Professional Documents
Culture Documents
Ais Report
Ais Report
- Describe computer fraud and misuse of AIS and corresponding risk-mitigation techniques.
The goal of information security management is to protect the confidentiality, integrity and availability
(CIA) of a firm’s information this CIA is the most recognize acronyms in the security industry
Integrity- (information is accurate and complete) or an integrity naman is amo an nag eensure na an
data na gin stored on the devices is correct ngan waray unauthorized persons or malicious software
has altered data
Availability- (information and systems are accessible on demand) or kun baga an availability ensures
network resources are readily accessible para han authorized users although it usa na secure
computer must restrict access attempts by unauthorized users it still must allow immediate access to
authorized users
NEXT WE HAVE Information Security Risks and Attacks. Information security risks and attacks include:
• Virus – A self-replicating program that runs and spreads by modifying other programs or files . we all
know virus naman diba since prominent na inin hiya, so virus is self-replicating or it attaches itself to
file. You can get virus from downloading infected files or thru filesharing activities.
Then • Trojan horse – A non-self-replicating program that seems to have a useful purpose in
appearance, but in reality has a different, malicious purpose. or more like naka disguise la ini hi trojan
horse as a legitimate na software for you to execute malicious software on your computer.
Also a • Spam – Sending unsolicited bulk information - spam is sending messages/ attachment to your
device mostly thru emails so we need to be cautions when opening an email kay it might contain
viruses
Next is • Botnet (Bot) – A collection of software robots that overruns computers to act automatically in
response to the botherder’s control inputs through Internet. Or also botnet is a network of hijacked
computers and devices infected with bot malware and remotely controlled by a hacker it
botnet is gingagamit to send spam
Then • Denial-of-service (DoS) – The prevention of authorized access to resources (such as servers) or
the delaying of time-critical operations. Also dos it’s a kind of attack meant to shut down a
machine or network, making it inaccessible to its intended users
Next is • Spyware – Software that is secretly installed into an information system to gather information
on individuals or organizations without their knowledge of; a type of malicious code. ha spyware naman
from the word spy which is gin rerecord niya an mga websites na gin visit ni user also information
about the users computer system
Then • Spoofing – Sending a network packet that appears to come from a source other than its actual
source. So bali spoofing is pretending to be someone you should trust in order to access
sensitive personal information.
Lastly is • Social engineering – is manipulating someone to take certain action that may not be in that
person’s best interest such as revealing confidential information or granting access to physical assets,
networks, or information. Or basically it social engineering is a manipulating technique na gin gagamit
it hackers to rick people into giving their sensitive and confidential information so this happen in
actual coomunication between the attackers ngan an victim.
ENCRYPTION AND AUTHENTICATION
- The (CA) or certificate Authority is a trusted entity that issues and revokes digital certificates.
- Then Digital Certificate, digital certificate is a digital document issued and digitally signed by the private key of
a Certificate Authority that binds the name of a subscriber to a public key.
-Lastly is the PKI or public key infrastructure is a set of policies, processes, server platforms, software and
workstations used for the purpose of administering certificates and public-private key pairs, including the ability
to issue, maintain, and revoke public key certificates.
According to the fraud triangle, three conditions exist for a fraud to be perpetrated.
BTW ini na fraud triangle is a framework used to explain the reason behind an individual’s decision to commit
fraud. And inin na three is..
• Incentive: nag proprovide hin reason to commit fraud. alternatively called pressure, refers to an employee’s
mindset towards committing fraud.
•then Opportunity: for fraud to be perpetrated. Opportunity refers to circumstances that allow fraud to occur.
In the fraud triangle, it is the only component that a company exercises complete control over.
•last is Rationalize or rationalization: the individuals committing the fraud possess an attitude that enables them
to rationalize the fraud.
One reason for uncertainty is that computer fraud is diri hiya well defined. For example, some people gin
coconsider nira na unethical or illegal it copying commercial computer software. On the other side of this
issue naman is, software vendors consider such acts to be criminal. pero Regardless of how broadly
computer fraud is defined, it is still rapidly growing
And Here are some COMMON COMPUTER FRAUD
- Where The theft, misuse, or misappropriation of assets by altering computer-readable records and
files.
- The theft, misuse, or misappropriation of assets by altering the logic of computer software.
- The theft or illegal use of computer-readable information.
- The theft, corruption, illegal copying, or intentional destruction of computer software.
- The theft, misuse, or misappropriation of computer hardware.
*So Given an identified possible fraud, exposures are the management’s estimates of the potential loss
from the fraud.
*And when we say computer fraud risk assessment it’s a systematic process that assists management and
internal auditors in discovering where and how fraud may occur and whom may commit the specific fraud.
*then an computer fraud risk assessment is often a component of a firm’s enterprise risk management
(ERM) program.
THEN WE HAVE HERE THE STEPS ON HOW TO identify computer fraud firs is
• Identifying relevant IT fraud risk factors.
• Identifying potential IT fraud schemes and prioritizing them based on likelihood and impact.
• Assessing the likelihood and business impact of a control failure and/or a fraud incident