La Escritura como Proceso Cognitivo y El Desarrollo de la Competencia Escritora:

At the risk of stating the obvious, hacking—computer crime—can result in massive financial losses for companies, governments, and individuals alike. The costs asso- ciated with computer crime can manifest themselves in various ways, which may range from the obscure to a clear hit to the bottom line.

Digital assets where costs from hackers can manifest themselves fall into four major categories: resources, information, time, and reputation.

1. Resources. Resources are computer-related services that perform actions or tasks on the user’s behalf. Core services, object code, or disk space can be considered resources that, if controlled, utilized, or disabled by an unauthorized entity, could result in the inability to capture revenue for a company or have an impact on an important process resulting in the failure to meet expected objectives.

2. Information. Information can represent an enormous cost if destroyed or altered without authorization. However, there are few organizations that assign a value to information and implement the proportionate controls

necessary to ensure its protection. Data can be affected in several ways that will have a discernible cost related to the type of effect: loss, disclo- sure, and integrity.

a. Loss. The loss of data is relatively easy to measure when compared to disclosure and integrity. Information takes time to collect or produce, requires resources to be managed, and will certainly (to some degree) have value. There are many examples of intentional and unintentional acts resulting in the loss of information. Not having a backup of your data when a hard drive fails is a painful experience we all hope we have to survive only once.

b. Disclosure. Nearly every entity that uses information has the potential to be negatively affected by its uncontrolled disclosure. Although the impact of an unauthorized disclosure is one of the most difficult to measure, such a breach is noteworthy because it represents the tradi- tional fear of hacking: proprietary information theft. If someone steals your car, there is a cost that can be quickly determined because of the crime’s physical nature. Information, on the other hand, is intangible, and the thief may not perceive content to be as valuable as the owner does; therefore, the disclosure may have little or no impact. Contrary to the assumption of the hacker’s ignorance, industrial espionage is the deliberate use of illegally obtained information for the betterment of the competition. In any event, the exposure of critical information could cost a company a great deal of money through competitive disadvan- tage or the revelation of unwanted information to the public.

c. Integrity. Ensuring information is accurate and complete is necessary for any organization. If data were to be manipulated it could become a loss to the owner. This can be as simple as the cost of an item online being $99.99 but represented as $9.99 because a hacker found a way of manipulating cookies to move the decimal point one position to the left. However, there are much more sinister examples that are very difficult to equate with a financial loss. Integrity is the foundation of several forms of legislation. One of the most prevalent is the Sarbanes Oxley Act that was passed by the U.S. government to ensure that financial reporting is accurate. It can be readily assumed that publicly traded companies use vast computing systems to track financial met- rics. Therefore, you can conclude that information security plays a significant role in ensuring the data is accurate and there is a record of changes.

3. Time. The loss of time can be related to costs in the form of payroll, not meeting critical deadlines, or an unavailable E-commerce site that would normally produce thousands of dollars in revenue if it were available. Anything that consumes time, consumes money, and expenditures for recovering from an incident can represent the greatest form of financial loss.

4. Brand and Reputation. There are many companies who have very recog- nizable brands, so much so that the color alone will promote images of

the company. For example, Brown . . . UPS. It wasn’t until mid-2002 that UPS started to take advantage of their color recognition and started the “Brown” marketing campaign, “What can Brown do for you?” Very smart move on their part. Blue and orange . . . FedEx. Even Coke seems to have taken ownership of the color red.

Reputations of organizations have fallen victim in the face of attacks, many not even remotely associated with information security. I’ll spare you commentary about Enron’s or WorldCom’s debacle or the investment firms with monumental conflicts of interest. However, there are a few who have had problems that can be directly linked to lapses in information security. As demonstrated in Figure 2.1, Aastrom Biosciences, Inc. was forced to defend itself after a fictitious press release stating a merger with another firm sent the stock price soaring. Information security can have a deep impact on the perception of value of a company, resulting in serious ramifi- cations for public as well as private companies.