Preventing and Responding to Computer Fraud
The 2013 North America Top Technology Initiatives Survey is structured to explore the concerns and priorities that AICPA members may have regarding information management and technology. Preventing and responding to computer fraud has landed itself a spot on the top 10 of the survey. Federal law defines computer fraud as the use of a computer to create a dishonest misrepresentation of fact as an attempt to induce another to do or refrain from doing something which causes loss (Cornell University Law School). The article “Computer Fraud—What Can Be Done About It?” (The CPA Journal, May 1995) presented a taxonomy that identified the following five types of computer fraud: The alteration or copying of …show more content…
Because majority of businesses face these risks, it is crucial that they take the correct measures to prevent computer fraud and respond to it effectively.
Information Systems Audit and Control Association (ISACA) is an independent, nonprofit, global association that engages in the development, adoption, and use of globally accepted, industry-leading knowledge and practices for information systems. ISACA believes that management’s tone and constant emphasis of ethical behavior serves as an important preventive against fraud. This type of management creates an internal culture where individuals value and protect the organization and its assets. According to ISACA, addressing the following general controls provides continuous prevention against fraud: logical security, change management, database administration, data storage, and data encryption (Martin, 2008). Logical security deals with how easily an individual can gain unauthorized access to an application, database, data warehouse, operating system, utility, or other IT component to manipulate or extract data. Firewalls and software that block spyware …show more content…
To commit fraud, someone installs unauthorized software or makes unapproved changes to an existing program, utility, operating system or other network component. These installations or changes can compromise or disable automated security settings. Therefore, organizations need to strictly follow change management policies regarding any IT installations or modifications. To follow change management, various file integrity agents detect all changes made to a file and regularly compare those findings to a log of authorized changes. This helps administrators detect improper alterations (Martin, 2008). The third preventative control is database administration. This control defines and enforces individual action, object, and constraint rights. This control is important because databases house crucial information that can lead to immense losses when altered or stolen. An action right includes insert, read, modify or delete responsibilities, which grants authorization for only work-required actions. An object right limits or restricts the types of database records someone can access. And a constraint right assigns limitations for authorized actions. Based on assigned constraints, for example, a sales representative would face monetary restrictions while entering a line of credit total for a new customer (Martin,
The 2013 North America Top Technology Initiatives Survey is structured to explore the concerns and priorities that AICPA members may have regarding information management and technology. Preventing and responding to computer fraud has landed itself a spot on the top 10 of the survey. Federal law defines computer fraud as the use of a computer to create a dishonest misrepresentation of fact as an attempt to induce another to do or refrain from doing something which causes loss (Cornell University Law School). The article “Computer Fraud—What Can Be Done About It?” (The CPA Journal, May 1995) presented a taxonomy that identified the following five types of computer fraud: The alteration or copying of …show more content…
Because majority of businesses face these risks, it is crucial that they take the correct measures to prevent computer fraud and respond to it effectively.
Information Systems Audit and Control Association (ISACA) is an independent, nonprofit, global association that engages in the development, adoption, and use of globally accepted, industry-leading knowledge and practices for information systems. ISACA believes that management’s tone and constant emphasis of ethical behavior serves as an important preventive against fraud. This type of management creates an internal culture where individuals value and protect the organization and its assets. According to ISACA, addressing the following general controls provides continuous prevention against fraud: logical security, change management, database administration, data storage, and data encryption (Martin, 2008). Logical security deals with how easily an individual can gain unauthorized access to an application, database, data warehouse, operating system, utility, or other IT component to manipulate or extract data. Firewalls and software that block spyware …show more content…
To commit fraud, someone installs unauthorized software or makes unapproved changes to an existing program, utility, operating system or other network component. These installations or changes can compromise or disable automated security settings. Therefore, organizations need to strictly follow change management policies regarding any IT installations or modifications. To follow change management, various file integrity agents detect all changes made to a file and regularly compare those findings to a log of authorized changes. This helps administrators detect improper alterations (Martin, 2008). The third preventative control is database administration. This control defines and enforces individual action, object, and constraint rights. This control is important because databases house crucial information that can lead to immense losses when altered or stolen. An action right includes insert, read, modify or delete responsibilities, which grants authorization for only work-required actions. An object right limits or restricts the types of database records someone can access. And a constraint right assigns limitations for authorized actions. Based on assigned constraints, for example, a sales representative would face monetary restrictions while entering a line of credit total for a new customer (Martin,