“There is an exaggerated reaction by business in general on the need for information security to minimise fraud, bribery, and corruption. These days, with virus, adware, and malware protection, along with other information and security software, passwords, and user IDs, the need for addressing security in 2016 has been minimised.”
Do you agree or disagree with this statement?
I’ve previously worked at Ernst & Young (EY), and I was initially surprised at the level to which they secure their data. However, I know understand that a breach in information security and a loss of confidential information could be potentially catastrophic for EY, as it would likely result in financial and operational damages, as well as damages to customer and employee relations (and in severe cases, could even endanger EY’s survival) (ISACA, 2012).
In my opinion, the above measures will protect an individual’s information, but do not create enough security for business information. Information is vital to businesses, and therefore requires the highest level of protection available (Holley, A., 2015). Having deficient information security measures leaves a firm vulnerable to fraud (e.g. with lack of controls on employee details, a perpetrator could easily create ghost employees) (Wasserman, E., 2010).
COBIT 5 has created an Information Security system which brings a number of information security related capabilities to enterprises (ISACA, 2012); this system is depicted in Figure 1 below. This framework would be extremely beneficial to all organisations, and would more effectively secure business information; the need for addressing security in 2016 has not yet been minimised, but I believe that COBIT 5 will help with this.
Figure 1 – COBIT 5: Information Security (ISACA, 2012) (See Appendix for Enlarged Versions)
Resources
Ghost Employee Frauds. (2016). Association of Certified Fraud Examiners – ACFE. Retrieved April 22, 2016, from https://brisbaneacfe.org/library/occupational-fraud/ghost-employees-frauds-payroll-frauds/
Holley, A. (2015). 7 Reasons why Business Intelligence is Vital to Business Success. Maximiser. Retrieved April 15, 2016, from http://www.maximizer.com/blog/7-reasons-why-business-intelligence-is-vital-to-business-success/
ISACA. (2012). COBIT 5: For Information Security. Retrieved April 21, 2016, from https://blackboard.qut.edu.au/bbcswebdav/pid-6248720-dt-content-rid-5765860_1/courses/AYB115_16se1/COBIT-5-for-Information-Security-Introduction.pdf
Wasserman, E. (2010). How to Protect Your Business Against Fraud. Inc.. Retrieved April 19, 2016, from http://www.inc.com/guides/protect-against-fraud.html
Appendix
Figure 2 - Enlarged COBIT 5 - #1
Figure 3 - Enlarged COBIT 5 - #2
No comments:
Post a Comment