chapter 5.pptx: drainage and irrigation engineering
Unit4 next
1.
2. Security implication for organization
• Security risks within an organization include-
• Processing of Fraudulent transactions.
• Unauthorized access to data & program files
• Physical theft or damage of equipment
3. Fraud
• Fraud can be defined as the manipulation of the records of an
organization to conceal an illegal act (normally the theft r other
assets).
• Computer fraud is increasing at alarming rate.
• Employee defraud the organisation whenever the security and
internal control is lax.
4. The most common fraud tactics are
• Entering fictitious transaction:
• Entering fictitious transaction Most common type of fraud committed
by employees.
• They use the system in the normal way to enter into a transaction. No
special technical knowledge is required. Employees relies on the fact
that management supervision of process is weak.
• Modification of computer files:Modification of computer files
5. • Password protection is the most common method of protecting corporate data.
• Fraudulent transaction are often carried out by unauthorized users who manage to gain
access to the corporate network by using the login details of another user.
• One way of achieving this is through a terminal spoof- a simple yet effective approach to
finding other user’s passwords.
• Unauthorized data access contd..:Unauthorized data access contd .. Other dangers of
which managers should be aware include the Trojan horse in which code is added to a
program ,which will activate under certain conditions. Another risk is the Back-door
technique .
6. Sabotage and theft:Sabotage and theft
• Another form of theft relates to copying of programs & data in an organisation
.
• Theft of software is a major problem in the PC world where users often make
illegal copies of the programs rather than purchase the package themselves-
this practice is known as software piracy.
• The last category of computer theft covers the illegal use of computer time.
Computer hackers spend their time searching for networks to which they can
gain access.
• Having breached the security controls, they often browse around the
databases in the installation but can be may not do any damage. The only
crime that can be charged with is the theft of computer time.