Security personnel are usually brought in when a potential fraud incident has happened -- identified either via...
transaction analytics or some other means -- to figure out if it's a technology problem. Yes, this is a rather reactive process, and ideally there would be lockstep coordination between the risk group and the security group, but major change doesn't happen overnight.
In terms of how organizations should assess fraud risk, the assessment should include technology, business process and customer handling, and there really isn't a difference between the three types. Conducting an independent risk analysis for all of them doesn't make sense because, in many cases, a fault in one domain will lead to a breach in another.
Managing fraud and risk needs to be a holistic, enterprise-wide initiative and right now (in most organizations) it's not. So there's still a lot of work to do.
- Learn more about how passport fraud can be prevented.
- Prevent fraud with these countermeasures against targeted attacks in the enterprise.
Dig Deeper on Risk assessments, metrics and frameworks
Related Q&A from Mike Rothman
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them ... Continue Reading
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ... Continue Reading