Bài giảng Romney_ais13 - Chapter 5: Computer Fraud

Computer FraudChapter 55-1Learning ObjectivesExplain the threats faced by modern information systems.Define fraud and describe both the different types of fraud and the process one follows to perpetuate a fraud.Discuss who perpetrates fraud and why it occurs, including the pressures, opportunities, and rationalizations that are present in most frauds.Define computer fraud and discuss the different computer fraud classifications.Explain how to prevent and detect computer fraud and abuse.5-2Threats to AISNatural and Political disastersSoftware errors and equipment malfunctionsUnintentional actsIntentional acts5-3FraudAny means a person uses to gain an unfair advantage over another person; includes:A false statement, representation, or disclosureA material fact, which induces a victim to actAn intent to deceiveVictim relied on the misrepresentationInjury or loss was suffered by the victimFraud is white collar crime5-4Two Categories of FraudMisappropriation of assetsTheft of company assets which can include physical assets (e.g., cash, inventory) and digital assets (e.g., intellectual property such as protected trade secrets, customer data)Fraudulent financial reporting “cooking the books” (e.g.,booking fictitious revenue, overstating assets, etc.)5-5Conditions for FraudThese three conditions must be present for fraud to occur:PressureEmployeeFinancialLifestyleEmotionalFinancial StatementFinancialManagement Industry conditionsOpportunity to:CommitConcealConvert to personal gainRationalizeJustify behaviorAttitude that rules don’t apply Lack personal integrity5-6Fraud Triangle5-7Computer FraudIf a computer is used to commit fraud it is called computer fraud.Computer fraud is classified as:InputProcessorComputer instructionData Output5-8Preventing and Detecting Fraud1. Make Fraud Less Likely to OccurOrganizational Systems Create a culture of integrityAdopt structure that minimizes fraud, create governance (e.g., Board of Directors)Assign authority for business objectives and hold them accountable for achieving those objectives, effective supervision and monitoring of employeesCommunicate policiesDevelop security policies to guide and design specific control proceduresImplement change management controls and project development acquisition controls5-9Preventing and Detecting Fraud2. Make It Difficulty to CommitOrganizational SystemsDevelop strong internal controlsSegregate accounting functionsUse properly designed formsRequire independent checks and reconciliations of dataRestrict accessSystem authenticationImplement computer controls over input, processing, storage and output of dataUse encryptionFix software bugs and update systems regularlyDestroy hard drives when disposing of computers5-10Preventing and Detecting Fraud3. Improve DetectionOrganizationalSystemsAssess fraud riskExternal and internal auditsFraud hotlineAudit trail of transactions through the systemInstall fraud detection softwareMonitor system activities (user and error logs, intrusion detection)5-11Preventing and Detecting Fraud4. Reduce Fraud LossesOrganizational SystemsInsuranceBusiness continuity and disaster recovery planStore backup copies of program and data files in secure, off-site locationMonitor system activity5-12Key TermsSabotageCookieFraudWhite-collar criminalsCorruptionInvestment fraud Misappropriation of assetsFraudulent financial reportingPressureOpportunityrationalizationLappingCheck kitingComputer fraud5-13