How does information security prevent fraud in the enterprise?

When an enterprise is worried about fraud, where does the information security team step in? Security management expert Mike Rothman explains the role information security plays in enterprise fraud-prevention activities.

Mike Rothman, Securosis

How would you describe the role that information security plays in the enterprise fraud-prevention activities? How should organizations perform a fraud risk assessment?

In most organizations, security doesn't play much of a role in fraud-prevention activities. Typically, fraud resides within corporate risk organizations, most of which are only beginning to incorporate information security. A collaboration is not the norm by any stretch.

Security personnel are usually brought in when a potential fraud incident has happened -- identified either via...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

transaction analytics or some other means -- to figure out if it's a technology problem. Yes, this is a rather reactive process, and ideally there would be lockstep coordination between the risk group and the security group, but major change doesn't happen overnight.

In terms of how organizations should assess fraud risk, the assessment should include technology, business process and customer handling, and there really isn't a difference between the three types. Conducting an independent risk analysis for all of them doesn't make sense because, in many cases, a fault in one domain will lead to a breach in another.

Managing fraud and risk needs to be a holistic, enterprise-wide initiative and right now (in most organizations) it's not. So there's still a lot of work to do.

More information:

Learn more about how passport fraud can be prevented.
Prevent fraud with these countermeasures against targeted attacks in the enterprise.

This was last published in September 2008

Banks lead in digital era fraud detection

UK identity fraud reaches record level

UK organisations failing to take action against fraud

UK business urged to do more as ID fraud continues to rise

6 SaaS security best practices to protect applications

Review these 7 CASB vendors to best secure cloud access

CASB explained: Know its use cases before you buy

Considerations for SASE management and troubleshooting

Cisco sweetens Acacia deal by $2 billion

SASE challenges include network security roles, product choice

Parler sues AWS, seeks restraining order

Digital healthcare top priority for CIOs in 2021

C-suite execs give future technology predictions for the decade

Will Windows 10 be the last Windows OS?

CES: Laptops sport designs friendly for remote workers

Evaluate if Windows 10 needs third-party antivirus

COVID-19 and remote work shift cloud predictions for 2021

Cloud providers jockey for 2021 market share

How to build a cloud center of excellence

Private LTE/5G market set to reach £4.2bn in 2024

150,000 records accidentally wiped from police systems

Google Cloud, Nokia accelerate readiness for cloud-native enterprise 5G solutions