Logo image
Back
Exploring information security controls using information Fraud episodes: Case study evidence from a large telecommunications firm
Conference paper   Peer reviewed

Exploring information security controls using information Fraud episodes: Case study evidence from a large telecommunications firm

S Goode and David Lacey
Proceedings of the 19th European Conference on Information Systems, pp.1-12
European Conference on Information Systems (ECIS): ICT and Sustainable Service Development, 19th (Helsinki, Finland, 09-Jun-2011–11-Jun-2011)
Aalto University School of Economics
2011
url
http://aisel.aisnet.org/ecis2011/241View
Webpage

Abstract

information fraud control information sharing telecommunications
Fraud and security continue to be problems for firms. Fraud information is typically incomplete and deliberately obfuscated. These qualities make fraud events harder to detect using conventional security controls. This study uses a knowledge management framework to explore how different types of controls are used to detect and investigate information fraud. The analysis is based on the customer fraud database of a large Asia-Pacific telecommunications provider. Semi-structured interviews were also conducted with the firm's fraud unit. The study finds that IS controls, with high task programmability and outcome measurement, are used to detect the majority of fraud cases. However, more complex fraud cases use clan controls for detection. The paper also provides insight into the way in which combinations of controls are used to investigate cases. The study raises implications for both theory and practice.

Details

Metrics

6 File views/ downloads
474 Record Views
Logo image