Professional Documents
Culture Documents
11-1
Computer Crime,
Abuse, and Fraud
High level of public interest
Data on incidents is limited
Sources of information
Computer Security
KPMG
surveys
Association of Certified Fraud Examiners
(ACFE) survey
Chapter
11-3
Computer Crime,
Abuse, and Fraud
Computer Crime
Computer Abuse
Unauthorized use of, or access to, a computer
Against the wishes of the owner
Chapter
11-4
Chapter
11-5
Computer Crime,
Abuse, and Fraud
Fraudulent Financial Reporting
Misappropriation of Assets
Misuse of company assets
Committed by employees within an organization
Chapter
11-6
Asset Misappropriation
Examples
Chapter
11-7
Federal Legislation of
Computer Crimes
Computer Fraud and Abuse Act of 1986
(CFAA)
Amended
illegal act
Computer technology essential for perpetration,
investigation, or prosecution
Chapter
11-8
Federal Legislation
Affecting the Use of
Computers
Chapter
11-11
Federal Legislation
Affecting the Use of
Computers
Chapter
11-12
State Legislation
Every state has a computer crime law
State law provisions
Define
computer terms
Define some acts as misdemeanors
Declare other acts as felonies
Chapter
11-13
Computer-Crime Statistics
Limited availability of data
Importance of Computer
Crime and Abuse to AISs
Impact on AISs
Favored target due to control of financial resources
Prized target for disgruntled employees
Responsible for designing, selecting, and implementing
controls that protect AISs
Reliance on auditors to verify financial statement
Additional Items
Ability to mislead public if information is incomplete or
inaccurate
Difficulty in detecting fraudulent activities
Large amount of losses
Chapter
11-15
Compromising Valuable
Information: The TRW Credit
Data Case
Summary
Credit
rating company
Altered company credit ratings for a fee
Clients relied on inaccurate information
Analysis
Data
Analysis
Growth
of hacking
Importance of education and prevention
Utilize ethical hackers for instrusion testing
Chapter
11-17
Denial of Service:
The 2003 Internet Crash
Summary
Slammer worm
Identified
Analysis
Denial
Computer Viruses
Computer Worms and Worm Programs
Boot-sector Viruses and Trojan Horse Programs
Chapter
11-18
Protecting Systems
Preventing Viruses
Firewalls
Antivirus software
Antivirus control procedures
Chapter
11-19
Common Types of
Computer Crime and
Abuse
Chapter
11-20
Preventing Computer
Crime and Fraud
Enlist Top-Management Support
Increase Employee Awareness and Education
Assess Security Policies and Protect Passwords
Strong passwords
Social engineering
Lock-out systems
Dialback systems
Chapter
11-21
Chapter
11-22
Chapter
11-23
Preventing Computer
Crime and Fraud
Implement Controls
Identify Computer Criminals
Nontechnical Backgrounds
Noncriminal Backgrounds
Education, Gender, and Age
Occupations of Computer
Abuse Offenders
Chapter
11-25
Chapter
11-26
Recognizing Symptoms of
Employee Fraud
Accounting Irregularities
Internal Control Weaknesses
Unreasonable Anomalies
Lifestyle Changes
Behavioral Changes
Chapter
11-27
Study Break #4
Most computer criminals:
A.
B.
C.
D.
E.
Chapter
11-28
Chapter
11-29
Ethical behavior
Making choices and judgments that are morally
proper
Acting accordingly
Chapter
11-30
Chapter
11-32
Identity Theft
Dumpster diving
Phishing
Smishing
Chapter
11-33
Chapter
11-34