Carol L. Cook
When you use a computer, it is possible that data can be lost because of hardware or software damage. Since the computer has no judgement of its own, it does not pick up on errors as a human being does. There can be loss of data due to accidents like fire etc.. There can be loss of data or change of data due to fraud or embezzlement. There can be loss or unavailability of data due to loss of staff. Inaccurate data may be due to clerical error or mistakes in programming.
Total security is economically unachievable and some failures must be expected. The right level of expenditure on security measures will minimize the sum of the cost of the measures and the expected loss. There will always be some risks that are best shared through insurance, rather than prevented or avoided.
Much computer-related crime is opportunist: people who were not seeking any advantage had temptation thrust under their noses. Copies of computer printouts get mis-directed, or thrown in a waste paper basket in a public place. Magnetic tapes from bankrupt companies have been sold with data still on them. Often a programming error reveals a system flaw: someone who by chance reads a magnetic tape file that he should have been writing discovers interesting data on it.
Sabotage, vandalism, malicious damage, and arson tend to be even more destructive than the Acts of God they emulate. Political and industrial action, riots and civil commotions, may not be aimed specifically at the computer but they can be very effective in preventing its operation.
Fraud and embezzlement are usually achieved on a computer system by altering data or programs. There are numerous techniques, varying from additions and deletions to input data, through changing the standing information files, modifying the behavior of programs, to duplicating or suppressing output. Although most frauds that have been reported had gone on for some time, it could be that ‘one shot’ frauds have been more frequent but more often escape detection.
Eavesdropping and stealing information by tapping telecommunications lines requires the sort of technical skill which is very widely available (to the surprise of those without technical education). It is possible to emulate a legitimate user of a system, or discover his password through trickery or as the result of carelessness, and thus have access to the information he would have, such access can be very important for setting up more profitable operations, such as taking money out of little used bank accounts, or concealing changes made in files. There are other ways of trespassing, without using wire tapping. For example, the magnetically encoded cards often used as keys to systems can be copies and altered, giving the villain access to credit, cash or other valuable assets.
Wherever a computer is used to handle an organization’s accounts, it can be used as a means of attacking the funds it controls. In most computerized bookkeeping systems, it is the computer which effectively causes credit transfer; so by establishing false accounts, or diverting some of the contents of the real ones, credit can reach a false beneficiary. The system can also be used to conceal a change in the cost, or the illegitimate acquisition or the destruction of tangible goods and services.