Question

could someone help me

CHAPTER 5 FRAUD 83 The computer frauds that are publicly revealed represent only the tip of the iceberg. Although many people perceive that the major threat to computer security is exter- nal, the more dangerous threats come from insiders. Management must recognize these problems and develop and enforce security programs to deal with the many types of computer fraud. REQUIRED Explain how each of the following six types of fraud is committed. Using the format provided, identify a different method of protection for each, and describe how it works. (CMA Examination, adapted) IDENTIFICATION AND DESCRIPTION OF PROTECTION METHODS EXPLANATION TYPE OF FRAUD a. Input manipulation b. Program alteration c. File alteration d. Data theft e. Sabotage f. Theft of computer time

Answer 1

Type of fraud	Explanation	Identification and description of protection methods
Input manipulation	This requires the least amount of technical skill and little knowledge of how the computers operate. Input data are improperly altered or revised without authorization. For example, payroll time sheet scan be altered to pay overtime or an extra salary.	Documentation and Authorization-Data input format authorized and properly documented.-Control over blank documents.-Comprehensive editing-Control source of data Programmed Terminal/User protection -Programs that only accept inputs from certain designated users, locations, terminals , and /or times of the day.
Program alteration	Program alteration requires programming skills and knowledge of the program. Program coding is revised for fraudulent purposes. For example:-Ignore certain transactions such as overdrafts against the programmers' account-Grant excessive discounts to specified customers.	Programmers should not be allowed to make changes to actual production source programs and data files. Segregation of Duties-Programmers should not have access to production programs or data files. Periodic Comparisons-Internal Audit or an independent group should periodically process actual data, and compare the output with output from normal operations. Differences indicate unauthorized program changes.-Periodic comparisons of on-line programs to off – line backup copies to detect changes. Independent file librarian function who controls custody/ access to programs.
File alteration	Defrauder revises specific data or manipulates data files. For example:-Using program instructions to fraudulently change an employee’s pay rate in the payroll master file-Transferring balances among dormant accounts to conceal improper withdrawals of funds.	Restrict Access to Equipment/Files-Restrict access to computer center.-Programmers and analysts should not have direct access to production data files.-Have a librarian maintain production data files in a library.-Restrict computer operator access to applications documentation, except where needed to perform their duties, to minimize their ability to modify programs and data files.
Data theft	Smuggling out data on:-Hard copies of reports/files. -Magnetic devices in briefcases, employees' pockets, etc. Tap or intercept data transmitted by data communication lines.	Electronic sensitization of all library materials to detect unauthorized removals. Encrypt sensitive data transmissions .
Sabotage	Physical destruction of hardware or software	Terminated employees immediately denied access to all computer equipment and information to prevent them from destroying or altering equipment or files.
Theft of computer time	Theft of computer time might be considered when a person is limited on their computer usage and somebody else uses the time. This can be very aggravating for the other person.	We have to maintain a log of activity by the help of snapshot and scarf audit tool  to identify the activity on computer . Access should be provided to user by password entering . Computer should be password protected.