One of the major components of risk is threat. Risk to business from the computer fraud in terms of threats are: (i) internal threats and (ii) external threats
a) What is threat?
b) What are internal threats? Discuss common types of frauds committed.
c) What are external threats? Discuss common types of frauds committed.
d) What are the measures that prevent or reduce the potential of risk from fraud?
a. A threat is an entity or event with potential to cause harm to a computer system. Threats should be identified and analyzed to determine the likelihood of their occurrence and potential to harm computer assets. This may arise from technical conditions (program bugs, disk crash), natural disaster (fires, floods) environmental conditions (electric surges), human factors (lack of training, errors and omission), unauthorized access (hacking) or viruses. Threats may arise from both intentional and unintentional acts and may come from internal and external sources.
b. Internal threats are those threats that originate from inside the organization, mostly employees. There is evidence that majority of frauds are originated the organization staff since they have easy access to the organization‘s system. This may be intentional or unintentional. In majority of the cases destructions are committed disgruntled employees who have access that far exceeds what an outsider can do. The common techniques used are:
– Data entry error
– Alteration of the data during input
– Equipment or software failure
– Unauthorized computer use for personal gain including financial gain, personal entertainment on company time
– Alteration of software instructions or functions.
– Alteration or destruction or defacement of stored data in the system the employee.
– Theft or misutilization of stored data.
– Data destruction
– Sudden shut down of the system
c. External threats are those that originate from outside the Organizations system. This originates from outside the system when it is connected thru internet to external networks. This may arise from technical condition, man-made reasons, natural disaster, environmental condition, unauthorized access, malicious acts, etc.
– Removal of information during transmission through internet
– Transmission of virus, worm, etc.
– Interception of emails
– Interception of electronic payment during transmission
– Natural disaster – earthquake, flood, riot, etc.
– Electric voltage surge
d. Prevention measures are:
i. Make fraud less likely to occur password control, access control, etc.
ii Use proper hiring and firing practices so that ethical employees hired and retained. iii Manage disgruntled employees properly addressing the issue.
iv Train employees in security and fraud prevention measures v Develop strong system of internal controls
vi Adequate segregation of duties
vii Require mandatory vacation and jobs rotation to prevents hiding of computer frauds. viii Restrict access to computer equipment and data files
ix Encrypt data and programs in storage and during transmission. x Protect telephone lines for misuse
xi. Protect the system from viruses
xii Control access to system and stored data
xiii. Control laptop computers
xiv. Fire and earthquake proof building
xv. Install surge protector