th

Core Concepts of Accounting Information Systems, 13 Edition, by Simkin, Rose, and Norman

Chapter 3
COMPUTER CRIME, ETHICS, AND PRIVACY

True-FalseQuestions

1. There is no complete, generally accepted definition of cybercrime presently available.

2. The largest known cybercrime of record is the TRW Company Credit Data Case.

3. Most computer abuse that we have caught so far has been because of good accounting
controls.

4. According to the chapter, a computer virus is an example of a type of cybercrime called “denial
of service.”

5. Many types of cybercrime have other, more common names such as "vandalism" or
"embezzlement."

6. In the United States, trafficking in passwords is immoral, but not illegal.

7. The U. S. Congress passed the first federal computer crime law in 1986 making it illegal to
alter or destroy federal information.

8. No one really knows how much is lost each year as the result of cybercrime.

9. The absence of good statistics on cybercrime is partially explained by the fact that a large
proportion of the cybercrime committed in private organizations is handled as an internal matter and
thus is never publicly divulged.

10. One conclusion that we can draw about cybercrime is that it is growing.

11. We believe that most cybercrime is not discovered.

12. There were less than 200 documented cases of cybercrime at the time the textbook was
written.

13. Automated accounting information systems are a particularly important potential target of
cybercrime.

14. When organizations discover a cybercrime, the cost of auditing and investigating the loss often
exceeds the actual monetary loss.

15. The TRW Company Credit Data Case is an example of “valuable information” cybercrime.
16. A paradoxical matter in the TRW Case was that the prosecution had trouble acquiring
testimonies because the buyers as well as the sellers of the credit information were in technical
violation of the law.

17. A conflict exists between providing bona fide AIS users easy access to computer resources
and security objectives.

18. It is generally accepted that hackers are motivated only by greed.

19. Worm programs are viruses that insert themselves into computer systems and disrupt
operations or files.

20. A computer virus may lie dormant in a system until software is copied and run on non-
licensed machines.

21. Lockout systems disconnect telephone connections if users fail to provide a correct password
in a set number of tries.

22. Dial-back systems help control unauthorized access to computer systems.

23. According to a recent CSI survey, the most common problem encountered by the
respondents is viruses.

24. One reason why computer crime is important to AISs is because, according to a Computer
Security Institute survey, the average cost of a computer-abuse incident is about $500,000.

25. According to a KPMG survey, companies that stress the importance of business ethics tend
to get about the same results as companies that do not stress its importance.

26. A “strong password” is a password that lasts a long time.

27. Fortunately, thwarting most forms of cybercrime does not require the support of top
management.

28. Experts suggest that policies on computer abuse are ineffective, and therefore should not be
used to help educate employees about computer abuse.
29. Most computer criminals are individuals of questionable background, little education, and no
morals.
30. Watching for tell-tale signs may help detect computer crime.

31. Most computer criminals we have been fortunate enough to catch have had long, criminal
backgrounds.

32. Forensic accountants are to accounting as detectives are to criminal justice.

33. Today’s accountants have no responsibility for designing or implementing control procedures
that protect AISs from cybercrime and fraud.

34. Cybercrime is another name for computer fraud.

Multiple-ChoiceQuestions
35. According to the chapter, which of these statements is most accurate?
a) Almost all cybercrime is committed for personal gain
b) Very little cybercrime is committed for personal gain
c) Most cybercrime is just as easily described as “embezzlement”
d) We actually know very little about cybercrime
36. According to the chapter, which of these statements is most accurate?
a) Most cybercrime is performed as retaliation against employers
b) Very little cybercrime is committed for personal gain
c) Some cybercrime is performed simply to meet a challenge
d) We catch most computer abusers with good accounting controls
37. Which of these would be an example of “denial-of-service” computer abuse?
a) Computer virus
b) Salami technique
c) Trojan horse computer program
d) Embezzlement using computerized data
e) none of these
38. Which of these terms describes a computer program that remains dormant until
triggered by some specific circumstance or date?
a) Trojan horse program
b) DDoS program
c) Logic bomb
d) Dial back system
39. Much of what has been termed cybercrime has merely involved the
computer but probably would be more accurately classified as other types of
crimes. A notable exception to this involves:
a) Raiding dormant bank accounts
b) Inventory misappropriation
c) Embezzlement
d) Theft of computer time

TB 3.3
.40. The process of changing data before,
during, or after they are entered into a
computer system is called:
a) Data diddling
b) Salami techinique
c) Logic bombs
d) Social engineering

TB 3.4
.41. This term describes the technique of
stealing small amounts of money from a
large number of accounts over time.
a) Salami technique
b) Buffet system
c) Baloney method
d) Dialing for dollars
.42. This best explains why we have incomplete information on cybercrime.
a) Most companies handle abuse as an internal matter
b) Most newspapers no longer have any interest in reporting cybercrime
c) Documentation of abuses is usually poor
d) We believe that most cybercrime is not caught
43. At present, we think that cybercrime is:
a) Falling
b) Random
c) Rising
d) Flat
.44. All of these are reasons why we think that cybercrime is rising except:
a) Some Internet web sites now
instruct users how to perform
certain types of computer abuse
b) More people now know how to use computers
c) Computer usage continues to grow
d) all of these are reasons
45. According to the chapter, which of these statements is most accurate?
a) Today, most computers are safe from computer abuse
b) Today, very few computers are completely safe from computer abuse
c) Today, “hacking” is no longer possible
d) Today, all of these statements are accurate
.46. The TRW Credit Data Case is an example of:
a) The round-off trick
b) An outsider ripping off a corporate computer
c) Valuable information computer crime
d) none of the above
47. The TRW Case is notable because:
a) The amount of dollars involved was so large
b) No one got caught
c) The real victims were TRW customers
d) A routine audit was responsible for detecting the fraud

TB 3.5
48. Which of these is an acronym for computer crime legislation?

a) ACL
b) BART
c) CFAA
d) DDoS
49. Hacking involves:
a) Stealing carbons of credit cards
b) Destroying computer hardware
c) Gaining illegal entry to computer files from remote locations
d) Inserting a logic bomb in a computer program
50. A computer virus is:
a) A disease that computer programmers are very susceptible to
b) A small processing routine that the user accidentally introduces into the
system
c) A misnomer, since unlike biological
viruses, computer viruses cannot
reproduce themselves
d) Harmless
51. Computer programs that can scan computer disks for virus-like coding are called:
a) Antivirus software
b) Virus software
c) Detection software
d) Friendly applets

.52. All of the following are ways to thwart computer viruses except:
a) Acquire a vaccine or anti-virus program
b) Do not download computer games from questionable sources
c) Maintain complete backup files
d) Buy shrink-wrapped software from reputable sources
.53. A small computer program that is
stored on a web server and designed
to run in conjunction with browser
software is called a(n):
a) Applet
b) Logic bomb
c) Worm
d) Boot sector

TB 3.6
54. Thwarting computer abuse can be enhanced by all of the followingexcept:
a) Enlisting top-management support
b) Increasing employee awareness and education
c) Allowing only 10% of employees access to computers
d) Using strong passwords
55. In thwarting cybercrime, which of the following is true?
a) It is not important to enlist the support of top management
b) Many IT managers do not think cybercrime is very important
c) Cybercrime mostly means controlling computer hardware
d) Most cybercrime happens because
of a failure of controls, not an
absence of controls

TB 3.7
.56. Almost all computer criminals can be described as:
a) Professional criminals
b) Technical hackers possessing strong computer skills
c) White collar professional criminals
d) Amateurs who describe themselves as relatively honest
57. Most computer criminals who have been caught:
a) Have inferior educational backgrounds
b) Have superior educational backgrounds
c) Work for organized crime
d) Are ill suited to their jobs
.58. A forensic accountant is an accountant who:
a) Performs autopsies on dead accountants
b) Tries to explain why some accounts become inactive
c) Investigates suspected fraud
d) Performs court-approved accounting tasks for bankrupt companies
.59. Accounting “ethics” means:
a) Whatever the corporate manual says it means
b) Acting responsibly as long as no dollars are involved
c) Only being honest; everything else is up for grabs
d) Acting responsibly, no matter what
60. An example of a conflict-of-interest situation is:
a) Not working for a new company in a job similar to your last job
b) Not talking to outsiders about general business concerns
c) A decision where personal and corporate goals conflict
d) Refusing to use a new computer if
your colleagues are not provided
similar systems
TB3.8
61. Which of the following is not a common way to steal personal identity
information?
a) Altering computer records
b) Using key logging software
c) Dumpster diving
d) Phishing
62. Which of the following is true?
a) Only the AICPA has drafted an ethical code of conduct
b) Computer crime only refers to manipulating a computer to dishonestly
obtain money, property, or some other advantage of value
c) ACM society is an acronym meaning “association of corporate managers”
d) Ethical use of computers means realizing that the availability of a system does
not convey its unrestricted use
TB 3.9
.63. Probably the most important federal
legislation governing activities involving
computers is:
a) CAN-SPAM Act of 2003

b) Federal Privacy Act of 1974

c) Computer Fraud and Abuse Act of 1986

d) Cyber Security Act of 1987

64. Which of the following is a primary reason

why accountants should be concerned
about cybercrime?
a) They might lose their job if they don’t detect cybercrime in their organization
b) They might lose their professional
credibility and license if cybercrime
continues for a long time in their
organization and they do not detect it
c) They are responsible for designing,
implementing, and monitoring the
control procedures for AISs
d) all of the above are equally important
65. One of the most effective deterrents to prevent/discourage computer hacking is:
a) User education, that is, making
potential hackers aware of the
ethical issues involved in this sort of
behavior
b) The USA Patriot Act of 2001
c) The Cyber Security Act of 1987
d) none of the above
.66. Which of the following does not destroy
data but merely replicates itself repeatedly
until the user runs out of internal memory or
disk space?
a) Computer virus
b) Worm program
c) Java applet
d) Salami technique
.67. It is important to be able to recognize
the symptoms of employee fraud. In
practice, which of the following might be the
best clue that fraud might be occurring?
a) Accounting irregularities
b) Internal control procedures that managers feel are inadequate
c) Anomalies that, together, seem unreasonable
d) Trial balances that almost always contain errors
68. One of the major crimes identified by the
Computer Fraud and Abuse Act of 1986 is
the intent to illegally obtain information or
tangible property through the use of
computers. Which of the following
methods might accomplish this type of
crime if the perpetrator can change data
before, during, or after they are entered
into a computer system?
a) Salami technique
b) Data diddling
c) Shoulder surfing
d) Trojan horse program

TB 3.10

69. Acts such as dumpster diving, phishing, and smishing are all conducted to:

a) Conduct a denial of service attack

b) Disrupt computer services
c) Get food
d) Perform identify theft

70. The term “smishing” means:

a) Conducting identify theft by using text messages on cell phones

b) Attempting to appear unnoticeable for an illegal act
c) Stealing small amounts of monies from several computer accounts
d) Masquerading as a corporate manager in order to obtain useful information

71. A computer virus is different from a "Trojan Horse" because the virus can 

a) Corrupt data
b) Alter programming instructions
c) Replicate itself
d) Erase executable files

72. Some firms and governmental organizations use ethical hackers to help find any
vulnerabilities that could be exploited by a malicious hacker. Which of the following is also
used to refer to ethical hacking?

a) Denial of service
b) Intrusion service
c) Penetration testing
d) Executable test
73. Misappropriation of assets is:
a) A form of computer fraud involving the misapplication of account numbers.
b) The theft of assets, usually by employees
c) The proper recording of assets using debits
d) A form of computer abuse that is not a crime
74 The theft of millions of credit card
numbers from customers of Target
stores using malware is an example of:
a) Denial of service
b) Misappropriation of assets
c) Penetration testing
d) Hacking
75. Good computer security usually begins with:
a) Strong application controls
b) Enlisting the support of top management
c) Long jail sentences
d) Powerful microprocessors

Matching Questions
For the following terms find the correct
definition below and place the letter of that
response in the blank space next to the term.
Each definition is used only once – there are
three terms that are not used.
76. _____ shoulder surfing
77. _____ ACL
78. _____ CSI
79. _____ data diddling
80 _____ DDoScookie
81 _____ dumpster diving
82. _____ EnCcase
83 _____ CFAA
84 _____ salami technique
85. _____ Trojan horse
86. _____ VoIPfirewall
87. _____ worm
 TB 3 Accounting Information Systems, 13th Edition, by Simkin,
Rose, and Norman

Definitions:
A. Malicious software similar to a computer virus
B. An acronym for security institute that studies computer crime activities
C. The act of altering data that are entered into, or used by, a computer
D. A software program specifically designed for computer forensic investigations
E. Federal legislation aimed specifically at computer crime
F. A type of fraud in which the
perpetrator steals small amounts from
many different accounts
G. A technique for luring individuals to reveal their personal identification
information
H. A technique for transmitting telephone
conversations over the Internet software
program or hardware device designed to
prevent unauthorized data
communications
I. A malicious software program embedded in another innocent-looking one
J.A type of bait used to lure computer users into sending money overseas
K. A hacking attack that uses zombie
computers.

L. A small text file that stores information

about your browsing habits and
interests
M. Stealing personal information from trash cans
N. Auditing software often used to test computer data
O. Observing users as they enter passwords or other personal information to a
computer
P. A strong computer password named after a Greek statue

Short Answer Questions

88 Define hacking.
89 Define computer virus.
90.Number?: Many say that cybercrime
prevention begins with good policies and
education of people. Discuss what it
means to have good policies and good
education.
 TRUE/FALSE QUESTIONS MULTIPLE CHOICE MATCHING
QUESTIONS
1 T 19 F 35 D 56 D 76
2 F 20 T 36 C 57 B 77
3 F 21 T 37 E 58 C 78
4 F 22 T 38 C 59 B 79
5 T 23 T 39 D 60 C 80
6 F 24 T 40 A 61 A 81
7 T 25 F 41 A 62 D 82
8 T 26 F 42 D 63 C 83
9 T 27 F 43 A 64 B 84
10 T 28 F 44 D 65 A 85
11 T 29 F 45 b 66 B 86
12 F 30 T 46 C 67 C 87
13 T 31 F 47 C 68 C 88
14 T 32 T 48 C 69 B
15 T 33 F 49 C 70 B
16 T 34 F 50 B 71 C
17 T 51 A 72 C
18 F 52 C 73 B
53 A 74 D
54 C 75 B
55 D

TB 3.14