（2003）Incident response and fraud investigation – the role of the information technology auditor.pdfVIP

Incident response and fraud investigation – the role of the information technology auditor By Willem Dirven, Anthony Samer, and David Taylor, Protiviti, Inc. Information systems can both facilitate and detect fraud. The increasing accessibility of information systems to employees, business partners and customers, from both inside and outside the organization, heightens the vulnerability of the systems to attack and the potential for theft or misuse of confidential data. All IT-related frauds start as an IT incident, which is an IT event that disrupts the day-to-day IT processing. Incident response is the first step: determine what happened, decide what to do about it and determine whether the incident is fraud related. If so, the next step involves computer forensics: the means by which an incident investigator retrieves and assembles evidence about a computer crime. This article discusses incident response issues and then provides detailed guidance on the role of information technology in fraud response, investigation, analysis, and prevention. Why is incident response so important? Government regulations and initiatives such as Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA) of 1999 and California Law “SB 1386” are forcing businesses to pay attention to incidents that could impact the confidentiality of corporate data. These regulations call for incident response policies and procedures. Corporations in general are following this regulatory trend, particularly those who have previously experienced an incident and have realized as a result that they need to have a good plan in place. Not every computer incident will turn out to be a fraud. However, the number of corporate network security incidents continues to climb each year with increased financial implications for companies that fall victim to an attack: • 90% of surveyed companies detected security breaches within the