There are a number of ways in which information can be manipulated, e.g. by collecting data
incorrectly or in an intentionally false manner, modifying the contents of database fields or
business correspondence. In principle, it is not only possible to manipulate digital
information, but also documents in paper form, for example. However, perpetrators can only
manipulate the information to which they have access. The more access rights a person has to
the files and directories of the IT systems and the more ways this person has to access
information, the more serious the manipulations they will be able to make. If such
manipulations are not detected in time, then the smooth operation of business processes and
specialised tasks may be seriously disrupted.
The sensitive information in archived documents usually requires protection. Manipulation of
such documents is especially serious because the manipulation can go unnoticed for years, and
even when discovered, it may no longer be possible to properly investigate the incident.
Example:
• An employee in accounting became so angry over the promotion of the co-worker with
whom she shared an office that she gained access to her co-worker’s computer while
she stepped out of the office for a short time. She seriously affected the company’s
published annual operating results just by changing some numbers in the monthly
balance sheet.