Data

Copy and paste the text below. It is read-only. Select All

Threat any danger to which a system may be exposed Risk Likelihood that threat will occur unintentional what type of acts are the greatest risk to IS and greatest money loss employee neglogence greatest threat sabotage intent to destroy or harm a system or some components cookie data that websites store on your computer to identify their websites to your computer and to identify you to the web site so that you dont have to log in each time fraud gaining an unfair advantage over another person. Legally for an act of fraud there must be -false statement -material fact -intent to decieve -justifiable reliance -injury or loss suffered by a victim missapropriation of assets employee fraud, theft of a companies assets ffr intentional or reckless conduct. whether by act or omission, that results in materially missleading financial statements inflating revenues most frequent way executives "cook the books" is by ___ ___ fictiously reasonable assurance an auditor has responsibility to plan and perform the audit to obtain ___ ___ about whether the fin statements are free of material misstatements whether caused by error or fraud actions of reduce possibility of ffr -create enviorment of integrity -identify and understand the factors that lead to fraud -assess the risk -act on it (design and implement controls) completeness trace up existence/occurence vouch down true true or false. ar= rmm x dr ir x cr dr=detection risk, cr=control risk, rmm-risk of material miss., ir=inherent risk fraud triangle oppurtunity,rationalization, pressure pressure persons incentive or motivation for commiting fraud oppertunity conditon or situation thats allows a person or org to: -commit fraud -conceal fraud -convert theft or missrep to personal gain rationalization allows perpitraitiors to justify their behavior lapping concealing the theft of cash by means of a series of delays in posting collections to accounts (conceal fraud of oppertunity) kiting perpitraitor creates cash by taking advantage of timing lag b/w depositing a check and the check clearing the bank (conceal fraud of oppertunity) computer fraud any illegal act for which knowledge of computer technology is essential for its perpetraiton investigation or prosectution (difficult to detect-reduced audit trail) input fraud simplest, most commen, alter or falsify computer input processor fraud unauthorized system use, including theft of computer time and services comptuer instructions fraud tampering with the software that processes company data (least common, need special knowledge) data fraud greatest exposure to data fraud comes from employees with access to the data. Most frequent is use of company data output fraud computer output, displayed on monitors or printed paper, can be stolen or misused. Prying eyes or unauthorized copying hacking accessing and using computer systems wothout permission denial of service attack sending email bombs from radomly generated false addresses spamming email an unsolicited message to many people at the same time password cracking penetrating system defence and stealing valid passwords data didding changin date, before, during, and after entered data leakage copying company data without permission salami technique stealing tiny slices of money overtime phreaking attacking phone systems and using telephone lines to transmit viruses to access, steal data economic espionage theft of information, trade secrets, intellectual property cyber extortion requiring a company to pay a specified amount of money to keep extortionist from harming electronically internet terrorism using internet to disrupt communication & electronic commerce internet misinformation using internet to spread false/misleading information bot herders hijacked computers zombies infected machines social engineering tech. used to obtain confidential information, often by tricking people identity theft assuming someones identity usually for economic gain, by legally obtaining and using confidential information pretexting people act under false pretense to gain confidential information posing creating a seemingly legitimet business, collecting and never delivering a product phishing sending an email, IM, email, pretending to be an legitamit company and requesting information vishing email recipiants make call and a recording tells them to order confidential data typosquatting URL hijacking, names with very similiar real web sites dumpster diving gaining information by searching coporate and personal records shoulder surfing watching or listening to peolple giving out confidential information skimming double swiping a credit card or swing on side for later use chipping posing as a service engineer and planting a small chip in a legitamate credit card reader eavesdropping observ private communications or transmissions of data spyware secretly collects personal information about users and sends it to someone else without users permission adware type of spyware thats causes banner ads to pop up on a monitor as users surf the internet-collect infor on surfers habits etc. key logger records computer activity, email,etc trojan horse set of malicious computer instructions in an authorized and otherwise properly fuctioning program packet sniffers programs that capture data from information packets as they travel over the internet stegangraphy hige data from one file inside another file virus segment of self replicating, executable code that attaches itself to a file or program, needs human, infects programs worm segment of self replicating, stand alone program, activily is searching and continuing on, harms networks