Finding the Right Balance Between Business and Information Security Priorities in Online Companies

Vasile Dorca


In order to keep up with the trend and satisfy the Internet users, it is crucial for the online businesses to adapt to new technologies and offer the right services (shop, bank online, etc.) to their customers.
To anticipate customer needs, the online businesses use customer behaviour analysis and process customer data. Even if companies handle customer information (e.g. PII is considered highly confidential and must be protected accordingly) to anticipate and meet customers’ expectations, the management often struggles finding the right approach in making informed decisions when talking about information security of such data. This can threaten the sustainability of the business and put its customers at major risks (e.g. identity theft), risks that decision makers of companies do not see, or do not understand, the results being they do not invest properly to secure the data they handle.
This paper gives a parallel overview between:
a)    the management priorities of an online business that handles customer data and
b)    the implicit information technology and security threats that those priorities generate.
Once we have a view around point a) and point b), the paper will also show potential ways of finding a right balance between business needs, regulatory requirements and security of customer data so that the business can take risks to achieve their goals in an informed manner, using a customised risk assessment methodology, based on COBIT5 framework, industry leading standards and potential internal customised processes.


customer data; information technology and security; sustainability, management

Full Text:



Betfair LTD (2014). Risk Taxonomy. London, UK.

Betfair LTD (2014). Security Engagement Form. London, UK.

COBIT (n.d.). COBIT Framework Usage. In COBIT.

COBIT Online (2014). COBITONLINE. Retrieved from

ENISA (February 2007). Information Package for SMEs, with examples of Risk Assessment/Risk Management for two SMEs. Technical Department of ENISA.

ISACA (2011). Creating a Culture of Security. ISACA.ORG.

ISACA (2013). Responding to Targeted Cyberattacks. USA: ISACA.

ISACA (2013). Transforming Cyber Security. ISACA.ORG.

ISO27005 (n.d.). Information Security Risk Management.

Kouns, J. and Minoli, D. (2010). Information Technology Risk Management in Enterprise Environments. New Jersey.

Gottlieb J., Willmott, P. (2014, June). McKinsey’s. Retrieved from

Kendler, P. B. (2013). Retail IT Security Challenges.

Harden, L. and Heyman, B. (2009). Digital Engagement – Internet Marketing That Captures Customers and Builds Intense Brand Loyalty. American Management Association.

Maughan, D. (2014). DHS S&T Cyber Security R&D Programs.

PWC (September 2013). Key findings from The Global State of Information Security Survey 2014.

The Business Index (2014). Retrieved from

Data publikacji: 2016-05-25 10:49:53
Data złożenia artykułu: 2016-05-25 10:23:05


Total abstract view - 603
Downloads (from 2020-06-17) - PDF - 0



  • There are currently no refbacks.

Copyright (c) 2016 Vasile Dorca

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.