Should Companies be Held Liable for Attacks on their Accounting Information Systems?
If a company has adequate security controls in place then they should not be held liable for losses sustained in a successful attack made on their Accounting Information System (AIS) by outside sources. If a company is negligent about security controls then they should be held liable for losses sustained in a successful attack on their AIS.
There are a variety of sources that threaten accounting information systems and if they are ignored then this can destroy the relevance and reliability of the financial information. [ (Wen, 2007) ] It is very important to establish security controls during the data collection process. During this process the transaction or event should be valid, complete and free from material errors. (Wen, 2007) An unauthorized user can pretend to be an authorized user, which is called masquerading. Another activity that hackers use during data collection is called piggybacking, which is tapping into the telecommunications lines. Companies need to establish security controls during this process so hackers can’t get into their accounting information system. Threats during the data processing phase can also occur. A few threats that can occur during this phase would include: creating illegal programs, accessing or deleting files, destroying or corrupting a program’s logic through viruses, or altering a program’s logic to cause the application to process data incorrectly. [ (Wen, 2007) ] Unauthorized access to database management could cause threats by altering, deleting, corrupting, destroying or stealing data. [ (Wen, 2007) ] A devastating loss of data could occur if the files aren’t properly backed up. An organization could damage their competitiveness or reputation during the information generation and reporting phase because theft, misdirection or misuse of the computer output. [...
Please join StudyMode to read the full document