2. Computer Fraud Pertemuan XVI Matakuliah: F0184/Audit atas Kecurangan Tahun: 2007

3. Bina Nusantara Mahasiswa diharapkan dapat mengidentifikasi metode- metode kecurangan berbasis komputer Mahasiswa diharapkan mampu mengetahui pengendalian yang diperlukan untuk mengatasi kecurangan berbasis komputer Learning Outcomes 3

4. Bina Nusantara Computer fraud category Computer Fraud Theory Nature of Computer Fraud Type of Computer Fraud Internal Control for Computer Fraud Outline Materi 4

5. Characteristics of the Computer Environment Data are concentrated in one place The storage medium is vulnerable The audit trail may be obscure Visible records may be nonexistent Programs and Data can be altered leaving no trace of the alteration Tampering can be carried out almost instantly Network increase the risks Bina Nusantara

6. Characteristics of the Computer Environment (Con’t) Computer systems are not widely understood Security features are not always built in Internal control features may be inadequate Trusted Personnel may circumvent controls Bina Nusantara

7. Vulnerability in the Computer Crimes Almost all corporate data stored in the corporate database Internal and often external parties can access to the system Programs or Applications only need to be changed or modified without permission once Computer system face a number of unique challenges Bina Nusantara

8. Categorization of Threats to Computer Systems Theft, including theft of assets, data, and programs Manipulations, including the additions or deletions of information in data files or program Theft of computer time Bina Nusantara

9. Computer Fraud Classifications Processor fraud Data Fraud Output fraud Program fraud Input Fraud Bina Nusantara

10. Computer Fraud Techniques Adware Data diddling Data leakage Denial of Service Dictionary attack Eavesdropping Email forgery Email threats Hacking Hijacking Identity theft Internet misinformation Internet terrorism Key logger Logic time bomb Masquerading Packet Sniffing Bina Nusantara

11. Computer Fraud Techniques (Con’t) Password cracking Phishing Phreaking Piggybacking Round-down Salami techniques Scavenging / dumpster diving Shoulder surfing Social Engineering Software piracy Spamming Spyware Superzapping Trap door Trojan horse Virus War dialing Worm Bina Nusantara

12. Prevention Method Develop a strong internal control system Proper segregation duties Segregate the accounting functions of authorization, recording, and custody Restrict physical and remote access to authorized personnel Adequate supervisory control Use properly designed documents and records to capture and process transactions Safeguard all assets, records and data Bina Nusantara

13. Prevention Method (Con’t) Require independent checks on performance Implement computer based controls over input, process, storage, transmission, and output Encrypt stored and transmitted data and programs to protect them from unauthorized access and use Fix known software vulnerabilities Bina Nusantara