Guide to Preventing Workplace Fraud - Chubb Group of Insurance ...
Guide to Preventing Workplace Fraud - Chubb Group of Insurance ...
Guide to Preventing Workplace Fraud - Chubb Group of Insurance ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
■<br />
Design and implement safeguards in response <strong>to</strong> identified risks,<br />
including those arising due <strong>to</strong> changes in the business.<br />
■<br />
Periodically moni<strong>to</strong>r and test safeguards.<br />
Physical Security <strong>of</strong> Technology Assets<br />
The physical security <strong>of</strong> computers and computer systems is naturally an<br />
extension <strong>of</strong> a general physical security program. Existing physical security<br />
policies and procedures need <strong>to</strong> be adapted <strong>to</strong> meet the specific threats<br />
associated with information systems and related assets. Controls <strong>to</strong> consider:<br />
■<br />
Restrict access <strong>to</strong> the areas where computers and computer data<br />
are housed.<br />
■<br />
Perform comprehensive background investigations on personnel who<br />
will have access <strong>to</strong> computer areas and information.<br />
■<br />
Utilize asset-protection programs, such as asset-tracking devices or<br />
s<strong>of</strong>tware installed on lap<strong>to</strong>p computers.<br />
Defenses against unauthorized, malicious, and/or fraudulent logical access <strong>to</strong><br />
computer systems include good physical security and use <strong>of</strong> security<br />
technologies. Successful computer system intrusions may involve<br />
unauthorized appropriation and use <strong>of</strong> user passwords. Compromised<br />
passwords need <strong>to</strong> be reported promptly, with swift action taken <strong>to</strong> revoke<br />
all related systems rights.<br />
44