How does information security prevent fraud in the enterprise?

When an enterprise is worried about fraud, where does the information security team step in? Security management expert Mike Rothman explains the role information security plays in enterprise fraud-prevention activities.

Mike Rothman, Securosis

How would you describe the role that information security plays in the enterprise fraud-prevention activities? How should organizations perform a fraud risk assessment?

In most organizations, security doesn't play much of a role in fraud-prevention activities. Typically, fraud resides within corporate risk organizations, most of which are only beginning to incorporate information security. A collaboration is not the norm by any stretch.

Security personnel are usually brought in when a potential fraud incident has happened -- identified either via...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

transaction analytics or some other means -- to figure out if it's a technology problem. Yes, this is a rather reactive process, and ideally there would be lockstep coordination between the risk group and the security group, but major change doesn't happen overnight.

In terms of how organizations should assess fraud risk, the assessment should include technology, business process and customer handling, and there really isn't a difference between the three types. Conducting an independent risk analysis for all of them doesn't make sense because, in many cases, a fault in one domain will lead to a breach in another.

Managing fraud and risk needs to be a holistic, enterprise-wide initiative and right now (in most organizations) it's not. So there's still a lot of work to do.

More information:

Learn more about how passport fraud can be prevented.
Prevent fraud with these countermeasures against targeted attacks in the enterprise.

This was last published in September 2008

Dig Deeper on Risk assessments, metrics and frameworks

Banks lead in digital era fraud detection All e-commerce businesses should follow the banks’ lead in how to detect fraud in the digital era, says RSA fraud and risk expert

UK identity fraud reaches record level The level of identity fraud has reached its highest level to date, a UK fraud report shows

UK organisations failing to take action against fraud UK organisations are facing increasingly complex and costly incidents of fraud partly due to increasing cyber fraud, yet few are making use of the anti-fraud technologies available, a survey has revealed

UK business urged to do more as ID fraud continues to rise Identity fraud continued to increase at a record rate in the first half of 2017, reaching epidemic levels, a fraud data report has revealed

UK identity fraud reaches record levels The UK fraud prevention service is calling for better education about fraud and financial crime as identity fraud, which is often cyber-enabled, hits the highest levels ever recorded

Cifas calls on UK government to help tackle fraud The UK fraud prevention service is calling on the government to use the Queen’s Speech to introduce policy and legislative changes to tackle cyber and other forms of fraud

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Please create a username to comment.

McAfee launches security tool Mvision Cloud for Containers

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

Consider these 5 FAQs for network monitoring best practices

Cisco's Silicon One networking chip targets cloud data centers

7 factors to consider in network redundancy design

Transforming operations for successful cloud adoption

IT workforce skews younger, says analysis of US data

Top edge computing trends to watch in 2020

How to shut down and restart a remote computer

Setting up Windows 10 kiosk mode with 4 different methods

Microsoft extends Office 365 benefit to nonprofit volunteers

The future of the Kubernetes ecosystem isn't all about cloud

Evaluate general and niche cloud service use cases

Compare niche cloud services to the hyperscale offerings

Alarm bells ring, the IoT is listening

New government faces calls to urgently deliver on pre-election pledge to review IR35 reforms

Future fashion: does that dress come in digital?

Dig Deeper on Risk assessments, metrics and frameworks

Related Q&A from Mike Rothman

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.