Q

How does information security prevent fraud in the enterprise?

When an enterprise is worried about fraud, where does the information security team step in? Security management expert Mike Rothman explains the role information security plays in enterprise fraud-prevention activities.

How would you describe the role that information security plays in the enterprise fraud-prevention activities? How should organizations perform a fraud risk assessment?
In most organizations, security doesn't play much of a role in fraud-prevention activities. Typically, fraud resides within corporate risk organizations, most of which are only beginning to incorporate information security. A collaboration is not the norm by any stretch.

Security personnel are usually brought in when a potential fraud incident has happened -- identified either via...

transaction analytics or some other means -- to figure out if it's a technology problem. Yes, this is a rather reactive process, and ideally there would be lockstep coordination between the risk group and the security group, but major change doesn't happen overnight.

In terms of how organizations should assess fraud risk, the assessment should include technology, business process and customer handling, and there really isn't a difference between the three types. Conducting an independent risk analysis for all of them doesn't make sense because, in many cases, a fault in one domain will lead to a breach in another.

Managing fraud and risk needs to be a holistic, enterprise-wide initiative and right now (in most organizations) it's not. So there's still a lot of work to do.

More information:

  • Learn more about how passport fraud can be prevented.
  • Prevent fraud with these countermeasures against targeted attacks in the enterprise.

This was last published in September 2008

Dig Deeper on Enterprise Risk Management: Metrics and Assessments

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close