computer fraud pertemuan xvi matakuliah: f0184/audit atas kecurangan tahun: 2007
Post on 21-Dec-2015
233 views
TRANSCRIPT
Computer FraudPertemuan XVI
Matakuliah : F0184/Audit atas KecuranganTahun : 2007
Bina Nusantara
• Mahasiswa diharapkan dapat mengidentifikasi metode-metode kecurangan berbasis komputer
• Mahasiswa diharapkan mampu mengetahui pengendalian yang diperlukan untuk mengatasi kecurangan berbasis komputer
Learning Outcomes
3
Bina Nusantara
• Computer fraud category • Computer Fraud Theory• Nature of Computer Fraud• Type of Computer Fraud• Internal Control for Computer Fraud
Outline Materi
4
Characteristics of the Computer Environment
• Data are concentrated in one place• The storage medium is vulnerable• The audit trail may be obscure• Visible records may be nonexistent• Programs and Data can be altered leaving no
trace of the alteration• Tampering can be carried out almost instantly• Network increase the risks
Bina Nusantara
Characteristics of the Computer Environment (Con’t)
• Computer systems are not widely understood• Security features are not always built in• Internal control features may be inadequate• Trusted Personnel may circumvent controls
Bina Nusantara
Vulnerability in the Computer Crimes• Almost all corporate data stored in the corporate
database• Internal and often external parties can access to
the system• Programs or Applications only need to be
changed or modified without permission once• Computer system face a number of unique
challenges
Bina Nusantara
Categorization of Threats to Computer Systems
Theft, including theft of assets, data, and programs
Manipulations, including the additions or deletions of information in data files or program
Theft of computer time
Bina Nusantara
Computer Fraud Classifications
Bina Nusantara
Computer Fraud Techniques• Adware• Data diddling• Data leakage• Denial of Service• Dictionary attack• Eavesdropping• Email forgery• Email threats• Hacking
• Hijacking• Identity theft• Internet
misinformation• Internet terrorism• Key logger• Logic time bomb• Masquerading• Packet Sniffing
Bina Nusantara
Computer Fraud Techniques (Con’t)• Password cracking• Phishing• Phreaking• Piggybacking• Round-down• Salami techniques• Scavenging /
dumpster diving• Shoulder surfing
• Social Engineering• Software piracy• Spamming• Spyware• Superzapping• Trap door• Trojan horse• Virus• War dialing• WormBina Nusantara
Prevention Method• Develop a strong internal control system• Proper segregation duties• Segregate the accounting functions of
authorization, recording, and custody• Restrict physical and remote access to authorized
personnel• Adequate supervisory control• Use properly designed documents and records to
capture and process transactions• Safeguard all assets, records and data
Bina Nusantara
Prevention Method (Con’t)• Require independent checks on performance• Implement computer based controls over input,
process, storage, transmission, and output• Encrypt stored and transmitted data and
programs to protect them from unauthorized access and use
• Fix known software vulnerabilities
Bina Nusantara