Module 12: Computer Fraud and Cybersecurity Risks

Cybersecurity

Protecting systems, networks, and data from unauthorized access, attack, or damage, particularly in environments where sensitive information is stored and processed

How does cybersecurity relate to fraud prevention and internal control within Accounting Information Systems?

It protects Accounting Information Systems (AIS) from threats such as data theft, system manipulation, and unauthorized access, ensuring data integrity, confidentiality, and availability

Role-Based Access Control (RBAC)

Assigns system permissions based on an individual’s job role rather than user-by-user access, simplifying management and supporting segregation of duties

Least-Privilege

Users should be granted the minimum level of access necessary to perform their duties—no more, no less

Discretionary Authorization Model

Access is controlled by the data owner

Role-Based Authorization Model

Access is based on job roles

Mandatory Authorization Model

Access is based on classification levels and enforced by the system

When are controls appropriate?

They:

• Limit Access

• Enforce Segregation of Duties

• Reduce the risk of unauthorized actions or data exposure

Malware

Software designed to infiltrate or damage systems

Types of Malware

• Viruses

• Worms

• Trojans

Viruses

Malware that attach to legitimate files and spread through user interaction

Worms

Malware that replicate autonomously across networks

Trojans

Malware that disguise themselves as legitimate programs but perform harmful actions in the background

Keyloggers

Spyware that records keystrokes to capture sensitive information such as login credentials

Distributed Denial of Services (DDos)

An attack that overwhelms a system with excessive traffic using multiple compromised systems, rendering it unavailable

Social Engineering

Uses deception or psychological manipulation to influence individuals into revealing confidential information or performing actions.

SQL Injection

A code injection technique that manipulates input fields to execute unauthorized database commands

Replay Attacks

Intercepting and retransmitting valid data to gain unauthorized access or repeat a transaction

Zero-Day Exploits

Targets an undisclosed vulnerability for which no patch or fix is available

Spoofing

Disguising identity to gain unauthorized access or deceive users, such as email or IP spoofing

Pump-and-Dump Schemes

Artificially inflates asset prices using false information, followed by a sell-off by manipulators

Layered-Security/Defense-in-Depth

A security strategy that implements multiple, overlapping controls so that if one control fails, others still protect the system

Zero-Trust

Based on “never trust, always verify,” requiring continuous verification of users and systems

How does redundancy and diversity in controls reduce the likelihood of successful cybersecurity?

By ensuring multiple independent layers of protection, preventing a single point of failure

Google Data Centers — Examples of Physical Controls

• Perimeter fencing and secure boundaries

• Vehicle crash barriers

• Surveillance cameras (including thermal monitoring)

• Biometric authentication (e.g., iris scanning)

• RFID access badges / access control checkpoints

• Secure hardware destruction (e.g., hard drive shredding)

Encryption

The process of converting plaintext into ciphertext using an algorithm and a key

Symmetric Encryption

Uses the same key for encryption and decryption

Asymmetric Encryption

Uses a public key for encryption and a private key for decryption

Quantum Computing

Can solve complex mathematical problems much faster, potentially breaking current encryption methods

SNDL (Store Now, Decrypt Later)

When attackers store encrypted data now and decrypt it later when quantum capabilities improve

NIST

Developing post-quantum encryption standards to address future cybersecurity risks

Blockchain Technology — Definition

A digital ledger that records transactions in a secure, transparent, and unalterable way across multiple nodes

Blockchain Technology — How does it operate in a distributed ledger system?

• Transactions are broadcast to a network

• Grouped into blocks

• Verified through consensus mechanisms

• Added to the chain as a permanent record

Blockchain Technology — Key Security Features

• Immutability

• Consensus

• Transparency

Blockchain Technology — Immutability

Transactions cannot be altered once recorded

Blockchain Technology — Consensus

Network agreement validates transactions

Blockchain Technology — Transparency

Transaction history is visible across the network

Blockchain Technology — Proof of Work

Requires solving complex mathematical problems

Blockchain Technology — Proof of Stake

Validates transactions based on ownership/stake in the network

Blockchain Technology — Double-Spend Problem

The risk that a digital asset could be duplicated and spent more than once (which blockchain prevents through consensus and immutable records)

What are the risks associated with blockchain and cryptocurrency?

• Fraud schemes (e.g., pump-and-dump)

• Lack of regulation in cryptocurrency markets

• Potential manipulation of transactions or asset values

What can a 51% attack accomplish?

• Double-spend transactions

• Delay or censor transactions

• Force chain reorganization

What can a 51% NOT accomplish?

• Creation of new coins

• Alteration of past transactions

• Access other users’ funds directly