RE: Fraud Prevention Training
February 22, 2018
The Office of Information Security recently worked with the Internal Auditor to include the following subject matter into the institution’s Fraud Prevention Training.
- Do not share you LBCC password with anyone. Doing so is a violation of LBCC AR 6006 and may be subjectable to both civil and criminal liability.
- Can lead to unauthorized access to protected data.
- The CIA Triad (Confidentiality, Integrity and Availability)
- Confidentiality: Ensuring that information is accessible only to those authorized to have access.
- Integrity: Safeguarding the accuracy and completeness of information and processing methods.
- Availability: Ensuring that authorized users have access to information and associated assets when required.
- Compromises Internal Controls.
- Access to PeopleSoft, TARS, other systems is restricted to employee classifications with clearly defined duties.
- By sharing passwords, the employee receiving your password could have access to security clearances they shouldn’t have (timesheet approvals, invoice approvals, etc.)
- Can lead to fraudulent activity.
- Approval of time not worked.
- Approval of unauthorized purchases.
- Conflict of Interest.
- Power over employees (ability to gain cooperation under threat of duress.)
Thanks to Bob Rapoza for incorporating Information Security Standards into Fraud Prevention Training, and providing real-world examples to explain their impact.