IMPLICATIONS FOR COMPUTERIZED ACCOUNTING INFORMATION SYSTEM
Along with the growth of computerized accounting information system (CAIS), the threats to the security of these systems have also grown. One such threat is hacking. In the recent years hacking has become a serious concern for businesses. Although, most hackers claim that they indulge in this activity for intellectual challenge, this is not always the case. In this paper we learn that hackers attempt to bypass the security mechanism of information systems not only for the thrill of learning, but also for the malicious intent of gathering information for gain. HACKING
Hacking is commonly used to refer to forms of trespass against a computer belonging to someone else. As per Infosec, a website devoted to information security "Hacking means illegally accessing other people's computer systems for destroying, disrupting or carrying out illegal activities on the network or computer systems". Digitalguards defines it as, "Unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network".
At first, "hacker" was a positive term for a person with an expertise in computers who could push programs beyond what they were designed to do. Hacking has been around pretty much since the development of the first electronic computers. In 1960s, the first computer hackers emerged at MIT. University facilities with huge mainframe computers became breeding ground for hackers. In 1970s, phreaks broke into phone networks to make free calls. In the next decade, phone phreaks began to move into the territory of computer hacking, and the electronic bulletin board systems (BBSs) came into being. Hacking groups began to form. Among the first were Legion of Doom in the United States, and Chaos Computer Club in Germany. In the last decade, with the advent of internet, hackers moved all the hacking related information from old BBSs to new hacker Web sites. The face of hacking changed rapidly with easy access to information and plug-and-play kind of hacking tools over the internet. (PC World, 2001) Tools used
There are many techniques that hackers use to illegally get into a computer. The most common ones defined in Wikipedia are as follows: Virus: This self replicating program behaves in a way similar to the biological virus. It spreads by inserting copies of itself into other executable code or document. Worm: Worm is also a self-replicating program like a virus. The difference between a virus and a worm is that a worm does not create multiple copies of itself on one system and that it spreads itself through computer networks. Trojan horse: These are viruses that fool a user into downloading and/or executing them by pretending to be useful applications. These programs when used open a back door for the intruder to access the computer system. Vulnerability scanner: It is used by the hackers to quickly check computers on a network for known weaknesses. Sniffer: It is an application that captures passwords and other data while it is in transit either within the computer or over the network. Exploit: It is a piece of software that takes advantage of a bug, or vulnerability, leading to privilege escalation or denial of service on a computer system. Rootkit: When a hacker gets full access to a computer system, this collection of software helps him conceal the fact that the computer's security has been compromised. Root kits may include replacements for system binaries so that it becomes impossible for the legitimate user to detect the presence of the intruder on the system by looking at process tables. Social engineering: It is a term given by hackers to any kind of trick that is used to get information from a worker of a targeted firm. At its basic level, social engineering exploits an understanding of human nature and people's natural openness and helpfulness when they are asked for help and...
References: Abu-Musa, A.A. 2002a. Security of computerized accounting information systems: A theoretical framework. Journal of American Academy of Business, Cambridge. Hollywood: Sep.Vol.2, Iss. 1; pg. 150, 6 pgs
Brandt, A. and Zetter. K. 2005. Net Threats: Hacker Nation. PC World
Casabona, P and Yu, S.1998
Humber, T. 2003. Is your HR system safe from hackers?. Canadian HR Reporter. Toronto: Nov 3. Vol.16, Iss. 19; pg. G3.
Krone T. 2005. Hacking Motives. Australian Institute of Criminology
Lawyers Weekly USA Staff
Lewis, B. 2005. IT Expertise Becoming a More Highly Prized Asset for Accountants Serving Small Business Clients. http://www.microsoft.com/smallbusiness/accountants/articles/it_expertise_becoming_a_more_highly_prized_asset.mspx
Luehlfing, M. S., Daily, C. M., Phillips Jr, T. J., and Smith, L. M. 2000. Defending the security of the accounting system. The CPA Journal. New York: Oct.Vol.70, Iss. 10; pg. 62, 4 pgs.
Shaw, E. D., Post J. M., Ruby K. G. 1999. Inside the mind of the insider. Security Management. Arlington: Dec 1999.Vol.43, Iss. 12; pg. 34.
Stevens, M. G. 1998. How secure is your computer system?. The Practical Accountant. Boston: Jan.Vol.31, Iss. 1; pg. 24, 8 pgs
Zorkadis, V and Donos, P
Please join StudyMode to read the full document