08Feb2010 (UTC +8) On Mon, Feb 8, 2010 at 22:50, fooler mail <[email protected]> wrote: > > On Fri, Feb 5, 2010 at 9:28 AM, jan gestre <[email protected]> wrote: >> On the side note, Presidential candidates don't need to cheat at the >> precinct level, remember that Congress will be the one to canvass the >> results and eventually proclaim the winner, and you what that means.... > > if there is an opportunity.. they will cheat at any level :->
In the Association of Certified Fraud Examiners (http://www.ACFE.org), we often credit a researcher named Donald Cressey for his work in the 1950's that gave a remarkable insight on how the criminal mind works. Mr. Cressey came up with the Fraud Triangle concept, based upon years of scientific research. The Fraud Triangle simply illustrated that when a criminal did a bad thing, 3 factors where always present. First, "motivation" is what drives the criminal. Motivation examples can be financial in nature (family relative is sick; or gambling problems; extravagant lifestyle), or emotional pressure (ego; peer pressure; lust for power, fame, and fortune). Second, there is "opportunity". Opportunity simply is a situation or condition where the attacker found it favorable to commit a crime. It might be the victim is weak or vulnerable, or the criminal is stronger & crafty, or all of the above. "Rationalization" is the third angle in the Fraud Triangle. Rationalization happens when the criminal mind comes up with a seemingly acceptable reason on why the crime can or has to be done --like thoughts about exacting revenge, or claiming what is right, or being confident that he / she can get away with the crime, or so on. ^ Opportunity / \ Motivation / \ ----------- Rationalization It is generally accepted principle that taking away one angle from the Fraud Triangle, prevents a bad thing from happening. It is in this context where one can audit source code to analyze the risks that the AES is exposed to, find out if the security functions of the AES is sufficient to counter those risks, and then verify if those counter-measures work as expected --no more, no less. Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA http://www.laggui.com ( Singapore / Manila / California ) Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976 FF31 8A4E _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
