HOW TO PREVENT, DETECT AND COMBAT BUSINESS FRAUD AND TECHNOLOGY AND INFRASTRUCTURE ABUSE
- MAP-47
-
- Best
Strategies and Practices and an Action Plan to Secure Your Organization Against Business
and Technology Fraud and Attacks
THE PERVASIVE NATURE OF THE PROBLEM
Business
and government organizations worldwide are being subject to a rash of conventional
business and high-tech fraud, systems abuse and infrastructure attack incidents. Recent
statistics indicate that all types of industries: finance, manufacturing, universities and
government organizations have seen an increase in the number of incidents in the year 2000
with increasing amount of losses.
The
advent of the Internet and electronic commerce has aggravated this situation as very new
novel forms of infrastructure attacks are now occurring such that new words had to be
coined to describe some of these adverse events: "cyber attacks" and even
literally international "cyber wars" between warring factions, such as Israelis
and Palestinians destroying each other's Web sites and, more recently, Chinese and
American hackers starting a Web site destruction war as a result of the recent
surveillance plane incident.
THE INADEQUACIES OF PRESENT ANTIFRAUD AND ASSET PROTECTION PROGRAMS
Conventional programs to forestall and combat fraud an abuse are
totally inadequate to harness the whole array of conventional and new sophisticated fraud
and abuse attacks.
They
are deficient for these reasons:
Ø They are based on outdated methods used for very traditional funds theft and
accounting data manipulation, which although still important, their impact pales by
comparison to the adverse impact that modern forms of business systems and company
infrastructure attacks could inflict, which may paralyze a business.
Ø Traditional fraud and abuse control programs are highly insular, and thrusted
mainly on the company's audit and security functions, thereby lacking the aggregate and
encompassing view that effective fraud and abuse control programs require.
Ø The traditional view of what constitutes fraud and abuse is appallingly
narrow and near-sighted as it fails to consider the broad array of incidents that should
be placed under the fraud protection umbrella.
Ø Fraud
control programs are typically elaborated in a fashion reminiscent of how chickens pick
their grains of corn. They are not based on sound risk management principles that force
companies to arrive at the most business critical and fraud-prone processes that ought to
be the primary target of a well-conceived fraud and abuse control program.
Ø
Present
fraud control and risk management programs fail to involve all the functional units of an
organization that ought to actively participate in the elaboration and operation of the
protection program
THE STAKES ARE HIGH - A
TOP-DOWN ENCOMPASSING PROGRAM IS NEEDED
Too much is at stake, and with the advent of the Internet and Internet-based
business processes and electronic commerce, there is a major need to overhaul our view of
systems fraud and abuse and to develop new fraud control programs that take a top-down,
coordinated and enterprise-wide approach to preventing, combating and detecting fraud and
abuse incidents and to mitigating the adverse impact of those incidents that cannot be
prevented, instead of using the outdated bottom-up, project by project approach of past
decades.
WHAT THIS MANUAL PROVIDES YOU
This
manual is designed to help you revamp your view of fraud and abuse and select effective
control strategies to effectively deal the contemporaneous environment that modern
organization in all industries operate today.
It provides you with a top-down methodology to engineer new anti fraud and abuse controls and infrastructure attacks safeguard program to protect your organization against the whole array of fraud and abuse attacks that companies are being subject to in today's environment.
It also provides key strategies for combating fraud and a detailed "Plan
of Action" that covers the fraud prevention, combating and detection program from
inception to implementation and management. It
even includes action steps to handle the transition period in the aftermath of an
embarrassing and damaging attack.
Senior
executives, managers, CIOs, CFOs, controllers, security and auditing professionals,
quality of service specialists, line managers, risk managers and consultants and any
person concerned with protecting their company's assets and infrastructure should have a
copy of this unique manual.
The
manual is written
by practitioners for practitioners and its contents are based on the authors'
wealth of real-world expertise from advising management, audit, security and organizations
line managers improve their asset infrastructure protection programs.
CONTENTS
ISBN: 0-940706-53-9
Preface
1.
BACKGROUND
ON FRAUD AND ABUSE
1.1 The Pervasiveness of Fraud and Abuse Incidents in Business Organizations
1.2 Some Recent Statistics on Fraud
and Abuse
1.3 Several Nations Join to Fight
Internet Consumer Fraud
1.4
Additional
Details on the Annual FBI/Computer Security Institute Computer
Crime
1.5
Present
Control Efforts With Scattered Measures and Merely Technical Controls Are Ineffectual
1.6 The
FBI’s Interest In Combating Fraud and Abuse Jointly with The Private Sector
1.7 Types of Fraud and Abuse
1.8 Techno Fraud and Infrastructure
Attacks
1.9 An Aggregate View of Business and
Techno Fraud
1.10 Chapter Summary
2.
THE
ENVIRONMENT AND CONDITIONS THAT NURTURE THE POTENTIAL FOR FRAUD AND FRAUD INDICATORS
2.1
Conditions
that Can Lead to Fraud and Abuse and Indicators of Fraud
2.2 List of Conditions that May Lead
to Fraud and Infrastructure Attacks
3.
THE INADEQUACIES OF PRESENT APPROACHES TO CONTROLLING FRAUD
3.1 The Present Ineffective, Insular
and Scattered Approach to Controlling and Combating Fraud
and Abuse
3.2 The Adverse Impact and Cost of
Failing to Control and Harness Fraud and Abuse Incidents
3.3 The Need for New Approaches to
Prevent, Combat and Detect Fraud and Abuse
4. A TOP DOWN APPROACH TO EFFECTIVELY CONTROL FRAUD AND ABUSE THAT INVOLVES THE WHOLE ENTERPRISE
4.1 Need for a Top Down Approach to
Addressing the Business Fraud and Abuse Problem
4.2 Hierarchy in the Development of an
Anti-Fraud Program
4.3 Selection of the Management
Philosophy and Policy to Deal with Fraud
4.4
Selecting
Control Strategies that Fit Under the Control Philosophy Articulated by
4.5 Chapter Summary
5. SUCCESS FACTORS FOR CONTROLLINGAND COMBATTING FRAUD AND ABUSE
5.1
Success
Factors in Developing Effective Anti-Fraud and Abuse Programs
5.2 Key Elements or Success Factors to
Consider in Anti-fraud Programs
5.3 Considering All the Success
Factors Will Ensure that Your Program Bears Fruit
6.
THE
USE OF STRATEGIES IN FORMULATING FRAUD CONTROL PROGRAMS
6.1
The
Propensity to Think Terms of Only Preventive and Detective Control Strategies
6.2
The
Value of Thinking in Terms of Strategies for Unstructured or Relatively Undefined
Situations Long Before Getting Involved with Techniques
6.3 A Cadre of Control Strategies for
Harnessing Fraud and Abuse
6.3
Hierarchy
in the Development of Control Solutions Using Control Strategies as a Starting
6.5
Developing
a Matrix that Relates Control Strategies to Specific or Detailed Control Techniques
or Solutions
7.
DEVELOPING
A PROFILE OF HIGHEST RISK BUSINESS PROCESSES AND DOMAIN THAT SHOULD RECEIVE TOP PRIORITY
7.1
Focusing
on the Most Critical Business Processes and Supporting Infrastructure as a Basis
to Allocate Precious Resources
7.2 Diagramming the Key Business
Processes and Supporting Infrastructure
7.3 A Practical Methodology for
Arriving at the Most Important Mission Critical Processes
7.4
A
Methodology for Determining the Processes or Supporting Systems that are High Candidates for Fraud, Abuse and Destructive Attacks
8.
A
RISK ASSESSMENT METHODOLOGY TO IDENTIFY HIGH IMPACT THREATS AND TO MAP THE HIGHEST EXPOSURE AREAS
8.1 The Need for a Compass to Navigate
our Way Through the Maze of Fraud Potential
8.2 The Purpose of this Chapter
8.3 Risk Analysis Definition
8.4 Risk Analysis Terminology
8.5 A General Methodology for Risk
Analysis
8.6 Major Sources of Fraud and Abuse
Threats
8.7 Documentation Form for the
Threat and Risk Analysis
8.8 Mapping Risk and Impact to Obtain
the Profile of Threats with the Highest Exposure
8.9 Illustration of Completed Risk
Analysis Forms
8.10 Articulating Fraud Reduction Objectives
and Selecting Safeguard to Meet the Objectives
8.11 Developing
Scenarios for the Highest Risk Threats
9
DETAILED PLAN OF
ACTION FOR HARNESSING BUSINESS AND TECHNO FRAUD
9.1 The Need for a Detailed Plan of
Action
9.2 Illustration of a Sample Plan of
Action to Address Business Fraud and Infrastructure Abuse
9.3. Methodology for Preparing the Plan of
Action and an Illustration of the Contents of Plan
9.4 Additional Sample of Plans of
Action
10. NEW
SOURCES OF FRAUD AND ABUSE FROM CHANGES IN BUSINESS PRACTICES
10.1 New
Business Practices and Technologies Will Surely Provide New Sources of Fraud for Ingenious
Fraudsters
10.2 The
Great Move to Set Up Customer-Centric
Business Processes to Increase Customer Service
Managing
Intellectual
Capital
Electronic
Commerce
Mobile
Computing and Remote Users
10.3 Adoption of New Information Technologies that
Will Impact the Potential for Fraud
10.4 The Threat of Attacks on a Country’s
Infrastructure
10.5 Conclusion
APPENDIX
A. Literature
References
B. Glossary
of Terms
C. Index
Ring
bound - 150 pages of 8 1/2 x 11 format
HOW
TO ORDER
Price:
$250 per copy plus $ 10 postage in the US.
For
overseas orders add $30 for airmail postage.
All
orders must be accompanied by payment. Credit
cards are not accepted.
Click
the ORDER FORM
below and send it with your payment to:
MANAGEMENT
ADVISORY PUBLICATIONS
57
Greylock Road -P.O. Box 81151
Overseas
orders, if you prefer to wire funds, inquire for bank routing address