you go about investigating those types of things,” Misland said. “The IT world knows how to do these things, but we want to provide that information for law enforcement agencies and companies wanting to upgrade their security systems.”
Ferris State offers courses in corporate security and principles of information and security.
“Every corporation has information,” Misland said. “There are 10 domains of a common body of security such as how we protect our information, physical aspects or security, passwords, virtual security, types of software needed to protect transactions and e-mail identity.
“Then, there is human security and how to protect that information for people coming over the phone or counter and how to protect against corporations trying to fraudulently obtain sensitive information. We basically show them how to protect that information.
“Twenty-five years ago when we were still scratching the surface of technology, it was never a problem. It’s been growing with credit card numbers, Social Security, birthdates and passwords. More and more of that is happening with things as simple as log-ins and on-line fraud.
“In the past if you lost your wallet, you might lose your identity. The same thing is true online nowadays.”
One of the classes examines intrusion, detection and cyber forensics, while the other is based upon what computer crime and cyber crime are and what are the legal and ethical ramifications.
“Protection and response are the two premises of homeland security,” Misland said. “How do we protect our information with physical, virtual and human security measures?
“The second course is about intrusion protection response and cyber forensics from a network unit all the way down to PDAs or cell phones.”
The IT courses are offered at Ferris State campus sites in both Grand Rapids and Big Rapids. The sites alternate locations during the fall and winter semesters
“Education, education, education is the key,” Misland said. “Our first principle is a military one, and that is to know your enemy.
“The more you make your employees aware of these issues of security, the better off you’ll be.”
Misland said that those not wishing to enroll in the undergraduate or graduate programs may attend classes as non-degree-seeking students.
“We’re trying to promote it on multiple levels,” Misland said. “We have guest registration, where you can take courses specifically without having to do the whole degree.
“A couple of people started that way and decided to finish up with a master’s degree.”
Although in-depth expertise of computer systems is not required to take the classes, Misland said a rudimentary knowledge of the network will greatly enhance the ability to comprehend the material.
“It helps to have a general idea of how computers work,” Misland said. “After all, we’re talking management here.”