According to the ACFE, the
CFE program denotes proven expertise in fraud prevention, detection,
deterrence and investigation.
Mastering Computer & Internet Fraud Guide for CFE Exam Candidate.
The CFE exam is a computer
based 500-question (MC and T/F) mega module which covers:
Criminology & Ethics
Financial Transactions
Fraud Investigation
Legal Elements of Fraud
Many CFE candidates are
experienced accounting professional who have been in the field of
accounting and finance for years, that they know most of the practical
financial how-tos, and all they need is to learn the principles,
concepts and science that are behind the latest fraud schemes and
prevention/detection techniques, such as those associated with the use
of computer and internet. In fact, the unit on Financial Transactions
has a section dedicated to frauds taking place in the world equipped
with computers
and internet.
Overall, coverage of the
exam is extensive - so extensive that I wouldn't recommend taking the
test until you are fully drilled on all the covered topics. You know what, I
personally think the official Fraud Examiner Manual is excellent - it
covers a
majority of the essential topics that you need to know to tackle most
fraud related topics, except for Computer & Internet Fraud, which we
honestly think should deserve more coverage (for doing really well in
the exam). That is why we came up with this special study guide - the
Mastering Computer & Internet Fraud Guide for CFE Exam Candidates.
Computers and the internet serve as the essential tools for
committing many kinds of fraud and scam in the modern days. A CFE
does not have to be a techie. He/she does need to know how
technologies can facilitate fraudulent activities, and how these
activities can be detected and examined.
Quite many
CFE candidates have mistakenly believed that the CFE exam is going to
give questions that are word for word copies of the official manual.
This is quite untrue. A large part of the exam makes use of contents
provided in the official manual for determining what is a correct answer
and what is not. The exam does not copy and paste text from there for
forming exam questions. Also, not all exam contents are from the
official manual. There are other sources of information that were used
for creating the exam.
For the CFE exam,
our advice is that you shouldn't be afraid to pick the simple or obvious
answer.
Each of the four CFE exam
sections has 125 questions and you will be given approximately 75
seconds to answer each question. What is difficult is that you have to
score at least 75% correct on each and every part. In
other words, EVERYTHING covered by the Fraud Examiner Manual plus
something extra from some outside references would be tested.
You may think of our guide
as the unofficial supplement to the official Fraud Examiner Manual, or
you may view it as a standalone guide with a focus on combating Computer
& internet Fraud from a professional perspective.
Computer & Internet Fraud is an emerging topic to many CFE
candidates. As described in the official manual, unlike traditional
fraud, computer fraud can be uneasy for the fraud examiner to tackle as
they mostly lack a traditional paper audit trail, that the fraudster
usually have thorough understanding of the technology for committing the
crime against the victim computer. To fight this kind of fraud, being
simply computer literate is usually not enough. Exam-wise, techniques
for failing you - fluff, outdated technologies, pertinent details buried
in the irrelevant ...etc can lead you to the wrong answers UNLESS you
are thoroughly and comprehensively drilled on the relevant information.
For those who are not experienced in information technology,
the topic of computer & internet fraud could have the potential to fail
an exam part
entirely (remember, you need to score at least 75% correct on each
and every part).
Therefore we created this
special guide with an attempt to help people out - to help them do well
on the CFE exam. In fact, our guide is the only product on the market
that fills the gap between traditional anti-fraud knowledge and
the various emerging issues on computer & internet.
If you are new to fraud
examination, you need to plan your study into a 2-stage process. At the
first stage you review the official manual. Give yourself one to
two months to go through the text chapter by chapter. Then, at the
second stage you use our study guide to drill on the key
computer fraud related topics for the best possible knowledge coverage prior to taking
the exam.
Table of Contents (Contents
updated on 29 Oct, 2008)
Approx page count:
approx. 220
END USER
LICENSE AGREEMENT
ABOUT THIS BOOK
COMPUTER FRAUD, CRIME AND HACKING
SECURITY THEORIES
THE COMPUTER SYSTEM ITSELF AS LARGELY AN UNTRUSTED SYSTEM
DEFENSE IN DEPTH
VULNERABILITIES
SECURING SYSTEM AND DATA
SECURITY MEASURES
STANDARDS, GUIDELINES AND LAWS
TCP/IP SPECIFIC SECURITY RISKS
PROTECTION OF INFORMATION ASSETS
INFORMATION ASSETS DEFINED
DATA CLASSIFICATIONS AND LAYER OF RESPONSIBILITIES
SECURITY POLICY
EFFECTIVE SECURITY PRACTICES
SECURITY AWARENESS TRAINING
CONSEQUENCES OF VIOLATIONS
SECURITY MODELS AND MODES OF OPERATIONS
EVALUATION & CLASSIFICATION
DEVISING YOUR OWN CLASSIFICATION SCHEME
IS CONTROLS CONTROL MODELS
ACLS VERSUS CAPABILITIES
IMPLEMENTING CONTROL
THE AAA CONCEPT
PRACTICAL CONTROL MEASURES
ESTABLISHING ACCOUNTABILITY THROUGH EVENT LOGGING
CHANGE CONTROL
INTERNAL PREVENTIVE CONTROLS VERSUS COMPENSATING CONTROLS
DATABASE SECURITY
COMPUTER FORENSICS THE PRIMARY GOAL
EVIDENCE COLLECTION AND SUBMISSION
DEFAMATION OF CHARACTER
TYPES OF EVIDENCE AND THE TOOL(S) TO USE
IT STRATEGIC PLANNING, AUDITING AND GOVERNANCE IT STRATEGIC PLANNING
IS GOVERNANCE
IS AUDITING
INFORMATION RETENTION & DISPOSAL PROCEDURES
If any of the
TOC files (in Flash format) fails to load directly into your
browser, please right click on the link, then choose SAVE AS, and
save the .swf file to your "My Documents" folder. You may then open
it locally without any problem.
SAMPLE TEXT on Computer Fraud, Crime and
Hacking
Computer fraud can be described as any defalcation or embezzlement
achieved through tampering with computer items such as programs,
data files, equipment, media ..etc which would result in losses.
Access to the computer takes place with the intent to run a
fraudulent scheme. Proof of access with fraudulent intent rather
than taking things (money, information…etc) away is the emphasis
here. In other words, this is sort of a legal principle primarily
against access with malicious intent.
Computer crime could be different. Those who have
authorized access would not come under the law against access.
Manipulation or corruption of program or data could be independent
of fraudulent schemes and might not be classified as vandalism since
the property involved is NOT physically tangible. It may be more
accurate to think of computer fraud as Computer-Assisted Crime as it
involves the use of computers for evil purposes.
NOTE: In a computer crime, computer can be a means or a target
object. In a computer assisted crime, however, computer is primarily
a means.
Rusch describes Internet fraud ass a form of white-collar crime
whose growth may be as rapid and diverse as the growth of the
Internet. According to him, the term "Internet fraud" may be broadly
defined as any fraud committed through or with the aid of
Internet-related communications. He believes that the growth of
Internet fraud is outpacing peoples' understanding of the problem .
According to Legal-Definitions.com, fraud is defined
“as a deception deliberately practiced to secure unfair or unlawful
gain” , which could be a serious crime in some states (for example,
fraud in Arizona is classified as class 2 felony and is defined by
statute as “any person who, pursuant to a scheme or artifice to
defraud, knowingly obtains any benefit by means of false or
fraudulent pretenses, representations, promises or material
omissions”). The words “deliberately” or “knowingly” spelled out the
importance of the intention involved regardless of exactly what have
been done to implement the fraud.
NOTE: The US DOJ defines "Internet fraud" as any type of fraud
scheme that uses one or more components of the Internet to present
fraudulent solicitations to prospective victims, to conduct
fraudulent transactions, or to transmit the proceeds of fraud to
financial institutions or to other connected with the scheme.
Another word which is often used interchangeably with fraud by the
online communities is “scam”, which means a dishonest scheme for
making money . Strictly speaking, “scam” and “fraud” do not share
exactly the same definition. However, from a victim’s point of view,
between the two the difference is not significant, as long as the
one who makes money out of it has been dishonest intentionally.
NOTE: According to Rusch, Internet fraud schemes typically employ
psychological influence techniques in the forms of E-mail and Web
site scams, Online auctions, Securities and other investment
schemes. The NACHA Internet Council has a publication titled
"Internet Payments Fraud" white paper, which identifies and catalogs
the various types of Internet-related fraud, such as
transaction-level fraud, merchant-level fraud, and identity theft
fraud.
Hacking is the act of penetrating into computer systems without
proper authorization – a form of computer intrusion. There are two
types of hacking. Unethical hacking is seen as evil – it is
attempted to either steal information or cause troubles on the part
of the victims. Ethical hacking, on the other hand, is basically
penetration testing.
NOTE: You may think of a penetration test as a method of
evaluating the security of a computer system or network through
simulating an attack by a malicious hacker (source of threat). An
ethical hacker (aka whitehat hacker) does not perform questionable
activities. A grayhat hacker sometimes does. A cracker ALWAYS does.
From a fraud examination perspective, try to think of hacking as
a technical means to commit computer fraud. We will go through the
possible technical options, and from there you can tell what is most
likely to produce fraud and what is not, basing on the unique fraud
scenarios you are facing.
* We are NOT affiliated
with nor endorsed by the ACFE.
As an independent
content developer, we are NOT affiliated with the ACFE.
ExamREVIEW is an independent content developer not associated/affiliated with the certification vendor mentioned on this web page and throughout this web site. The certification exam described is the trademark of the corresponding certification vendor.
We at ExamREVIEW develop study material entirely on our own. Our material is fully copyrighted. Braindump is strictly prohibited. We provide essential knowledge contents, NOT any generalized "study system" kind of "pick-the-right-answer-every time" techniques or "visit this link" referrals.
You may choose products based
on their purposes and/or nature:
Ready-to-go: the product will get you sufficiently
prepared for the exam assuming you have reasonable background in
the corresponding field.
Filling-the-gaps: the product is written to secure exam
clearance through filling up exam-specific gaps
found in the mainstream study material.
Essential Reference: the product provides coverage on
selected essential topic(s) given BOK of a massive
scale.
Focused revision: highly focused
study notes covering key exam topics.
Our printed books are distributed primarily
through CREATESPACE AMAZON. Page size is 8" x 10", grayscale printing,
with font sizing ranging from 10 to 14 (Garamond).
Our electronic study products are in PDF
format. Full color printing, with font sizing ranging from 10 to 14
(Garamond).
Shipment is through
Copyright 2010 ExamREVIEW.NET. All rights reserved. Designated trademarks and brands are
the property of their respective owners.
