chapter 11: computer crime, fraud, ethics, and privacy
DESCRIPTION
Chapter 11: Computer Crime, Fraud, Ethics, and Privacy. Introduction Computer Crime, Abuse, and Fraud Three Examples of Computer Crimes Preventing Computer Crime and Fraud Ethical Issues, Privacy, and Identity Theft. Computer Crime, Abuse, and Fraud. High level of public interest - PowerPoint PPT PresentationTRANSCRIPT
Chapter 11-1
Chapter 11-2
Chapter 11: Computer Crime, Fraud, Ethics, and Privacy
Introduction
Computer Crime, Abuse, and Fraud
Three Examples of Computer Crimes
Preventing Computer Crime and Fraud
Ethical Issues, Privacy, and Identity Theft
Chapter 11-3
Computer Crime, Abuse, and Fraud
High level of public interest
Data on incidents is limited
Sources of information Computer Security Institute (CSI) annual survey KPMG surveys Association of Certified Fraud Examiners
(ACFE) survey
Chapter 11-4
Computer Crime, Abuse, and Fraud
Computer Crime Manipulation of a computer or computer data Dishonestly obtain money, acquire property, or
something of value, or cause a loss
Computer Abuse Unauthorized use of, or access to, a computer Against the wishes of the owner
Chapter 11-5
Computer Crime Examples
Chapter 11-6
Computer Crime, Abuse, and Fraud
Fraudulent Financial Reporting Intentional falsification of accounting records Intend to mislead analysts, creditors, investors
Misappropriation of Assets Misuse of company assets Committed by employees within an organization
Chapter 11-7
Asset Misappropriation Examples
Chapter 11-8
Federal Legislation of Computer Crimes
Computer Fraud and Abuse Act of 1986 (CFAA) Amended in 1994 and 1996
Computer Fraud Definition An illegal act Computer technology essential for perpetration,
investigation, or prosecution
Chapter 11-9
CFAA Fraudulent Acts
Unauthorized theft, use, access, modification, copying, or destruction of software or data
Theft of money by altering computer records or the theft of computer time
Intent to illegally obtain information or tangible property through the use of computers
Chapter 11-10
CFAA Fraudulent Acts
Use, or the conspiracy to use, computer resources to commit a felony
Theft, vandalism, destruction of computer hardware
Trafficking in passwords or other login information for accessing a computer
Extortion that uses a computer system as a target
Chapter 11-11
Federal Legislation Affecting the Use of
Computers
Chapter 11-12
Federal Legislation Affecting the Use of
Computers
Chapter 11-13
State Legislation
Every state has a computer crime law
State law provisions Define computer terms Define some acts as misdemeanors Declare other acts as felonies
Chapter 11-14
Computer-Crime Statistics
Limited availability of data Private companies handle abuse internally Most computer abuse is probably not discovered
Growth of computer crime Exponential growth in use of computer resources Continuing lax security Availability of information about how to
perpetrate computer crimes
Chapter 11-15
Importance of Computer Crime and Abuse to AISs
Impact on AISs Favored target due to control of financial resources Prized target for disgruntled employees Responsible for designing, selecting, and implementing
controls that protect AISs Reliance on auditors to verify financial statement
Additional Items Ability to mislead public if information is incomplete or
inaccurate Difficulty in detecting fraudulent activities Large amount of losses
Chapter 11-16
Compromising Valuable Information: The TRW Credit
Data Case
Summary Credit rating company Altered company credit ratings for a fee Clients relied on inaccurate information
Analysis Data diddling – proprietary data Fair Credit Reporting Act – protection of
consumer
Chapter 11-17
Wire Fraud and Computer Hacking: Edwin Pena and Robert
Moore
Summary Voice over Internet Protocol (VoIP) Hacked into other provider’s network Billed those companies
Analysis Growth of hacking Importance of education and prevention Utilize ethical hackers for instrusion testing
Chapter 11-18
Denial of Service: The 2003 Internet Crash
Summary Slammer worm Identified weakness in Microsoft SQL Server
2000 software
Analysis Denial of Service (DOS) attacks
Computer Viruses Computer Worms and Worm Programs Boot-sector Viruses and Trojan Horse Programs
Chapter 11-19
Protecting Systems
Preventing Viruses Firewalls Antivirus software Antivirus control procedures
Organizational Control Procedures Discourage free exchange of computer disks or external
programs Require strong passwords to limit unauthorized access Use antivirus filters
Chapter 11-20
Common Types of Computer Crime and
Abuse
Chapter 11-21
Preventing Computer Crime and Fraud
Enlist Top-Management Support
Increase Employee Awareness and Education
Assess Security Policies and Protect Passwords Strong passwords Social engineering Lock-out systems Dialback systems
Chapter 11-22
10 Simple Steps to Safer PCs
Chapter 11-23
10 Simple Steps to Safer PCs
Chapter 11-24
Preventing Computer Crime and Fraud
Implement Controls
Identify Computer Criminals Nontechnical Backgrounds Noncriminal Backgrounds Education, Gender, and Age
Don’t Forget Physical Security
Employ Forensic Accountants
Chapter 11-25
Occupations of Computer Abuse Offenders
Chapter 11-26
Fraud Losses and Education Level of
Perpetrator
Chapter 11-27
Recognizing Symptoms of Employee Fraud
Accounting Irregularities
Internal Control Weaknesses
Unreasonable Anomalies
Lifestyle Changes
Behavioral Changes
Chapter 11-28
Study Break #4
Most computer criminals:
A. Have nontechnical backgrounds
B. Have noncriminal backgrounds
C. Have little college education
D. Are young and bright
E. Have probably not been caught, so we don’t know much about them
Chapter 11-29
Study Break #4 - Answer
Most computer criminals:
A. Have nontechnical backgrounds
B. Have noncriminal backgrounds
C. Have little college education
D. Are young and bright
E. Have probably not been caught, so we don’t know much about them
Chapter 11-30
Ethical Issues, Privacy, and Identity Theft
Ethics A set of moral principles or values Governs organizations and individuals
Ethical behavior Making choices and judgments that are morally
proper Acting accordingly
Chapter 11-31
Ethical Issues, Privacy, and Identity Theft
Ethical Issues and Professional Associations Codes of Ethics/Professional Conduct Certification programs and Ethics committees
Meeting the Ethical Challenges Inform employees of importance of ethics Ethics training Lead by example Utilize reward system
Chapter 11-32
Ethical Issues in Computer Usage
Chapter 11-33
Ethical Issues, Privacy, and Identity Theft
Company Policies with Respect to Privacy Who owns the computer and data stored on it? What purposes the computer may be used? What uses are authorized or prohibited?
Identity Theft Dumpster diving Phishing Smishing
Chapter 11-34
Identity Theft Methods