ISC Exam Questions

What best describes a scenario when an employee has been shaving off pennies from multiple accounts

What best describes a scenario when an employee has been shaving off pennies from multiple
accounts and depositing the funds into his own bank account?

Data fiddling

Data diddling

Data hiding

Data masking

This kind of an attack involves altering the raw data just before it is processed by a
computer and then changing it back after the processing is completed. This kind of attack was
used in the past to make what is stated in the question, steal small quantities of money and

transfer them to the attackers account. See “Data deddling crimes” on the Web.
The most correct answer is ‘Salami’, but since that is not an option the most correct answer is data
“A salami attack is committing several small crimes with the hope that the overall larger crime will
go unnoticed. ….An example would be if an employee altered a banking software program to
subtract 5 cents from each of the bank’s customers’ accounts once a month and moved this
amount to the employee’s bank account. If this happened to all of the bank’s 50,000 customer
accounts, the intruder could make up to $ 30,000 a year.
Data diddling refers to the alteration of existing data. Many times this modification happens before
it is entered into an application or as soon as it completes processing and is outputted from an
There was an incident in 1997, in Maryland, where a Taco Bell employee was sentenced to ten
years in jail because he reprogrammed the drive-up window cash register to ring up ever 42.99
order as one penny. He collected the full amount from the customer, put the penny in the till, and
pocketed the other $2.98. He made $3600 before his arrest.”
Pg. 602-603 Shon Harris: All-In-One CISSP Certification Exam Guide