WWW.DISSERTATION.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Dissertations, online materials
 
<< HOME
CONTACTS



Pages:   || 2 | 3 | 4 | 5 |   ...   | 16 |

«Item type text; Dissertation-Reproduction (electronic) Authors DUNN, THURMAN STANLEY. Publisher The University of Arizona. Rights Copyright © is ...»

-- [ Page 1 ] --

METHODOLOGY FOR THE OPTIMIZATION OF

RESOURCES IN THE DETECTION OF COMPUTER

FRAUD.

Item type text; Dissertation-Reproduction (electronic)

Authors DUNN, THURMAN STANLEY.

Publisher The University of Arizona.

Rights Copyright © is held by the author. Digital access to this

material is made possible by the University Libraries,

University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.

Downloaded 21-Oct-2016 15:14:06 Link to item http://hdl.handle.net/10150/143042

INFORMATION TO USERS

This reproduction was made from a copy of a document sent to us for.microfilming.

While the most advanced technology has been used to photograph and reproduce this document, the quality of the reproduction is heavily dependent upon the quality of the material submitted.

The following explanation of techniques is provided to help clarify markings or notations which may appear on this reproduction.

I. The sign or "target" for pages apparently lacking from the document photographed is "Missing Page(s)". If it was possible to obtain the missing page(s) or section, they are spliced into the film along with adjacent pages. This may have necessitated cutting through an image and duplicating adjacent pages to assure complete continuity.

2. When an image on the film is obliterated with a round black mark, it is an indication of either blurred copy because' of movement during exposure, duplicate copy, or copyrighted materials that should not have been filmed. For blurred pages, a good image of the page can be found in the adjacent frame. If copyrighted materials were deleted, a target note will appear listing the pages in the adjacent frame.

3. When a map, drawing or chart, etc., is part of the material being photographed, a definite method of "sectioning" the material has been followed. It is customary to begin filming at the upper left hand comer of a large sheet and to continue from left to right in equal sections with small overlaps. If necessary, sectioning is continued again-beginning below the first row and continuing on until complete.

4. For illustrations that cannot be satisfactorily reproduced by xerographic means, photographic prints can be purchased at additional cost and inserted into your xerographic copy. These prints are available upon request from the Dissertations Customer Services Department.

'5. Some page.) in any document may have indistinct print. In all cases the best available copy has been filmed.

Universibl

–  –  –

Final approval and acceptance of this dissertation is contingent upon the candidate's submission of the final copy of the dissertation to the Graduate College.

–  –  –

This dissertation has been submitted in partial fulfillment of requirements for an advanced degree at the University of Arizona and is deposited in the University Library to be made available to borrowers under rules of the library.

Brief quotations from this dissertation are allowed without special permission, provided that accurate acknowledgement of source is made. This manuscript in whole or in part may be granted by the copyright holder.

PREFACE This dissertation deals with computer fraud detection as a resource allocation problem. Based on the premise of limited resources, the methodologies presented do not allocate any resources to detection if other computer fraud abatement techniques are adequate.

Thus, if it can be shown that deterrents such as high morals or fear of imprisonment are adequate to eliminate the possibility of fraud, zero resources would be allocated to the detection of fraud. Likewise, if deterrents are not adequate but prevention controls are adequate to thwart all would be perpetrators, zero resources would be spent in computer fraud detection.

For those situations where deterrents and prevention techniques are not adequate to preclude computer fraud, a methodology is presented for allocating resources to the detection of fraud in a near optimum fashion. Embedded in this methodology is the realization that organizations exist to do much more than' protect themselves from possible computer rip-offs. It is assumed that a very small percentage of organizational resources will be available for the detection of computer fraud. Further, the avail ab le resources wi 11 probably be a very small percentage of those required to track every activity and transaction through computer systems.

The research for this dissertation included several objectives.

The first objective was to assess the magnitude of the computer fraud

–  –  –

contributions of the dissertation are further highlighted in Chapter One.

The last two chapters included as Appendices A and B, deal with Investigative and Automated techniques and tools associated with the general area of audit and evaluation of propriety in computer systems.

Although the dissertation assumes a capability within organizations to examine the various components of computer systems for fraud once specific threats havE! been identified and resources made available, some background in the associated techniques and tools which are available was considered essential. In addition, the concept of "Live Monitoring" is introduced in Appendix A for those situations in today's computer environment where audit trails are not adequate or can be altered.





The most significant limitation confronting the researcher in computer fraud is the limitation on information available in the area of computer fraud occurrences. As shown in Chapter One, it has been estimated that only one percent of all computer crime is detected and only about seven percent of those that are detected are reported.

Thus, existing data on specific computer fraud cases probably represents a very small percentage of actual cases. An associated limitation is that threat assessment techniques, lacking a compreh.ensive historical data base of actual cases from which vi probabilities of various types of computer fraud may be drawn, must be subjective. The Threat Assessment technique presented in Chapter Five attempts to overcome this limitation by combining the features of the Delphi approach and the Churchman - Ackoff technique with a Matrix approach developed for this dissertation.

Several areas addressed in this dissertation would lend

themselves to additional research. The most obvious is expansion of case data. This is probably the most difficult because of the deficiencies in reporting and the hesitance of many organizations to share this information for fear of being considered vulnerable to computer fraud, therefore ineffective. It should be noted that attempts have been made without much success to expand research in this area. An example of such an attempt is provided in Chapter One.

Another candidate for research is the deterring effects of computer fraud detection capabilities, or perhaps more appropriately, the perception of these capabilities in the minds of would be perpetrators. It would be highly beneficial to know whether a small perceived detection capability would discourage only a small percentage of would be perpetrators or whether a much larger percentage would be This topic is introduced in Appendix A, where it is discouraged.

suggested, on an intuitive basis, that the latter is probably a more accurate assessment. Quantification of this relationship would greatly expand the usefulness of the Computer Fraud Detection Model presented in Figure 8 of this dissertation.

vii A final area which should provide a good research potential is expansion of the concept of "Live Monitoring" introduced in Appendix A.

In today's rapidly expanding use of distributed systems, mini and micro computers, communications networks and real-time processing, the concept of "Live Monitoring" presents challenges, both manual and automated, well beyond the cursory treatment in Appendix A.

–  –  –

A methodology is proposed for optimizing the allocation of resources in the detection of computer fraud. The methodology consists of four major segments. First, a threat assessment is performed. A general threat assessment is provided which relies upon reported incidents of computer fraud. Then, recognizing the limitations of computer fraud reporting, a specific threat assessment technique is provided which is based entirely on the characteristics of a given computer system. Both the general and specific threat assessment techniques use a matrix approach which evaluates and assigns threat values by type of computer fraud and perpetrator.

Second, a Detection Quotient is established which measures the effectiveness of computer fraud detection resource allocation for all of the possible combinations of computer fraud types and perpetrators.

However, for many computer systems, the large number of possible resource allocation alternatives results in a Combinatorial Dilemma whereby the phenomenally large number of alternatives precludes comprehensive analysis.

This leads to the third major segment of the dissertation, a General Solution to the Combinatorial Dilemma which ensures an alternative very near the optimum while evaluating only an extremely small percentage of possible alternatives.

–  –  –

This dissertation proposes a methodology for optimizing

resources in detecting computer fraud in vulnerable computer systems.

Vulnerabil ity is measured in terms of the frequency of reported cases and their significance, as measured in monetary losses.

Among the objectives of the research for this dissertation is the desire to achieve a proper perspective of the elements or parameters involved in computer fraud. The need to develop this perspective was emphasized early in the research when a computerized legal data base was searched for computer fraud cases. The search included all cases with the words "fraud" and "computer" found in the narrative description of the cases contained in the data base. The resulting extract provided numerous cases meeting these criteria.

However, the terms :'fraud" and "computer" were found to have widely varying meanings with little consistency of use from one case to another.

For example, in one case the defendant was accused of fraudulently obtaining money from persons looking for dates or marriages by inducing them to use the facilities of a "computer matching institute" without having the intent or capability of performance. In another, a computer manufacturer was charged with breach of computer warranty.

Clearly, the term "computer fraud may cause a problem in II communicating, given such diverse usage.

The word "fraud" is often used in conjunction with another word or descriptive term which attempts to define the fraud by its most readily identifiable and distinguishable characteristic. The following examples are typical: art fraud, bank loan fraud, bankruptcy fraud, check fraud, commodity fraud, consumer fraud, contract fraud, creditcard fraud, disbursement fraud, employee fraud, insurance fraud, inventory fraud, mail fraud, payroll fraud, pens.ion fraud, securities fraud, tax fraud and wire fraud.

When used with one of the above, "fraud" takes on a fairly specific meaning. Unfortunately, this is not the case when "fraud" is used with the word "computer". For instance, "computer fraud II might indicate any of the above types of fraud with computer involvement.

Further, the computer may be primarily involved in the perpetration of the fraud or may be only incidentally involved.

Generally, "fraud" refers to a deception or form of trickery perpetrated in order to secure unlawful gain where the perpetrator's gain is the victim's loss. For purposes of this dissertation, "computer fraud" wi 11 refer to any perpetration of fraud wherein the computer is actively and significantly involved. The computer will be considered actively and significantly involved when input data or data files are tampered with or when computer operations, programs or equipment are manipulated in order to perpetrate the fraud. The is not actively and significantly involved simply because compute~ fraudulent data are processed through the computer. Following these guidelines, if a person fraudulently obtains a bank loan by overstating his or her income on a loan application, the fact that the computer is used in processing the loan is only incidental and the perpetration is not considered computer fraud. On the other hand, if the same person modified the bank's personal data files or manipulated input data in order to overstate his (her) net wealth and obtain the loan, it would be considered computer fraud.

The following are several cases fitting the above guidelines which have been reported in the literature (Parker 1976, Whiteside 1978, Leibhotz and Wilson 1974).

CASE 1. PHONY MICR DEPOSIT SLIPS, WASHINGTON, D.

C.

A depositor exchanged blank deposit slips on the counter in the bank with his own magnetically coded deposit slips, giving his own account number. Norma lly processed by mach i ne, the depos it sl ips were not verified by the bank as to name and address of the depositor. He accumulated $250,000 in four days from other people's deposits. He then withdrew $100,000 and disappeared.

CASE 2. ALTERING BANK RECORDS, MINNEAPOLIS

A programmer altered the bank's demand-deposit accounting program to ignore overdrafts of $1357 before he was caught by manual accounting, only when the computer failed. He made restitution and received a suspended sentence.

CASE 3. EMBEZZLEMENT, CALIFORNIA

A ch i ef accountant embezz 1ed $1 mi 11 i on from his emp 1oyer over six years. He used the company's computer to financially model his company. The model gauged which changes in accounts receivable and payable would remain undetected in auditing, then performed the indicated alterations. He was convicted and "given a ten-year prison term.

CASE 4. POPULATION REGISTRY DATA THEFT, SWEDEN



Pages:   || 2 | 3 | 4 | 5 |   ...   | 16 |


Similar works:

«Fast Algorithms for the Free Riders Problem in Broadcast Encryption Zulfikar Ramzan1 and David P. Woodruff2,3 Symantec, Inc. zulfikar ramzan@symantec.com MIT dpwood@mit.edu Tsinghua University Abstract. We provide algorithms to solve the free riders problem in broadcast encryption. In this problem, the broadcast server is allowed to choose some small subset F of the revoked set R of users to allow to decrypt the broadcast, despite having been revoked. This may allow the server to...»

«Mnemonic Password Formulas Remembering Secure Passwords May, 2007 I)ruid, C2 ISSP druid@caughq.org http://druid.caughq.org Abstract The current information technology landscape is cluttered with a large number of information systems that each have their own individual authentication schemes. Even with single sign-on and multi-system authentication methods, systems within disparate management domains are likely to be utilized by users of various levels of involvement within the landscape as a...»

«SEMI AUTOMATED BARTERING OF DIGITAL GOODS AND SERVICES IN PERVASIVE ENVIRONMENTS By Olga V. Ratsimor THE UNIVERSITY OF MARYLAND, BALTIMORE COUNTY BALTIMORE, MARYLAND c Copyright by Olga V. Ratsimor, 2005 Abstract The vision of mobile personal devices querying peers in the environment for information such as local restaurant recommendations or directions to the closest gas station, or traffic and weather updates has long been a goal of the pervasive research community. However, considering the...»

«The First Year: A Beginner’s Guide to the Most Common Mosses of the Gila By Russ Kleinman & Karen Blisard Introduction “They all look the same to me—you mean there’s more than one? How many are there? “ Those are questions I had one year ago when I started looking at mosses in the Gila. Maybe some of you have had these questions also. There are thousands of species of mosses in the world, hundreds in the state of New Mexico, and probably over 200 in the Gila National Forest. I wanted...»

«W03-17 7/3/03 THE STRUGGLE TO GOVERN THE COMMONS by Thomas Dietz, Elinor Ostrom, and Paul C. Stern [order TBD] In 1968, Garrett Hardin (1968) drew attention to two factors that drive environmental change. One is increased demands on natural environment (stemming from growth in human population and in consumption). The other is the ways in which humans organize themselves to extract resources from the environment and contribute effluent to it-what social scientists refer to as institutional...»

«Examining Students’ Attitudes toward Blended Learning in Adult Literacy and Basic Skills Programs Louise Markovich A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Arts in Education in The Faculty of Education University of Ontario Institute of Technology March 2016 © Copyright by Louise Markovich 2016 2 Abstract Literacy and Basic Skills (LBS) programs offer adult learners, with low literacy and basic skills, opportunities to improve employment...»

«Mythic Guilt and the Burden of Sin in Ellison's Invisible Man STUART NOBLE-GOODMAN A S JIM TRUEBLOOD BEGINS his tale of incest in Ralph Ellison's Invisible Man, the protagonist hears something rattle against the porch upon which the three men are sitting. Leaning down, he picks it up, noting that It was a hard red apple stamped out of tin (53). Trueblood has just taken a bite of a plug of tobacco, and this passing detail introduces the motif of original sin in the novel, a motif Ellison employs...»

«Status report ASSERT November 2006 Background Applying paleo-data to constrain uncertainty in future climate change is often considered to play a crucial role for providing shaper climate projections. Yet it is unclear to what extent the past is a good analogue for the future and the concern is raised that the climate system may exhibit a different forcing-response characteristic when increasing rather than decreasing GHG concentrations. Asymmetry in the feedback strengths for cooling and...»

«Carrefours Le VCE de français aujourd’hui Volume 28 Numéro 1 Avril-Mai 2009 Philippe Vallantin President Bialik College Alice Bray Vice President Ruyton Girls’ College Frances Hastie Treasurer Lilydale High School Alison Clifford-Daly Secretary Isabelle Mangeot-Hewison Editor Carrefours St Michael’s Grammar School Eva Anderson Minutes Secretary Toorak Primary School Kathy MacFarlane Webmaster Ruyton Girls’ School Gretchen Bennett Laurence Brottes St Michael’s Grammar School Tasha...»

«A FLEXIBLE SOLUTION FOR FLNG OFFLOADING Marc Cahay Department Manager, New Technology Offshore Eric Luquiau R&D Manager, New Technology Offshore Cyril Morand Offshore Unit, Substructure & System Manager Technip Paris, France ABSTRACT Floating Liquefied Natural Gas (FLNG) units under development for decades are now becoming reality. They combine design and installation of LNG units with traditional “FPSO”. It also requires a reliable system able to offload the LNG in the open sea and in...»

«Ing. Luis Estrada Geotermia G E O T E R M I A Ingeniero Luis Alberto Estrada Departamento de Geodesia y Topografía Facultad de Ciencias Exactas y Tecnología Universidad Nacional de Tucumán Depto. de Geodesia y Topografía – Facultad de Ciencias Exactas y Tecnología – Universidad Nacional de Tucumán 2013 1 Ing. Luis Estrada Geotermia GEOTERMIA Su grado de desarrollo como generadora de energía eléctrica y sus usos directos. El Campo geotérmico Taco Ralo – Río Hondo. La presente...»

«A STUDY OF POVERTY AND PROSPERITY IN THE BOOK OF PROVERBS A Thesis Presented to the Faculty of the Department of Semitics and Old Testament Studies Dallas Theological Seminary In Partial Fulfillment of the Requirements for the Degree Master of Theology by C. Frederick Tempies August 1980 TABLE OF CONTENTS Chapter I. INTRODUCTION 1 Need for the Study Purpose of the Study Procedure of the Study II. THE DEFINITION OF POVERTY AND PROSPERITY 6 Terms for poverty Terms for prosperity Synonyms for...»





 
<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.