It occurs when a user has more computer rights

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: g and is outputted from an application. For instance, if a loan processor is entering information for a customer’s loan of $100,000, but instead enters $150,000 and then moves the extra approved money somewhere else, this would be a case of data diddling. Another example is if a cashier enters an amount of $40 into the cash register, but really charges the customer $60 and keeps the extra $20. There are many reasons to enter false information into a system or application, but the usual reason is to overstate revenue and assets and understate expenses and liabilities. Sometimes managers do this to deceive shareholders, creditors, superiors, and partners. This type of crime is common and one of the easiest to prevent by using access and accounting controls, supervision, auditing, separation of duties, and authorization limits. This is just one example of how insiders can be more dangerous than outsiders. Excessive Privileges Excessive privileges is a common security issue that is extremely hard to control in vast and complex environments. It occurs when a user has more computer rights, permissions, and privileges than what is required for the tasks she needs to fulfill. If a user ch10.indd ch10.indd 903 12/4/2009 11:39:13 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 CISSP All-in-One Exam Guide 904 only needs to be able to read and print materials on the file server, she should not be granted full control. A common example of this is when a manager in accounting is granted full control of all files on a specific server, including payroll information. When this person is moved from accounting to the research department, his rights should be revoked or at least reduced, but most companies do not have procedures in place to make sure this happens. (This is referred to as authorization creep.) Now he has full control over the account records and the research records, and thus has excessive privileges. If he ever becomes disgruntled with the company for one reason or...
View Full Document

Ask a homework question - tutors are online