Fraud awareness module released

Frauds, scams, swindles and cons involve taking advantage of victims through the use of deception, which is itself a form of social engineering.  As such, fraud definitely qualifies as an information security concern, making it a valid topic for the security awareness program.  What’s more, fraud is an inherently fascinating subject.  The deviously creative nature of fraudsters means they find surprising ways to dupe and manipulate people, processes and systems, undermining or bypassing controls that superficially appear sound.

Fraudsters may exist within or without the organization, sometimes both.  Procurement frauds, for instance, often involve dishonest or coerced employees acting in collusion with external suppliers to misappropriate the organization’s funds.  Collusion between individuals is a particularly challenging concern in relation to fraud since it negates a very important form of control – the division of responsibilities between individuals.

The breakdown of trust is another problem with fraud, a serious consequence given that commerce and society revolve around trust.  I'm deep into Bruce Schneier's latest book Liars and Outliers at the moment, and intrigued by the concept that fraudsters, hackers and other adversaries are 'defectors' who choose to ignore the explicit and implicit rules of society.  I'm sure I'll be drawing on that thought in future awareness modules and bloggery.