What best describes a scenario when an employee has been shaving off pennies from multiple accounts and
depositing the funds into his own bank account?

A.
Data fiddling

B.
Data diddling

C.
Salami techniques

D.
Trojan horses

Explanation:
Salami techniques: A salami attack is the one in which an attacker commits several small crimes with the hope
that the overall larger crime will go unnoticed.
In this case, the employee has been shaving off pennies from multiple accounts in the hope that no one
notices. Shaving pennies from an account is the small crime in this example. However, the cumulative effect of
the multiple ‘small crimes’ is that a larger amount of money is stolen in total.Incorrect Answers:
A: Data fiddling is not a defined attack type. The term could refer to entering incorrect data in a similar way to
data diddling. However, it is not the term used to describe a scenario when an employee has been shaving off
pennies from multiple accounts and depositing the funds into his own bank account.
B: Data diddling refers to the alteration of existing data. Many times, this modification happens before the data
is entered into an application or as soon as it completes processing and is outputted from an application. For
instance, if a loan processor is entering information for a customer’s loan of $100,000, but instead enters
$150,000 and then moves the extra approved money somewhere else, this would be a case of data diddling.
Another example is if a cashier enters an amount of $40 into the cash register, but really charges the customer
$60 and keeps the extra $20. This is not what is described in the question.
D: A Trojan Horse is a program that is disguised as another program. This is not what is described in the
question.

S Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1059