HOW TO PREVENT, DETECT AND COMBAT BUSINESS FRAUD AND TECHNOLOGY AND INFRASTRUCTURE ABUSE

- MAP-47 - NEW - 2001

-        Best Strategies and Practices and an Action Plan to Secure Your Organization Against Business and Technology Fraud and Attacks

  THE PERVASIVE NATURE OF THE PROBLEM

Business and government organizations worldwide are being subject to a rash of conventional business and high-tech fraud, systems abuse and infrastructure attack incidents. Recent statistics indicate that all types of industries: finance, manufacturing, universities and government organizations have seen an increase in the number of incidents in the year 2000 with increasing amount of losses.

The advent of the Internet and electronic commerce has aggravated this situation as very new novel forms of infrastructure attacks are now occurring such that new words had to be coined to describe some of these adverse events: "cyber attacks" and even literally international "cyber wars" between warring factions, such as Israelis and Palestinians destroying each other's Web sites and, more recently, Chinese and American hackers starting a Web site destruction war as a result of the recent surveillance plane incident.

THE INADEQUACIES OF PRESENT ANTIFRAUD AND ASSET PROTECTION PROGRAMS

 Conventional programs to forestall and combat fraud an abuse are totally inadequate to harness the whole array of conventional and new sophisticated fraud and abuse attacks. 

They are deficient for these reasons:

      They are based on outdated methods used for very traditional funds theft and accounting data manipulation, which although still important, their impact pales by comparison to the adverse impact that modern forms of business systems and company infrastructure attacks could inflict, which may paralyze a business.

      Traditional fraud and abuse control programs are highly insular, and thrusted mainly on the company's audit and security functions, thereby lacking the aggregate and encompassing view that effective fraud and abuse control programs require.

     The traditional view of what constitutes fraud and abuse is appallingly narrow and near-sighted as it fails to consider the broad array of incidents that should be placed under the fraud protection umbrella.

      Fraud control programs are typically elaborated in a fashion reminiscent of how chickens pick their grains of corn. They are not based on sound risk management principles that force companies to arrive at the most business critical and fraud-prone processes that ought to be the primary target of a well-conceived fraud and abuse control program.

      Present fraud control and risk management programs fail to involve all the functional units of an organization that ought to actively participate in the elaboration and operation of the protection program

 THE STAKES ARE HIGH - A TOP-DOWN ENCOMPASSING PROGRAM IS NEEDED

Too much is at stake, and with the advent of the Internet and Internet-based business processes and electronic commerce, there is a major need to overhaul our view of systems fraud and abuse and to develop new fraud control programs that take a top-down, coordinated and enterprise-wide approach to preventing, combating and detecting fraud and abuse incidents and to mitigating the adverse impact of those incidents that cannot be prevented, instead of using the outdated bottom-up, project by project approach of past decades.

  WHAT THIS MANUAL PROVIDES YOU

This manual is designed to help you revamp your view of fraud and abuse and select effective control strategies to effectively deal the contemporaneous environment that modern organization in all industries operate today.

It provides you with a top-down methodology to engineer new anti fraud and abuse controls and infrastructure attacks safeguard program to protect your organization against the whole array of fraud and abuse attacks that companies are being subject to in today's environment.

It also provides key strategies for combating fraud and a detailed "Plan of Action" that covers the fraud prevention, combating and detection program from inception to implementation and management.  It even includes action steps to handle the transition period in the aftermath of an embarrassing and damaging attack.

Senior executives, managers, CIOs, CFOs, controllers, security and auditing professionals, quality of service specialists, line managers, risk managers and consultants and any person concerned with protecting their company's assets and infrastructure should have a copy of this unique manual.

The manual is written by practitioners for practitioners and its contents are based on the authors' wealth of real-world expertise from advising management, audit, security and organizations line managers improve their asset infrastructure protection programs. 

CONTENTS                                                                                     ISBN:  0-940706-53-9

Preface        

1.              BACKGROUND ON FRAUD AND ABUSE

1.1     The Pervasiveness of Fraud and Abuse Incidents in Business Organizations

1.2     Some Recent Statistics on Fraud and Abuse     

1.3     Several Nations Join to Fight Internet Consumer Fraud      

1.4          Additional Details on the Annual FBI/Computer Security Institute Computer Crime and Fraud Survey              

1.5          Present Control Efforts With Scattered Measures and Merely Technical Controls Are Ineffectual

1.6     The FBI’s Interest In Combating Fraud and Abuse Jointly with The Private Sector              

1.7     Types of Fraud and Abuse               

1.8     Techno Fraud and Infrastructure Attacks             

1.9     An Aggregate View of Business and Techno Fraud   

1.10   Chapter Summary          

2.             THE ENVIRONMENT AND CONDITIONS THAT NURTURE THE POTENTIAL FOR FRAUD AND FRAUD INDICATORS

2.1          Conditions that Can Lead to Fraud and Abuse and Indicators of Fraud   

2.2     List of Conditions that May Lead to Fraud and Infrastructure Attacks             

3.      THE INADEQUACIES OF PRESENT APPROACHES TO CONTROLLING FRAUD AND ABUSE

3.1     The Present Ineffective, Insular and Scattered Approach to Controlling and Combating Fraud and Abuse     

3.2     The Adverse Impact and Cost of Failing to Control and Harness Fraud and Abuse Incidents  

3.3     The Need for New Approaches to Prevent, Combat and Detect Fraud and Abuse      

4.      A TOP DOWN APPROACH TO EFFECTIVELY CONTROL FRAUD AND ABUSE THAT INVOLVES THE WHOLE ENTERPRISE

4.1     Need for a Top Down Approach to Addressing the Business Fraud and Abuse Problem  

4.2     Hierarchy in the Development of an Anti-Fraud Program  

4.3     Selection of the Management Philosophy and Policy to Deal with Fraud       

4.4          Selecting Control Strategies that Fit Under the Control Philosophy Articulated by Management    

4.5     Chapter Summary         

5.              SUCCESS FACTORS FOR CONTROLLINGAND COMBATTING FRAUD AND ABUSE

5.1          Success Factors in Developing Effective Anti-Fraud and Abuse Programs

5.2     Key Elements or Success Factors to Consider in Anti-fraud Programs 

5.3     Considering All the Success Factors Will Ensure that Your Program Bears Fruit       

6.              THE USE OF STRATEGIES IN FORMULATING FRAUD CONTROL PROGRAMS

6.1          The Propensity to Think Terms of Only Preventive and Detective Control Strategies to Harness Fraud and Abuse       

6.2          The Value of Thinking in Terms of Strategies for Unstructured or Relatively Undefined Situations Long Before Getting Involved with Techniques             

6.3     A Cadre of Control Strategies for Harnessing Fraud and Abuse               

6.3          Hierarchy in the Development of Control Solutions Using Control Strategies as a Starting Point      

6.5          Developing a Matrix that Relates Control Strategies to Specific or Detailed Control Techniques or Solutions   

7.             DEVELOPING A PROFILE OF HIGHEST RISK BUSINESS PROCESSES AND DOMAIN THAT SHOULD RECEIVE TOP PRIORITY

7.1          Focusing on the Most Critical Business Processes and Supporting Infrastructure as a Basis to Allocate Precious Resources        

7.2     Diagramming the Key Business Processes and Supporting Infrastructure

7.3     A Practical Methodology for Arriving at the Most Important Mission Critical Processes        

7.4          A Methodology for Determining the Processes or Supporting Systems that are High Candidates for Fraud, Abuse and Destructive Attacks             

8.              A RISK ASSESSMENT METHODOLOGY TO IDENTIFY HIGH IMPACT THREATS AND TO MAP THE HIGHEST EXPOSURE AREAS 

8.1     The Need for a Compass to Navigate our Way Through the Maze of Fraud Potential 

8.2     The Purpose of this Chapter             

8.3     Risk Analysis Definition          

8.4     Risk Analysis Terminology     

8.5     A General Methodology for Risk Analysis   

8.6     Major Sources of Fraud and Abuse Threats  

8.7     Documentation Form for the Threat and Risk Analysis   

8.8     Mapping Risk and Impact to Obtain the Profile of Threats with the Highest Exposure          

8.9     Illustration of Completed Risk Analysis Forms               

8.10   Articulating Fraud Reduction Objectives and Selecting Safeguard to Meet the Objectives        

8.11   Developing Scenarios for the Highest Risk Threats             

9       DETAILED PLAN OF ACTION FOR HARNESSING BUSINESS AND TECHNO FRAUD AND ABUSE

9.1     The Need for a Detailed Plan of Action   

9.2     Illustration of a Sample Plan of Action to Address Business Fraud and Infrastructure Abuse               

9.3.    Methodology for Preparing the Plan of Action and an Illustration of the Contents of Plan Modules  

9.4     Additional Sample of Plans of Action     

10.    NEW SOURCES OF FRAUD AND ABUSE FROM CHANGES IN BUSINESS PRACTICES AND NEW                       TECHNOLOGIES

10.1      New Business Practices and Technologies Will Surely Provide New Sources of Fraud for Ingenious Fraudsters       

10.2      The Great Move to Set Up Customer-Centric Business Processes to Increase Customer Service   

Globalization of Business 

         Managing Intellectual Capital                      

Electronic Commerce             

Mobile Computing and Remote Users    

Strategic Alliances With Third Parties    

Outsourcing Via Application Service Providers (ASPs)   

Outsourcing of Security Services  

10.3   Adoption of New Information Technologies that Will Impact the Potential for Fraud   

10.4   The Threat of Attacks on a Country’s Infrastructure    

10.5    Conclusion      

APPENDIX

A.      Literature References

B.      Glossary of Terms

C.      Index

Ring bound - 150 pages of 8 1/2 x 11 format

HOW TO ORDER

Price: $250 per copy plus $ 10 postage in the US.

For overseas orders add $30 for airmail postage. 

All orders must be accompanied by payment.  Credit cards are not accepted.

Click the ORDER FORM below and send it with your payment to:

MANAGEMENT ADVISORY PUBLICATIONS

57 Greylock Road -P.O. Box 81151 - Wellesley Hills, MA 02481-0001                                                                     Voice: (781) 235-2895            Fax: (781) 235-5446

Overseas orders, if you prefer to wire funds, inquire for bank routing address

PUBLICATIONS ORDER FORM