cha 5 solutions manual 11th ed.docx
- 文档编号:2363944
- 上传时间:2023-05-03
- 格式:DOCX
- 页数:23
- 大小:27.30KB
cha 5 solutions manual 11th ed.docx
《cha 5 solutions manual 11th ed.docx》由会员分享,可在线阅读,更多相关《cha 5 solutions manual 11th ed.docx(23页珍藏版)》请在冰点文库上搜索。
cha5solutionsmanual11thed
CHAPTER5
COMPUTERFRAUDANDSECURITY
SUGGESTEDANSWERSTODISCUSSIONQUESTIONS
5.1Thestatementseemsironicbecauseemployeesrepresentboththegreatestcontrolstrengthandthegreatestcontrolweaknesstoaninformationsystem.Honest,skilledemployeesarethemosteffectivedeterrenttocomputerfraud.However,whenfrauddoesoccur,itusuallyinvolvesanemployeeinapositionoftrust.Studiessuggestthatasmanyas75to90%percentofallcomputerfraudsareinsiderjobsbyemployees.
Thetextbooksuggestsseveralimportantthingsemployerscandotomaintaintheintegrityoftheiremployees.(NOTE:
TheinformationtoanswerthisquestionisintroducedinthischapterbutiscoveredinmoredepthinChapter6)
∙HumanResourcePolicies.Implementhumanresourcepoliciesforhiring,compensating,evaluating,counseling,promoting,anddischargingemployeesthatsendmessagesabouttherequiredlevelofethicalbehaviorandintegrity
∙HiringandFiringPractices:
Effectivehiringpracticesareaimedatscreeningpotentialemployeesthroughthoroughbackgroundchecksbeforehiring.Potentialemployeescanalsobescreenedwithwrittenteststhatevaluateintegrity.Careshouldalsobetakenwhenanemployeeisfired.Employeeswhoarefiredshouldberemovedfromallsensitivejobsanddeniedaccesstothecomputersystemtoavoidsabotage.
∙ManagingDisgruntledEmployees:
Someemployeeswhocommitafraudaredisgruntledandareseekingrevengeor"justice"forsomewrongthattheyperceivehasbeendonetothem.Companiesshouldhaveproceduresforidentifyingtheseindividualsandhelpingthemresolvetheirfeelingsorremovingthemfromjobsthatallowthemaccesstothesystem.Onewaytoavoiddisgruntledemployeesistoprovidegrievancechannelsthatallowemployeestotalktosomeoneoutsidethenormalchainofcommandabouttheirgrievances.
∙Culture.Createanorganizationalculturethatstressesintegrityandcommitmenttobothethicalvaluesandcompetence
∙ManagementStyle.Adoptanorganizationalstructure,managementphilosophy,operatingstyle,andappetiteforriskthatminimizesthelikelihoodoffraud
EmployeeTraining:
Employeesshouldbetrainedinappropriatebehavior,whichisthenreinforcedbythecorporateculture.Employeesshouldbetaughtfraudawareness,securitymeasures,ethicalconsiderations,andpunishmentforunethicalbehavior
5.2Accordingtothetext,akitingschemeinvolvesthecover-upofatheftofcashbytransferringmoneybetweenbanks.CashiscreatedbydepositingacheckfrombankAinbankB.TheperpetratorthenwithdrawsthemoneyfrombankBandspendsit.SincethereareinsufficientfundsinbankAtocoverthechecktobankB,theperpetratormustdepositachecktohisaccountinbankAbeforehischecktobankBclears.ThischeckcomesfrombankC,whichalsohasinsufficientfundstocoverthecheckwrittenontheaccount.Therefore,fundsmustbedepositedtobankCbeforeitschecktobankAclears.ThechecktobankCcomesfrombankA,B,orD,whichalsohaveinsufficientfunds.Theschemecontinues,withcheckswrittenanddepositsmadeasneededtokeepchecksfrombouncing.
Kitingcanbedetectedbyanalyzingallinterbanktransfers.Sincetheschemerequiresconstanttransferringoffunds,thenumberofinterbanktransferswillusuallyincreasesignificantly.Thisincreaseisaredflagthatshouldalerttheauditorstobeginaninvestigation.
Whentheemployeeconfessesthecompanyshouldimmediatelyinvestigatethefraudanddeterminetheactuallosses.Employeesoften"underconfess"theamounttheyhavetaken.Whentheinvestigationiscompletethecompanyshoulddeterminewhatcontrolscouldbeaddedtothesystemtodetersimilarfraudsandtodetectthemiftheydooccur.
Employersshouldconsiderthefollowingissuesbeforepressingcharges:
∙Howwillprosecutionofthiscaseimpactthefuturesuccessofthebusiness?
∙Whateffectwouldadversepublicityhaveuponthecompany'swellbeing?
Couldsuchpublicityincreasetheincidenceoffraudbyexposingcompanyweaknesses?
∙Whatsocialresponsibilitydoesthecompanyhavetopresscharges?
∙Doestheevidenceassureaconviction?
∙Ifchargeswerenotmade,whatmessagewouldthatsendtootheremployeesintheorganization?
∙Couldfailuretoexposethecrimesubjectthecompanytocivilliabilityproblems?
5.3Onefraudtechniquethattheperpetratordefinitelyusedisimpersonation.HeorsheimpersonatedaDigitalrepairmantoobtainthenecessaryaccesscodestoenterthesystemanddestroythedatabase.ThecomputersatU.S.Leasingbeganactingsluggishseveralhoursbeforetheimpersonatorcalled.Therefore,itislikelythattheimpersonatorknewthesystemwasexperiencingproblemsorcausedthem.Iftheperpetratorknewthecomputerwashavingproblems,hetookadvantageofthesituationtogainaccess.Insuchacasethepersonwaseitheraninsiderorwasfamiliarenoughwiththesystemtoknowitwassluggish.
Iftheperpetratorwasresponsibleforthesluggishness,heorshemayhave:
∙Infectedthesystemswithsomekindofvirusorworm.
∙Hackedintothesystemandhijackeditorofalargepartofitsprocessingcapability.
∙InfecteditwithaTrojanhorse,trapdoor,logicortimebomb,orsomeothermalwarethatiscausingthesluggishness.
∙Theunauthorizeduseofsuperzap,aspecialsoftwareutilitytobypassregularsystemcontrols.
Toavoidsuchproblems,thesecrecyofcompanypasswordsandlogonnumbersshouldbeprotected.
∙Onlyrevealpasswordsandlogonnumbersonanauthorizedbasisandtoindividualswhoseidentitiesareassured.
∙EnsurethatitisaDigitalemployeebycallingDigitalbackontheirknownandpublishedservicenumberandthengivethecompanytheaccesscodesandpasswords.EvenbetterwouldbetocallbackandtalktotheDigitalrepresentativeassignedtoU.S.Leasing.
∙Afterthesystemhadbeenfixed,thecodesandpasswordinformationshouldbechanged.
Othercontrolconsiderationsthatcouldreducetheincidenceofunauthorizedaccessinclude:
∙Improvedcontrolofsensitivedata
∙Protectionofphonelines
∙Alternaterepairprocedures
∙Increasedmonitoringofsystemactivities.
5.4Thisproblemhasnoclearanswer.Bystrictdefinition,theactionsofLogisticoninhaltingthesoftwarerepresentedatrespassingandaninvasionofprivacy.Somestatesrecognizetrespassingasabreachofthepeace,therebymakingLogisticon'sactionsillegal.
However,accordingtocontractlaw,asecuredpartycanrepossesscollateralifthecontracthasbeenviolatedandrepossessioncanoccurwithoutabreachofthepeace.
5.5Answerswillvary.Studentsshouldgiveconsiderationtothefollowingconflictingconcepts:
Softwarelicensingencouragesthedevelopmentofnewideasbyprotectingtheeffortsofbusinessesseekingtodevelopnewsoftwareproductsthatwillprovidethemwithaprofitand/oracompetitiveadvantageinthemarketplace.Thispointissupportedbythefollowingideas:
∙Theprospectofafinancialrewardistheprimaryincentiveforcompaniestoexpendthetimeandmoneytodevelopnewtechnologies.
∙Ifbusinesseswereunabletoprotecttheirinvestmentbylicensingthesoftwaretoothers,itwouldbemuchmoredifficultforthemtoreceivearewardfortheireffortsintheresearchanddevelopmentofcomputersoftware.
∙Economicsystemswithoutsuchincentivesaremuchmorelikelytofailindevelopingnewproductstomeetconsumerneeds.
Theonlywaytofosternewideasistomakeinformationandsoftwareavailabletoallpeople.Thisargumentissupportedbythefollowingideas:
∙Themostcreativeideasaredevelopedwhenindividualsarefreetouseallavailableresources(suchassoftwareandinformation).
∙Afreesocietyshouldhaveno"secrets."
Manysecurityexpertsandsystemsconsultantsviewproperethicalteachingasanimportantsolutiontomostsecurityproblems.However,nosingleapproachisacompletesolutiontotheproblemofcomputerfraud.Properethicalteachingscanreducebutnoteliminatetheincidentsoffraud.
Thoughnosecuritysystemisimpenetrable,systemsecuritymeasurescansignificantlyreducetheopportunityfordamagesfrombothintentionalandunintentionalthreatsbyemployees.Controlscanalsomakethecost(intimeandresources)greaterthanthebenefittothepotentialperpetrator.
Ultimately,thereductioninsecuritymeasureswillincreaseopportunitiesforfraud.Iftheperpetratorhassufficientmotiveandisabletorationalizehisdishonestacts,increasedopportunitywillprobablyleadtoanincreaseincomputercrimes.
5.6Theoldsaying"wherethereisawill,thereisaway"appliestobreakingintoacomputersystem.Itispossibletoinstitutesufficientcontrolsinasystemthatitisverydifficulttobreakin,butmostexpertswouldagreethatitjustisn'tpossibletodesignasystemthatis100%securefromeverythreat.Thereisboundtobesomeonewhowillthinkofawayofbreakingintothesystemthatdesignersdidnotanticipateanddidnotcontrolagainst.
Thoughinternalcontrolscan'teliminateallsystemthreats,controlscan:
∙Reducethreatscausedbyemployeenegligenceorerror.Suchthreatsareoftenmorefinanciallydevastatingthanintentionalacts.
∙Significantlyreducetheopportunities,andthereforethelikelihood,thatsomeonecanbreakintothesystemorcommitafraud.
5.7Thetextbookdefineshackingastheunauthorizedaccessanduseofcomputersystems,usuallybymeansofapersonalcomputerandtelecommunicationsnetworks.Mosthackersaremotivatedbythechallengeofbreakingandenteringasystem.Manydosowithnointenttodoharm.Othersdosotodestroydata,tomakeunauthorizedcopiesofthe
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- cha solutions manual 11th ed 11 th