Computer‐related crime: the role of control in its prevention, detection and correction

This three‐part briefing deals with the prevention, detection and correction of computer related crime by the application of straight‐forward control techniques. No attempt is made to identify the scale of computer abuse as the main thrust is that the implementation of controls to prevent mistakes will also help to mitigate abuse. The briefing raises a number of issues that are relevant to dealing with computer abuse as a control issue. First, it identifies the position of the computer in an abuse event as being either the object, subject, instrument or symbol of the crime. Secondly, it suggests that fraud is only achievable where the three attributes of ability, opportunity and conversion of assets come together, but that non‐fraud attacks only require ability and opportunity. Thirdly, it hypothesises that the number of crimes will be inversely proportional to the skill required to do them and proves the hypothesis by reference to the published cases. Finally, it makes the point that for real‐time systems, prevention of abuse by the authorised user may not be possible due to the very nature of the system. Under such circumstances the organisation has to rely on detection mechanisms with all the problems of living with a window of exposure.