Information system has been playing a grave essential role in daily business activities. Over the past decade, the detection rate of computer crimes concerning information system attacks has risen sharply. According to Kunz and Wilson (2004), reported computer crimes have been septupled from 2000 to 2003 and leads to inestimable economic loss. Therefore, themes on information security, especially the prevention of computer fraud, have attracted increasingly attentions (Romney and Steinbart, 2009). However, it seems that perpetrators can always find new techniques to theft invaluable business secrets stored, processed or protected by those information systems. Moreover, some abuse techniques have been used in economic espionage, which causes a yearly loss of $250 billion (ibid). Oracle Corp vs. SAP AG could be one of the relating cases occurred in the recent 2007 and is not yet closed till present. This essay will firstly introduce the Case. Then by using Fraud Triangle, analyze the reason of SAP’s commitment of computer fraud and data theft. Finally, suggestions on how to improve the security of company’s information system will be addressed with some reflections of the Case.
It has been reported that the world’s software giant SAP AG was sued by its largest competitor, Oracle Corporation, for computer fraud and data theft in March 2007 (Anon, 2010). In the Complaint, Oracle Corporation (2007) stated that in November 2006, unusual heavy download activities were spotted on Customer Connection, a website Oracle used to serve its customers. The uncovered access originated from an IP address in one of SAP’s braches with log-in IDs of PeopleSoft and J.D. Edwards customers. It is discovered later that TomorrowNow and SAP TN, two SAP subsidiaries, committed a series of unauthorized access to Oracle’s customer service system and more than 10,000 illegal download activities. Mass of important materials, including copyrighted software codes and confidential documents was theft. In this way, SAP was capable of establishing a service library for PeopleSoft and J.D. Edwards products, and launched a marketing campaign to snatch Oracle’s customers. The fraud resulted in Oracle’s 120 copyrights infringed and posed the threats of losing 358 customers (Kawamoto, 2007). On 24 November 2010, the U.S. Federal District Court for Northern California announced that Oracle won the Case with SAP liable for $1.3 billion compensation. As Slappendel (2010) points out, this is the largest amount ever awarded in copyright infringement cases. The core reason may lies that the verdict is based upon the fair market value of the licenses for utilizing those resources instead of Oracle’s profit loss. After the verdict, SAP’s stock price has been falling significantly and TomorrowNow had to be shut down (Anon, 2011; Team, 2010). Although SAP accepted the liability and apologized for its inappropriate behavior, the company has been arguing that the penalty was contrary to the reality of the damage caused by the fraud (Margan, 2011). It is also reported that SAP has filed motions to the Court and therefore SAP’s computer fraud case does not seem to end at present.
The action of data theft has brought unnecessary troubles to both SAP and Oracle. In order to prevent computer fraud effectively, it is essential to fully examine the reason of SAP’s behavior. Fraud Triangle will be used as an analysis tool. It is estimated by Romney and Steinbart (2009) that Fraud Triangle consists of the three normal conditions for fraud to occur: pressures, opportunities and rationalizations. Figure 1 shown below is a brief summary of Fraud Triangle in the Case.
5. Homely meals in
FIGURE 1 FRAUD TRIANGLE OF SAP
2. Oracle’s insufficient security management
4. Theft by other companies
(i.e. Siebel Systems) before
1. Financial - fierce competition in the market
3. Few evidence – may not be...
Please join StudyMode to read the full document