Professional Documents
Culture Documents
5-2
05
Fraud Prevention and Risk
Management
McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
5-3
Active Threats
Input manipulation (most common source of fraud)
Direct file alteration (bypass normal software)
Program alteration (requires sophistication)
Data theft (hard to detect and prove)
Sabotage (disgruntled employees)
Misappropriation of information system resources
5-9
Forms of Assurance
Informal or semiformal An internal project development
leader could simply write a letter to management indicating
that the product meets company security standards.
Formal certification by an accredited certification body
Some ISO standards, such as ISO 27002, are designed so
that organizations can be certified against them.
Self-certification Some organizations perform their own
internal certification process as part of their internal quality
assurance process. Self-certification can be against
internally developed standards or widely recognized
standards.
5-14