FREE ELECTRONIC LIBRARY - Dissertations, online materials

Pages:     | 1 | 2 || 4 | 5 |   ...   | 16 |

«Item type text; Dissertation-Reproduction (electronic) Authors DUNN, THURMAN STANLEY. Publisher The University of Arizona. Rights Copyright © is ...»

-- [ Page 3 ] --

Many of the literature citations above provide guidance to auditors, managers and computer specialists regarding internal controls, audit techniques, physical security and related procedures.

Some of the authors refer to the magnitude of particul ar types of computer fraud while others base their guidance on the frequency of occurrence. Clearly, adherence to the advice offered by these authors wou 1d greatly reduce computer fraud. Unfortunate ly, most prevention and detection techniques are labor intensive and many require expertise and human resources not available to most institutions.

The methodology for detecting computer fraud proposed in this dissertation is based on the premise that expertise and human resources are scarce resour·:es that wi 11 continue to be inadequate to fully implement labor intensive prevention and detection techniques.

Summary of Contributions A considerable amount of literature was reviewed in preparation for and development of this dissertation. The objective of this research was to identify and evaluate eXisting data and methodologies in computer fraud detection and, then, to add significantly to the literature on this subject.

The major contributions of this dissertation which are either unique or over and above existing literature on computer fraud detection are summarized below.

Vulnerability Formula The literature reviewed primarily looked Qt past occurrences of computer fraud in terms of their dollar magnitude or frequency of = Frequency (F) times Impact occurrence. The Formula Vulnerability (V) (I) introduced in Chapter Two combines these two factors and computes a vulnerabi 1ity value for major cases reported in the 1iterature. These values are then used in identifying combinations of computer systems and perpetrator types most vulnerable to fraud. The literature search did not reveal a comparable treatment.

Computer Fraud Detection Model A model is introduced in Chapter Three which addresses the relationship between Computer Fraud Detection and the closely related subjects of Computer Fraud Deterrence and Computer Fraud Prevention.

Formal treatment of these relationships is an extension of several informal references found during the research.

Threat Analysis The Threat Analysis in Chapter Three, utilizing the Threat Matrix and Vulnerability Formula cited above, is an expansion of severa 1 sources from the 1iterature. As presented, it represents a unique methodology of analyzing Computer Fraud Threats based on reported cases.

Computer Fraud Detection - A Resource Optimization Problem The formal treatment of fraud as a resource optimization

problem in this dissertation is unique in contrast to other

methodologies found in the literature.

Detection Quotient The Detection Quotient presented in Chapter Four is unique to this dissertation. This quotient was developed specifically to fac i 1i tate the treatment of Computer Fraud Detect i on as a Resource Optimization Problem.

–  –  –

"Churchman-Ackoff" techniques, in conjunction with the Matrix approach presented in the dissertation forms a unique approach.

Controls Analysis The formal treatment of computer Fraud Controls as an extension to the Threat and Risk Assessment methodologies discussed above forms a unique conjunctive treatment of Controls and Threats to quantify PostControl Threat Values.

Combinatorial Dilemma The solution to the Combinatorial Dilemma presented in Chapter Six forms a unique methodology for reaching a quantifiably definable near optimum alternative where the phenomenally large number of possible alternatives precludes total analysis.

Resource Optimization Model The model in Chapter Seven developed for this dissertation is a unique methodology for optimizing the utilization of resources in the detection of computer fraud.


–  –  –

The purpose of this typology is to identify, through manipulation schemes which have been reported to date, computer systems or situations which are vulnerable to computer fraud based on both frequency of occurrence and dollar impact. For this methodology, the

formula for vulnerability is:

Vulnerability (V) = Frequency (F) times Impact (I) V = FI where F = relative frequency of occurrence and I = dollar cost of occurrence It should be noted that, due to the limitations on information it is not possible to develop an available in computer fraud, exhaustive typology. While it is probably reasonable to assume that a large number of undetected or unreported computer frauds simply follow the patterns found in those which have been detected and reported, this assumption cannot be substantiated. Thus, there may be undet~cted computer frauds which could affect the outcome of the typology.

The typology is based on IIbest available" data. However, it should be viewed from the standpoint of the above limitations.

Hopefully, information on the subject of computer fraud wi 11 improve with future legislation and research.

The typology is based upon cases which have been reported through some form of media or discovered through various investigative efforts; Nearly all researchers or authors now writing on the subject of computer fraud cite the work of Donn B. Parker at the Stanford Research Institute (SRI) (Wagner 1979).

SRI involvement in computer abuse began in the mid 1960 1s. Information gathering since that time by Parker has resulted in an extensive database, including hundreds of cases of computer abuse, a subset of which is computer fraud. The research effort being conducted by Mr. Parker and his assoc i ates at SRI is probab ly the on ly one not restricted to specifically defined boundaries such as country, state, local governmental jurisdiction, for-profit organization, not-forprofit organization, industry, profession or discipline. Computer fraud detection, while not the main thrust of Parker1s work, is certainly an integral part of the broader topic of computer security.

Although it is generally desirable for a researcher to go to the raw data rather than use secondary sources, it is just not possible to establish a database of computer fraud incidents to rival Parker1s.

Thus, his database along with a rather extensive collection of governmental computer fraud cases by the General Accounting Office will provide the primary sources of data for this typology.

There are numerous ways of categorizing or classifying computer fraud cases. A few of the more common are by type of organization vi ct imi zed, by type of computer system, by do 11 ar magn i tude and by perpetrator type or position. Many discussions have appeared in the literature which categorize computer fraud in one way or another.

(Parker 1976, Allen 1977, Krauss and MacGrahan 1979, and GAO Report FGMSD-76-27, 1976).

Allen (1977) analyzed most of the publicly documented fraud cases detected at the time, focusing on 150 major cases contained in Parker's data base at SRI. At approximately the same time, the General Accounting Office (GAO) was analyzing computer-related crimes in federal programs {GAO 1977}.

A categorization of Allen's cases, consolidated with federal government cases from GAO's survey, is presented in Figure 1.

Examination of Figure 1 indicates that the most costly fraud type is corporate accounting and inventory control frauds with average losses of $1.3 million; second is payments to other individuals at the state and local government level with average losses of $487 thousand; third are corporate payment to creditor frauds with average losses of $324 thousand and so on.

Further analysis of Figure 1 'lndicates that, in terms of total average losses, corporations are first with average losses of $621 thousand; state and local governments are second with average loss totals of $329 thousand; banks/savings and loan companies third with $193 thousand; and the federal government is fourth with average loss totals of $45 thousand.

Many such comparisons can be made from Figure 1 and various conclusions may be drawn. Recall, however, that the methodology for this dissertation analyzes computer fraud in terms of vulnerabil ity with the formula for vulnerability expressed as: Vulnerability (V) = Frequency {F} times Impact {I}.

In Figure 2, relative frequencies of occurrence {F} were derived by dividing the y values in Figure 1 {total cases in each cate

–  –  –

Amount of loss unknown * One case of $6.8 million deleted from figures to avoid distortion ** *** GAO cases were categorized simply as "Fraudulent Direct Payments" Note: The average loss figure is based upon x cases out of y total cases in that category where (xy) is shown just to the right of the average. Losses in some cases were unavailable or eliminated for other reasons.

–  –  –

* Amount of loss unknown ** One case of $6.8 million deleted from figures to avoid distortion *** GAO cases were categorized simply as "Fraudulent direct payments" Figures in parentheses are relative frequencies of occurrence


-- (F) which were derived by dividing the y values in Figure 1 (total cases in each category) by 146 (total cases in all categories).

Figure 2. Relative Frequency of Occurrence and Average Loss of Computer Fraud by Type of Scheme and Victim Organization parentheses beside the average loss values.

The average loss values represel1t the "1" values. The vulnerability for each category is computed by using the formula V = FI. The resulting values for "V" are shown in Figure 3.

–  –  –

Figure 3. Vulnerability by Type of Computer System and Organization It should be noted that the values in Figure 3 are not "expected values" but rather indicators of relative vulnerabilities of different types or computer systems.

Recall that the formula for vulnerability is based on "frequencies" of reported fraud rather than "probabilities"; which would be required to compute expected values.

Given the fact that computer fraud is a serious problem, the primary concern at this point is to identify systems which are most vulnerable and emphasize those in detection procedures. From this point on, when referring to the "V" values from Figure 3, the "000' S" and dollar signs will be dropped. Thus, instead of referring to a "V" value of $89,050 for "corporate accounting and inventory control fraud", it will be referred to as V = 89.05.

It is readily apparent that in terms of vulnerability as defined here, "corporate accounting and inventory control fraud" is the = 89.05.

most significant with V Examining Figure 1 again, this same category is also most significant in terms of absolute dollars with average losses of $1.3 million. This relationship also holds true for our second highest "V" value, "state and local government --payments to other individuals" with V=29.99. Figure 1 illustrates that this same category is second highest in terms of absolute dollars with average losses of $487,000.

However, the relationship does not hold for the third highest "V" value, "banks/savings and loan -- payments to creditors" with V=20.71. Figure 1 shows the third highest category in terms of absolute dollars is "corporate payments to creditors" with average losses of $324,000. Neither does the relationship hold for computer fraud by type of organization. Notice that the aggregate "V" value for banks/savings and loan companies of 44.95 is clearly second highest in Figure 3. In terms of absolute dollars, however, state and local governments are clearly second highest with average losses of $329,000.

When viewed in terms of their vulnerabi 1ities as defined in this dissertation, the relative significance and the resulting prioritization of computer fraud types varies from a ranking based strictly on average dollar losses.

A listing of the computer fraud types from Figure 3 is presented again in Figure 4, but in descending order of vulnerability.

It is apparent from Figure 4 that in terms of computer systems categorized by both type of system and organization, corporate accounting/inventory control fraud leads in vulnerability by a comfortable margin with V=89.05, compared to its closest competitor payments to other individuals by state and local governments with a V= 29.99. It is interesting to note that the V" value for corporate II accounting/inventory control systems is 4,452 times larger than the "V" value for payments to employees by banks/savings and loan.

Many such comparisons may be made and they can be quite valuable in prioritizing or ranking specific types of computer fraud by vulnerability and need for emphasis. Further summarization is also possible due to the many similarities between the types of fraud in Figure 4. For example, there should be many similarities between "payments to creditors - bank/savings and loan" and "payments to creditors -corporations". Likewi se, there should be many simi larities between "accounting/inventory control-corporation" and "accounting and inventory control - federal government ll • By following this logic we see that there are four broad categories of computer fraud in Figure 4: accounting/inventory control; payments; collections/deposits; and billings frauds.

–  –  –

Computer fraud detection would be relatively simple if we could track every transaction or change through automated systems and observe the impact and propriety at each step. This level of surveillance should, in fact, eliminate most computer fraud since very few potential perpetrators would be likely to tackle the high odds of getting caught in such an environment.

However, it is just not feasible to implement this methodology in most systems. Many systems today process hundreds of thousands or millions of transactions per month. Given even a minimal effort to fully track a transaction or change through large, often integrated systems, it would take huge cadres of people and massive amounts of money to implement such a program. Add real-time or near real-time processing and the feasibility of the approach is doubtful because of time criticality even with unlimited human and dollar resources.

The purpose of this chapter is to present a methodology which, recognizing time, people and dollar constraints, identifies threats to automated systems and ranks them, allowing efficient utilization of limited resources in the detection of computer fraud.

Pages:     | 1 | 2 || 4 | 5 |   ...   | 16 |

Similar works:

«1 gronkowski white jersey.1 custom hockey jerseys for cheap.2 authentic cheap nfl jerseys.3 cheap ny rangers jerseys.4 cheapest custom nba jerseys jd.5 mark sanchez autographed jersey.6 cheap womens nfl jerseys authentic.7 cheap hockey jersey.8 cheap nfl replica jerseys.9 cheap authentic pittsburgh steelers jerseys.10 buccaneers jersey cheap motels.11 cheap nfl jerseys china.12 cheap cavs jerseys.13 49 ers jersey.14 real madrid jerseys cheap.15 soccer jerseys online cheap.16 seahawks jerseys...»

«BUSPIRONE HYDROCHLORIDE HYDROCHLORIDE TABLETS 5/10/15/30MG Material Safety Data Sheet 1. CHEMICAL PRODUCT AND COMPANY IDENTIFICATION Product name: Buspirone Hydrochloride Tablets USP Material Name: Buspirone Hydrochloride Chemical formula of active ingredient: C21H31N5O2 • HCl Chemical name of active ingredient: 8-[4-[4-(2-pyrimidinyl)-1-piperazinyl]-butyl]-8-azaspiro [4,5] decane-7,9dione monohydrochloride How supplied: 5 mg, 10mg, 15mg & 30mg Use: Anti-anxiety Supplier of Data: Strides...»

«IP/10/843 Bruselas, 28 de junio de 2010 Telecomunicaciones: nuevas medidas para prevenir las facturas exorbitantes por los servicios de datos en itinerancia a partir del 1 de julio; topes de precios más bajos para las llamadas en itinerancia (See also MEMO/10/279) A partir del 1 de julio de 2010, los consumidores ya no tendrán que preocuparse por encontrarse accidentalmente con facturas exorbitantes por sus conexiones a Internet a través de las redes móviles por teléfono u ordenador cuando...»

«The African Symposium: An online journal of the African Educational Research Network TOWARDS REHABILITATING THE VIOLENT MILITANT AFRICAN YOUTH: A PSYCHOANALYSIS OF THE DISTRESSED NIGER DELTA MOTHER IN AHMED YERIMA’S HARD GROUND Adeyemi ADEGOJU Obafemi Awolowo University Abstract Considering the spate of violent conflicts across African countries and the involvement of the youth in the conflicts, there is an inevitable clash between the social values that children should imbibe in normal...»

«ANATOMY OF AN UPRISING: WOMEN, DEMOCRACY, AND THE MOROCCAN FEMINIST SPRING Karla Mari McKanders* Abstract I.INTRODUCTION II.BACKGROUND ON THE MOUVEMENT DU 20-FÉVRIER III.WOMEN’S RIGHTS AND THE MOUVEMENT DU 20-FÉVRIER. 159 A. Mouvement du 20-Février Leaders B. Status of Women’s Rights in Morocco C. Feminist Spring Demands for an Equitable Constitution. 163 IV.ANATOMY OF AN UPRISING: RE-APPROPRIATING WOMEN’S SPACE IN DEMOCRACY A. Religion and Revolution: Secular Moroccan Feminism...»

«MONROE LAKE MASTER PLAN Monroe Lake, Ohio River Basin Salt Creek, Indiana US Army Corps of Engineers Louisville District Preliminary Draft Submittal December 11, 2015 Contract W912QR-14-D-0002 Monroe Lake Master Plan Table of Contents Page 1.0 Introduction and Background 1.1 Authorization 1.2 Authorized Project Purposes 1.2.1 Flood Risk Management 1.2.2 Water Supply 1.2.3 Water Augmentation 1.2.4 Recreation 1.2.5 Fish and Wildlife Management 1.3 Prior Master Plans 1.4 Application of Public Laws...»

«This is the author’s version of a work that was submitted/accepted for publication in the following source: Ryan, Mary E. & Ryan, Michael (2012) Theorising a model for teaching and assessing reflective learning in higher education. Higher Education Research and Development. This file was downloaded from: http://eprints.qut.edu.au/45667/ c Copyright 2011 Taylor & Francis This is an electronic version of an article published in [Higher Education Research and Development, (2013)]. [Higher...»

«Original language: English SC65 Doc. 50.2 (English only / únicamente en inglés / seulement en anglais) CONVENTION ON INTERNATIONAL TRADE IN ENDANGERED SPECIES OF WILD FAUNA AND FLORA Sixty-fifth meeting of the Standing Committee Geneva (Switzerland), 7-11 July 2014 Reports of regional representatives ASIA This document has been submitted by Kuwait*. 1. 2. General information: Regional Representative: Indonesia, Japan, Kuwait Alternate Regional Representative: China, Jordan, Saudi Arabia...»

«RESTORATIVE EROTICA: “LET THE FRIEND, AND THE LOVER BE HANDSOMELY MIXED” By Ruth Anne Holton-Johnson April, 2012 Director of Thesis: Rick Taylor Major Department: English Lady Mary Wortley Montagu expected the people of Imperial Britain to respect her choices and her true identity, but because they didn’t she was forced into the arms of another country, and furthermore women of other countries. Having empowered herself by transcending typical gender roles of the time, Montagu chose...»


«Welcoming Notes Student Charter Student Affairs International Division Academic Calendar 2015 Student Services Appendix A Fees and Refund Library ICT University Life Housing and Recreation Services Campus Facilities Clubs and Associations Student Council Campus Security Welcoming Notes Professor Jim Mienczakowski Pro Vice Chancellor/Chief Executive, Curtin University, Sarawak Malaysia Welcome to Curtin Sarawak. Firstly, let me congratulate you on achieving a very important milestone that is,...»

«Psalm 42 The Psalm of our Souls March 2000Revised June 2000 Sermon Text: Hear the Word of the LORD! NKJ Psalm 42:1 To the Chief Musician. A Contemplation of the sons of Korah. As the deer pants for the water brooks, So pants my soul for You, O God. 2 My soul thirsts for God, for the living God. When shall I come and appear before God? 3 My tears have been my food day and night, While they continually say to me, Where is your God? 4 When I remember these things, I pour out my soul within me. For...»

<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.