This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Chapter Fifteen: Computer Crime and Information Technology Security Carter (1995) suggested a four-part taxonomy for computer crime: Target. This category is comprised of computer crimes where the criminal targets the system or its data. The objective of these crimes is to impact the confidentiality, availability, and/or integrity of data stored on the computer. Instrumentality. Computer as the instrumentality of the crime uses the computer to further a criminal end. In crimes targeting the computer, the data are the object of the crime; in this case, the computer is used to commit a crime. Incidental. This type of computer crime encompasses crimes where the computer is not required for the crime but is related to the criminal act. The use of the computer simplifies the criminal actions and may make the crime more difficult to trace. Associated. The simple presence of computers, and notably the growth of the internet, has generated new versions of fairly traditional crimes. In these cases, technological growth essentially creates new crime targets and new ways of reaching victims. BUSINESS RISKS AND THRESATS TO INFORMATION SYSTEMS FRAUD The U.S. Department of Justice defined computer fraud as being any illegal act for which knowledge of computer technology is used to commit the offense. - Fundamentally, computer fraud is people fraud; no computer system can perpetrate fraud without at least some human intervention - Following a series of scandals and lapses in corporate governance, the Sarbanes- Oxley Act was introduced to restore customer confidence in the stock markets. o It was introduced with the firm resolve to increase corporate responsibility and requires that companies establish extensive governance policies to prevent and respond to fraudulent activities. ERROR Losses associated with errors can vary widely depending on where the error originated and the time it may take to identify and correct it. - Implementing preventive controls that will detect and correct errors before they occur can prevent financial losses and negative impacts to the organizations image. SERVICE INTERRUPTION AND DELAYS A delay in processing information or a service interruption can bring an organization to a standstill; such delays can lead to missed deadlines for payables and receivables. Service interruptions can be due to many factors, but they all fall into three main categories: accidental, willful neglect, and malicious behavior. - Accidental service interruption . This can be caused by someone shutting down the wrong machine.- Willful neglect . This could be due to outdated antivirus software.- Malicious service interruption . This could be caused by a hacker launching a denial of service attack against an organizations Web site....
View Full Document
This note was uploaded on 03/27/2012 for the course ACCT 01 taught by Professor Smith during the Spring '12 term at Howard.
- Spring '12