EVALUATING SECURITY BREACHES
Legally, fraud is described as the misrepresentation of facts using words or by conduct or by concealment of what should have been disclosed that is intended to deceive a person so that the individual will act to their own injury. Commonly fraud is said to be the act of depriving a person of something by deceit involving misuse of funds or other resources or misappropriation of information. It is characterized by dishonest behaviors such as corruption, bribery, collusion, forgery, false representation, deception and concealment of information. Fraud typically costs the typical U.S. Company 6% of its annual revenues. This translates to over $660 billion each year. In the UK the National Fraud Authority puts its estimates at £25 billion in losses arising from fraud (Wells, 2011, p. 48).
While identifying internal fraud I would conceal my investigative process through two discrete ways. The first method would be by surveillance and through covert operations. This would be done by posing as a regular employee who’s been newly hired or transferred from another branch of the same organization. I would monitor and check on the areas that have red flags and hotspots like where one employee controls a process from start to finish or where there are huge discrepancies in accounts or transactions taking place at odd times.
The second method that I would use to conduct my investigations is through invigilation. This calls for keen understanding of several procedures like procurement procedures. Here I would be observing if fraud is occurring mainly by looking at behavioral patterns of the employees, making inquiries where I think there seems to be or there certainly is a red flag. Once I find a suspect I would zero-in on them so as to come up with tangible evidence.
There was an incident in 2005 known as the TJ Maxx incident where 45.7 million credit card numbers were revealed by data base attackers. In evaluating a security breach to corporations’ data base I would use software such as Analyst’s Notebook 14 or Xanalys Link Explorer. For evaluating a breach to employee credit cards I would use Intrusion Detection Systems (IDS) that show breaches that have occurred. A well-known example of credit card breach is the Card Systems security breach in which hackers stole 263,000 credit card numbers and also exposed about 40 million others (Bartow & Biegelman, 2006, p. 145). To evaluate breaches in corporate executive business accounts I would use oracle as well as EDS which prevent access or exposure of highly sensitive information.
Wells, J. (2011). Corporate Fraud Handbook. New Jersey: Wiley
Bartow, J. & Biegelman, M. (2006). Executive Roadmap to Fraud Prevention and Internal
Controls. New Jersey: Wiley