In order to keep up with the trend and satisfy the Internet users, it is crucial for the online businesses to adapt to new technologies and offer the right services (shop, bank online, etc.) to their customers.
To anticipate customer needs, the online businesses use customer behaviour analysis and process customer data. Even if companies handle customer information (e.g. PII is considered highly confidential and must be protected accordingly) to anticipate and meet customers’ expectations, the management often struggles finding the right approach in making informed decisions when talking about information security of such data. This can threaten the sustainability of the business and put its customers at major risks (e.g. identity theft), risks that decision makers of companies do not see, or do not understand, the results being they do not invest properly to secure the data they handle.
This paper gives a parallel overview between:
a)    the management priorities of an online business that handles customer data and
b)    the implicit information technology and security threats that those priorities generate.
Once we have a view around point a) and point b), the paper will also show potential ways of finding a right balance between business needs, regulatory requirements and security of customer data so that the business can take risks to achieve their goals in an informed manner, using a customised risk assessment methodology, based on COBIT5 framework, industry leading standards and potential internal customised processes.

customer data; information technology and security; sustainability, management

Betfair LTD (2014). Risk Taxonomy. London, UK.

Betfair LTD (2014). Security Engagement Form. London, UK.

COBIT (n.d.). COBIT Framework Usage. In COBIT.

COBIT Online (2014). COBITONLINE. Retrieved from https://cobitonline.isaca.org/l3-main?book=risk#risk-preface01-section03

ENISA (February 2007). Information Package for SMEs, with examples of Risk Assessment/Risk Management for two SMEs. Technical Department of ENISA.

ISACA (2011). Creating a Culture of Security. ISACA.ORG.

ISACA (2013). Responding to Targeted Cyberattacks. USA: ISACA.

ISACA (2013). Transforming Cyber Security. ISACA.ORG.

ISO27005 (n.d.). Information Security Risk Management.

Kouns, J. and Minoli, D. (2010). Information Technology Risk Management in Enterprise Environments. New Jersey.

Gottlieb J., Willmott, P. (2014, June). McKinsey’s. Retrieved from http://www.mckinsey.com/insights/business_technology/The_digital_tipping_point_McKinsey_Global_Survey_results?cid=other-eml-nsl-mip-mck-oth-1407

Kendler, P. B. (2013). Retail IT Security Challenges.

Harden, L. and Heyman, B. (2009). Digital Engagement – Internet Marketing That Captures Customers and Builds Intense Brand Loyalty. American Management Association.

Maughan, D. (2014). DHS S&T Cyber Security R&D Programs.

PWC (September 2013). Key findings from The Global State of Information Security Survey 2014.

The Business Index (2014). www.thebusinessindex.com. Retrieved from http://www.thebusinessindex.com/categories/business-directory.aspx