Since computer crimes are occurring in organizations, the main purpose of this book is to show managers and computer users how to set up policies that can curtail the occurrence of these crimes. The book presents diverse reasons why it is critical for management to establish an effective computer crime prevention program that guards against unacceptable risks. Computer crimes are a growing concern and are costing organizations large sums of money. In general, the book tries to get managers to understand the importance of implementing programs for the detection and prevention of crime. The book identifies a wide range of threats and provides tips on how to prevent computer crime.

Chapter 1 identifies the importance of developing an action plan that is effective and provides adequate protection. A major focus is on crime prevention and detection. Senior managers have to take the initiative in developing an action plan. Operating managers have the primary responsibility for the actual prevention and detection of computer crime, since they are directly involved in the day-to-day activities of the organization. Auditors and investigators can assist managers in this process. The information services department should assist users in protecting their applications and provide them with an environment in which crimes are not easily committed.

Chapter 2 explains how to establish computer crime policies. The author portrays different computer crime threats and thus highlights the importance of crime prevention policies. He presents computer crime as ranging from theft of service, through theft of information or programs, to purposeful damage of hardware and software. Companies have to take the responsibility of assessing their environments for risk.

Chapters 3 through 5 provide the background information needed to develop an effective computer crime policy and plan of action. The chapters stress that it is up to the senior management of any organization to take personal responsibility for this effort. Every organization faces some kind of computer crime threat, and therefore those charged with policy implementation should begin by identifying the threats facing their organization. The next important step is for the management to assess their vulnerability as it relates to their particular industry, environment, and ultimate organizational philosophy. A good question to ask is, How can our organization be harmed by the identified computer crimes?

Chapters 6 to 8 focus on the detection, investigation, and prevention of computer viruses, identifying the different types and explaining how computer systems become vulnerable to infection. The book warns management of these notorious threats, which can cause millions of dollars worth of losses, and stresses the need for detection and prevention programs. The authors prescribe 12 protective measures.

Chapter 9 discusses an overall strategy for detecting computer crimes within the organization. The main objectives of detection include limiting the loss in dollars to the organization, limiting the cost of detection, and using the capability of the software at hand to publicly prosecute computer criminals.

Chapter 10 addresses the prevention of computer crimes. Two strategies are suggested. The first is to develop an action plan designed to prevent the crimes. The second strategy is to attempt to detect the crime soon after it occurs in order to limit dollar losses. It is advisable for companies to use preventive methods in order to minimize penetration of their computer systems. The chapter identifies a range of countermeasures. Moreover, the authors state that the ultimate defense against computer crime is the existence of an ethical user community, which results from employee education. The book concludes by telling managers that computer crimes cannot be totally wiped out, but the number of such crimes can be reduced considerably if the identified approaches are used.

The book fulfills its basic purpose, that is, to inform management of the vital need for computer crime prevention programs. It contains detailed checklists and worksheets to assist readers in developing such programs. A good feature of the book is the inclusion of tangible illustrations and examples of how computer crimes are executed. The book is too long, and thus could lose an unmotivated reader. On the whole, however, it is a worthwhile guide to computer crime prevention for the managers who constitute the intended audience.

The index is good. We noted no typographical errors. Even though it may not be an ideal textbook, this manual could serve well as a supporting book for an advanced seminar that has more room for discussion.