978-1118742938 Chapter 3 Part 1

Unlock access to all the studying documents.

View Full Document

Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman

SM 3.1

Chapter 3

COMPUTER CRIME, ETHICS, AND PRIVACY

Discussion Questions

3-1. Most experts agree with the claim that the known cases of cybercrime are just the tip

is reasonable to ask, “What are the really clever computer criminals doing?” Thus, there is every

total of all cybercrime.

3-2. Among the reasons why more cybercrime is not reported are the following:

1. It is not detected.

in private industry.

5. Some people consider certain practices unethical but not illegal. Thus, for example,

reported.

falls into a gray area.

greater than the gains from such reporting.

8. Many IT personnel are not fully aware of the laws governing computer usage, and

The matter of whether or not these reasons are valid is subjective. Currently, there is a debate in

result in better protection against it.

2. Disclosure will lead to better controls and a more informed, security-conscious society.

enforcement of the laws.

4. Ultimately, cybercrime injures the public at large. Therefore, the public has a right to

know about it.

SM 3.2

5. We must learn to use our technology in constructive ways. Philosophically speaking, we

must know about our environment, especially where technological abuse works against

the common good.

cybercrime that goes undetected and/or unreported. Other factors that suggest that cybercrime is

growing include:

potential for cybercrime to grow with it.

2. A large number of new computers are personal computers, netbooks, and hand-held

3. More is known about the successes of computer criminals than about the ways such

4. We believe that expenditures on computer security are growing much more slowly than

individuals, not companies.

7. The number of spam emails received by individuals is growing. This is actually illegal in

certain states and countries.

Losses from known cases of cybercrime have been much greater than the losses resulting from

other types of white-collar crime. From this we learn that the vulnerability of a typical

When reviewing specific cases of cybercrime, such as those presented in this chapter, one is

3-4. Students may strongly agree or disagree on this issue. However, the responses they

SM 3.3

on data that they might find on the Internet or data that might be available in their university

This topic can lead to a very lively classroom discussion if half of the students are required to

“support” the view that retailers have the right, and the other half of the students are required to

The protection of computer-based information rests upon the need to safeguard individual rights

to privacy. These rights include the protection of personal information when it is collected,

maintained, used, or distributed. The issue becomes increasingly important when some of these

evaluations, and medical records.

There is remarkably little that an individual can do to protect personalized information in health,

1. FAIR CREDIT REPORTING ACT OF 1970

a) access to the information

2. PRIVACY ACT OF 1974

any agency

b) to prevent his records from being used or made available to others without his

consent

SM 3.4

3. SUPREME COURT RULING OF GRISWOLD VERSUS CONNECTICUT

4. STATE LEGISLATION

Almost all states have now enacted computer crime laws of some type.

5. FREEDOM OF INFORMATION ACT OF 1970

6. COMPUTER SECURITY ACT OF 1987

This act requires more than 550 federal agencies to develop security plans for each

computer system that processes sensitive information.

7. NATIONAL ASSOCIATION OF STATE INFORMATION SYSTEMS (NASIS)

3-5. There were a number of factors favorable to the TRW employees in the commission

of their crime. Perhaps the most important was the fact that the change of information in the

Another factor that aided the participants was the lack of feedback checks which are so often a

natural part of other types of accounting information systems. For example, in an accounts

A final factor that helped TRW employees commit this crime was the seeming lack of internal

control on credit-changes in TRW’s input operations. In particular, it appears that the input clerk

One control that might have prevented this cybercrime would be more stringent supervision in

the altering of credit information in TRW’s files. For example, the company might have insisted

SM 3.5

Another control might be the maintenance of duplicate credit information by both TRW and the

credit-card companies. Although this procedure would be expensive, it has the advantage of

installing a feedback characteristic in TRW’s credit operations which was obviously missing

despite such expense.

A number of similar cases of cybercrime fall into the category of “valuable information

computer abuse.” Examples include:

1. Industrial espionage cases, in which corporate budget plans, bidding data on forthcoming

program is desired

4. Student pilferage, in which one student steals an assignment from another

5. Extortion, in which the information stored on a company’s files is threatened if the

company does not agree to the perpetrator’s demands

6. Blackmail, in which computerized information will be revealed if payment is not made

3-6. As commonly used, hacking means gaining illegal or unauthorized access to

computers, computer networks, or computer files. To ensure anonymity, the typical hacker

accomplishes this from remote locations and with assumed identities. Some hackers gain little

financially from their activities, but instead seem to enjoy some psychological satisfaction by

can “hack.”

Two major deterrents to hacking are (1) education and (2) prevention. Education includes

teaching students, employees, and the general public about computer ethics, helping them

understand how costly computer breaches can be to victim organizations, and making them

3-7. A computer virus is a program or subroutine that can replicate itself in other programs

or computer systems. Typically, viruses are also destructive, although a few “benign” viruses

have commandeered computer systems just long enough to display harmless messages before

returning control to the end user. The damage that can be caused by other virus programs can be

Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman

SM 3.6

3-8. As noted in the text, employees are not likely to be aware of the importance or cost of

cybercrime. Thus, educating employees about cybercrime laws, the telltale signs of cybercrime,

Although employees can be educated without the support of top management, most experts

agree that such support is critical to successful security programs. The education process itself

executives.

3-9. Given that the Internet is a medium of information exchange and a free market,

almost any crime that can be committed in a physical venue can also be committed in an

Internet provides perpetrators the critical anonymity they need to execute these forms of

cybercrime.

such recourses also vary widely.

3-10. Ethical behavior means acting in accord with standards of moral conduct. Examples

of ethical behavior within AIS environments include protecting confidential information, being

educational settings

3. Teaching by example

At one of the author’s universities, the student judicial office keeps lists of students caught

cheating. If the instructor wishes, a student caught cheating can be asked to attend one or more