Norman Computer Crime, Fraud, and Ethics Chapter 3... Chapter 3: Computer Crime, Fraud, and Ethics • Introduction • Computer Crime and Fraud • Examples of Computer Crimes • Preventing a
Trang 1Prepared by Paula Funkhouser University of Nevada, Reno
Core Concepts of Accounting Information Systems, 13th Edition
Mark G Simkin ● Jacob M Rose ● Carolyn S Norman
Computer Crime,
Fraud, and Ethics
Chapter 3
Trang 2Chapter 3: Computer Crime, Fraud,
and Ethics
• Introduction
• Computer Crime and Fraud
• Examples of Computer Crimes
• Preventing and Detecting Computer Crime and Fraud
• Ethical Issues, Privacy, and Identity Theft
Trang 3Copyright © 2015 John Wiley & Sons, Inc All rights reserved.
Computer Crime and Fraud
• High level of public interest
• Data on incidents is limited
Trang 4Computer Crime and Fraud
• Computer Crime
– Criminal activity that involves computers
– Dishonestly obtain money, acquire property, or something of value, or cause a loss
– Steal identities
– Harass an individual
Trang 5Copyright © 2015 John Wiley & Sons, Inc All rights reserved.
Computer Crime Examples
Trang 6Computer Crime and Fraud
• Fraudulent Financial Reporting
– Intentional falsification of accounting records
– Intend to mislead analysts, creditors, investors
• Misappropriation of Assets
– Misuse of company assets
– Committed by employees within an organization
Trang 7Copyright © 2015 John Wiley & Sons, Inc All rights reserved.
Asset Misappropriation Examples
Trang 8Federal Legislation of Computer
Trang 9Copyright © 2015 John Wiley & Sons, Inc All rights reserved.
CFAA Fraudulent Acts
• Unauthorized theft, use, access, modification,
copying, or destruction of software or data
• Theft of money by altering computer records or
the theft of computer time
• Intent to illegally obtain information or tangible
property through the use of computers
Trang 10CFAA Fraudulent Acts
• Use, or the conspiracy to use, computer
resources to commit a felony
• Theft, vandalism, destruction of computer
hardware
• Trafficking in passwords or other login
information for accessing a computer
• Extortion that uses a computer system as a
target
Trang 11Copyright © 2015 John Wiley & Sons, Inc All rights reserved.
Federal Legislation Affecting the
Use of Computers
Trang 12Federal Legislation Affecting the
Use of Computers
Trang 13Copyright © 2015 John Wiley & Sons, Inc All rights reserved.
State Legislation
• Every state has a computer crime law
• State law provisions
– Define computer terms
– Define some acts as misdemeanors
– Declare other acts as felonies
Trang 14Computer Crime Statistics
• Limited availability of data
– Private companies handle abuse internally
– Most computer abuse is probably not discovered
• Growth of computer crime
– Exponential growth in use of computer resources
– Continuing lax security
– Availability of information about how to perpetrate
computer crimes
Trang 15A Cyber Security Enhancement Act of 2002
B Computer Security Act of 1987
C The Computer Fraud and Abuse Act of 1986
D Federal Privacy Act of 1974
Trang 16Study Break #2
Which legislation might help discourage computer hacking?
A Federal Privacy Act of 1974
B Computer Fraud and Abuse Act of 1986
C USA Patriot act of 2001
D CAN-SPAM Act of 2003
Trang 17Copyright © 2015 John Wiley & Sons, Inc All rights reserved.
Examples of Cybercrime
• The TRW Credit Data Case
– Credit rating company
– Altered company credit ratings for a fee
– Clients relied on inaccurate information
• Analysis
– Data diddling – proprietary data
– Fair Credit Reporting Act – protection of consumer
Trang 20Protecting Systems
• Preventing Viruses
– Firewalls
– Antivirus software
– Antivirus control procedures
• Organizational Control Procedures
– Discourage free exchange of computer disks or external programs – Require strong passwords to limit unauthorized access
– Use antivirus filters
Trang 21Copyright © 2015 John Wiley & Sons, Inc All rights reserved.
Preventing and Detecting
Cybercrime and Fraud
• Enlist Top-Management Support
• Increase Employee Awareness and Education
• Assess Security Policies and Protect Passwords
– Strong passwords
– Social engineering
Trang 2210 Simple Steps to Safer PCs
Trang 23Copyright © 2015 John Wiley & Sons, Inc All rights reserved.
10 Simple Steps to Safer PCs
Trang 24Preventing and Detecting
Cybercrime and Fraud
Trang 26Preventing and Detecting
Cybercrime and Fraud
• Use Data Driven Techniques
– Query and Spreadsheet Skills
– Data and Text Mining
– Employ Forensic Accountants
• Audit control language
• EnCase
Trang 27A Enlist the support of top management
B Keep employees in the dark so that they cannot perpetrate them
C Use strong passwords
D Design and test disaster recovery programs
Trang 28Study Break #4
Most computer criminals:
A Have nontechnical backgrounds
B Have noncriminal backgrounds
C Have little college education
D Are young and bright
E Have probably not been caught, so we don’t know much about them
Trang 29Copyright © 2015 John Wiley & Sons, Inc All rights reserved.
Ethical Issues, Privacy,
and Identity Theft
• Ethics Issues and Professional Associations
– A set of moral principles or values
– Governs organizations and individuals
• Ethical behavior
– Making choices and judgments that are morally proper
– Acting accordingly
Trang 30Ethical Issues, Privacy,
and Identity Theft
Institute of Management Accountants (IMA)
Institute of Internal Auditors (IIA)
Information Systems Audit and Control Association (ISCPA)
Trang 31Copyright © 2015 John Wiley & Sons, Inc All rights reserved.
Ethical Issues, Privacy,
and Identity Theft
• Meeting the Ethical Challenges
– Inform employees of importance of ethics
– Ethics training
– Lead by example
– Utilize reward system
Trang 32Ethical Issues in Computer Usage
Trang 33Copyright © 2015 John Wiley & Sons, Inc All rights reserved.
Ethical Issues, Privacy,
and Identity Theft
• Company Policies with Respect to Privacy
– Who owns the computer and data stored on it?
– What purposes the computer may be used?
– What uses are authorized or prohibited?
• Identity Theft
– Dumpster diving
– Phishing
– Smishing
Trang 34Identity Theft Methods