AIS 25 FEB – Computer Fraud and Abuse

Learning Objectives

 Understand AIS threats

 Introduction to Fraud

 Discuss perpetrator of fraud and their reasons (THE FRAUD TRIANGLE)

THREAT TO AIS

1. Natural and political disasters:

 Fire or excessive heat

 Floods, earthquakes, landslides, hurricanes, snowstorm (e.g. Katrina hurricane.)

 War & attacks by terrorists (e.g. 9/11 New York twin towers)

2. Software errors and equipment malfunctions

 Hardware/software failures

 Software errors or bugs

 Example: Northeast Blackout of 2003

3. Unintentional acts

 Accidents caused by human carelessness

 Failure to follow process/procedures

 Logic errors

 Lost/errors (user level error [procedure gap] not caught by Program)

 Lost/erroneous/destroyed/misplaced data
 o Example: 6pm.com, a Zappos sister site. All goods price capped at maximum

$49.95. The news of this error was picked up by bargain hunter sites. Circulated

round the internet, bargain-hungry shoppers took advantage of it. 1.6M dollars

were lost in 6h.

 System insufficiency to complete tasks

 Examples: As per Foreseer Research

o Human errors causes 80% of security problems

o 25% of outbound emails from employees have potential of exposing companies

to legal regulatory or financial risks (unintentionally)

4. Intentional acts (computer crimes)

 Sabotage: an intentional act where the intention is to destroy a system or some of its

components. Deliberate destruction or harm to a system.

 Misappropriation of Assets

 Misrepresentation/false use/unauthorized disclosure of data

 Corruption

 Computer fraud, attacks

 Social Engineering: using psychology/persuasion to extract disclose info in order to target

the org (‘s firewall)

o Individual level

o Corporate social engineering

BCP = Business Continuity P

2
Failure to follow process/procedure (which options)

Why unintentional:

1. They haven’t the procedures clearly

2. Have too much workload, they made a mistake (an honest mistake)

3. The procedures to uncleared or too complicated for comprehension

Why intentional:

1. With the intention to disrupt the work

2. To cover up a mistake or a fraud?

3. With the intention to mess up the system, so they could give access to hackers?

A double b

B 6 -10

C has to finish

12-20

6-10

18 - 35

3
NOTE FROM LAST CLASS:

Failure to include component of AIS

SAVE 250K

BUT PAY 1.5M TO THE BANK

CANNOT MAKE DECISION BASE ON RUN TIME COST ONLY. BUT SHOULD ALSO CONSIDER THE ONE

TIME OUTFLOW/COST.