Hacking the AIS
Kira Welcome
Professor: Dr. Willadene Tolmachoff
Accounting Information Systems April 29, 2015

Security breaches and data leaks have implications that not only effect a business’s reputation, but may also lead to litigation. Obviously, no business wants this and so prevention is always better than cure in terms of data security. If a company has adequate security controls in place then they should not be held liable for losses sustained in a successful attack made on their Accounting Information System (AIS) by outside sources. If a company is negligent about security controls then they should be held liable for losses sustained in a successful attack on their AIS. There are a variety of sources that threaten accounting information systems and if they are ignored by the company then this can destroy the relevance and reliability of the financial information. It is very important to establish security controls during the data collection process. During this process the transaction or event should be valid, complete and free from material errors. An unauthorized user can pretend to be an authorized user, which is called masquerading, another activity that hackers use during data collection is called piggybacking, which is tapping into the telecommunications lines (California Office of Privacy Protection, 2012).
Companies need to establish security controls during this process so hackers can’t get into their accounting information system. Threats during the data processing phase can also occur. A few threats that can occur during this phase would include: creating illegal programs, accessing or deleting files, destroying or corrupting a program’s logic through viruses, or altering a program’s logic to cause the application to process data incorrectly. A devastating loss of data could occur if the files aren’t properly backed up. An organization could damage their competitiveness or reputation during the information generation and reporting phase because theft, misdirection or misuse of the computer output. “Advances in information technology and increased use of the Internet require that management, accountants, auditors, and academicians become more knowledgeable and conversant in the design, operation, and control of accounting information systems” (California Office of Privacy Protection, 2012).
Organizations possess a myriad of sensitive information, including strategic plans, trade secrets, cost information, legal documents, and process improvements. This intellectual property often is crucial to the organization’s long-run competitive advantage and success. Consequently, preserving the confidentiality of the organization’s intellectual property, and similar information shared by its business partners, has long been recognized as a basic objective of information security. Confidentiality is becoming a major concern because wide area networks are giving customers and suppliers access to their systems and data. Companies that don’t adequately protect their data should be held liable to losses sustained to outside attacks on their accounting information systems. These companies underestimate and downplay computer control problems which can cause their systems to be hacked into (Romney and Steinbart, 2012). When they are moving from centralized, host-based computer systems to a networked system or Internet-based system they encounter complications because the network and internet-based systems aren’t fully understood. They neglect to implement data security as a strategic requirement and they management may pass by some time consuming control measures because of productivity and the cost of the implementation. In this case the company should be liable because they aren’t safe guarding their company from threats.
Email is an invaluable tool when it comes to business communications. However, it also presents a great opportunity for hackers to gain access to corporate networks, especially if