There are two facets of fraud – the business fraud and the IT fraud. The first is about people e.g. transferring money to accounts they have created for a fake supplier. The latter involves all fraudulent behavior in IT systems, particularly when it leads to financial losses. However, IT fraud includes attackers hijacking accounts of business users, ending up in business fraud. And most business fraud scenarios are related to excessive entitlements and SoD violations. So business fraud and IT fraud are tightly aligned. On the other hand, both business risk management and IT risk management and business fraud management and IT security intelligence (including fraud management) are kept separate in most organizations. The panel will discuss whether this must be the case due to the fact that business organization and IT organization are kept separate or whether and how it should change. And if there should be one approach on fraud management: How must organizations look like, both from the line, the security, and the government organization? Is it realistic to integrate these areas or not?
