Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
SM 3.1
Chapter 3
COMPUTER CRIME, ETHICS, AND PRIVACY
Discussion Questions
3-1. Most experts agree with the claim that the known cases of cybercrime are just the tip
is reasonable to ask, "What are the really clever computer criminals doing?" Thus, there is every
total of all cybercrime.
3-2. Among the reasons why more cybercrime is not reported are the following:
1. It is not detected.
in private industry.
5. Some people consider certain practices unethical but not illegal. Thus, for example,
reported.
falls into a gray area.
greater than the gains from such reporting.
8. Many IT personnel are not fully aware of the laws governing computer usage, and
The matter of whether or not these reasons are valid is subjective. Currently, there is a debate in
result in better protection against it.
2. Disclosure will lead to better controls and a more informed, security-conscious society.
enforcement of the laws.
4. Ultimately, cybercrime injures the public at large. Therefore, the public has a right to
know about it.
SM 3.2
5. We must learn to use our technology in constructive ways. Philosophically speaking, we
must know about our environment, especially where technological abuse works against
the common good.
cybercrime that goes undetected and/or unreported. Other factors that suggest that cybercrime is
growing include:
potential for cybercrime to grow with it.
2. A large number of new computers are personal computers, netbooks, and hand-held
3. More is known about the successes of computer criminals than about the ways such
4. We believe that expenditures on computer security are growing much more slowly than
individuals, not companies.
7. The number of spam emails received by individuals is growing. This is actually illegal in
certain states and countries.
Losses from known cases of cybercrime have been much greater than the losses resulting from
other types of white-collar crime. From this we learn that the vulnerability of a typical
When reviewing specific cases of cybercrime, such as those presented in this chapter, one is
3-4. Students may strongly agree or disagree on this issue. However, the responses they
SM 3.3
on data that they might find on the Internet or data that might be available in their university
This topic can lead to a very lively classroom discussion if half of the students are required to
“support” the view that retailers have the right, and the other half of the students are required to
The protection of computer-based information rests upon the need to safeguard individual rights
to privacy. These rights include the protection of personal information when it is collected,
maintained, used, or distributed. The issue becomes increasingly important when some of these
evaluations, and medical records.
There is remarkably little that an individual can do to protect personalized information in health,
1. FAIR CREDIT REPORTING ACT OF 1970
a) access to the information
2. PRIVACY ACT OF 1974
any agency
b) to prevent his records from being used or made available to others without his
consent
SM 3.4
3. SUPREME COURT RULING OF GRISWOLD VERSUS CONNECTICUT
4. STATE LEGISLATION
Almost all states have now enacted computer crime laws of some type.
5. FREEDOM OF INFORMATION ACT OF 1970
6. COMPUTER SECURITY ACT OF 1987
This act requires more than 550 federal agencies to develop security plans for each
computer system that processes sensitive information.
7. NATIONAL ASSOCIATION OF STATE INFORMATION SYSTEMS (NASIS)
3-5. There were a number of factors favorable to the TRW employees in the commission
of their crime. Perhaps the most important was the fact that the change of information in the
Another factor that aided the participants was the lack of feedback checks which are so often a
natural part of other types of accounting information systems. For example, in an accounts
A final factor that helped TRW employees commit this crime was the seeming lack of internal
control on credit-changes in TRW's input operations. In particular, it appears that the input clerk
One control that might have prevented this cybercrime would be more stringent supervision in
the altering of credit information in TRW's files. For example, the company might have insisted
SM 3.5
Another control might be the maintenance of duplicate credit information by both TRW and the
credit-card companies. Although this procedure would be expensive, it has the advantage of
installing a feedback characteristic in TRW's credit operations which was obviously missing
despite such expense.
A number of similar cases of cybercrime fall into the category of “valuable information
computer abuse.” Examples include:
1. Industrial espionage cases, in which corporate budget plans, bidding data on forthcoming
program is desired
4. Student pilferage, in which one student steals an assignment from another
5. Extortion, in which the information stored on a company's files is threatened if the
company does not agree to the perpetrator's demands
6. Blackmail, in which computerized information will be revealed if payment is not made
3-6. As commonly used, hacking means gaining illegal or unauthorized access to
computers, computer networks, or computer files. To ensure anonymity, the typical hacker
accomplishes this from remote locations and with assumed identities. Some hackers gain little
financially from their activities, but instead seem to enjoy some psychological satisfaction by
can "hack."
Two major deterrents to hacking are (1) education and (2) prevention. Education includes
teaching students, employees, and the general public about computer ethics, helping them
understand how costly computer breaches can be to victim organizations, and making them
3-7. A computer virus is a program or subroutine that can replicate itself in other programs
or computer systems. Typically, viruses are also destructive, although a few "benign" viruses
have commandeered computer systems just long enough to display harmless messages before
returning control to the end user. The damage that can be caused by other virus programs can be
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
SM 3.6
3-8. As noted in the text, employees are not likely to be aware of the importance or cost of
cybercrime. Thus, educating employees about cybercrime laws, the telltale signs of cybercrime,
Although employees can be educated without the support of top management, most experts
agree that such support is critical to successful security programs. The education process itself
executives.
3-9. Given that the Internet is a medium of information exchange and a free market,
almost any crime that can be committed in a physical venue can also be committed in an
Internet provides perpetrators the critical anonymity they need to execute these forms of
cybercrime.
such recourses also vary widely.
3-10. Ethical behavior means acting in accord with standards of moral conduct. Examples
of ethical behavior within AIS environments include protecting confidential information, being
educational settings
3. Teaching by example
At one of the author’s universities, the student judicial office keeps lists of students caught
cheating. If the instructor wishes, a student caught cheating can be asked to attend one or more
