Finding the Right Balance Between Business and Information Security Priorities in Online Companies
Abstract
To anticipate customer needs, the online businesses use customer behaviour analysis and process customer data. Even if companies handle customer information (e.g. PII is considered highly confidential and must be protected accordingly) to anticipate and meet customers’ expectations, the management often struggles finding the right approach in making informed decisions when talking about information security of such data. This can threaten the sustainability of the business and put its customers at major risks (e.g. identity theft), risks that decision makers of companies do not see, or do not understand, the results being they do not invest properly to secure the data they handle.
This paper gives a parallel overview between:
a) the management priorities of an online business that handles customer data and
b) the implicit information technology and security threats that those priorities generate.
Once we have a view around point a) and point b), the paper will also show potential ways of finding a right balance between business needs, regulatory requirements and security of customer data so that the business can take risks to achieve their goals in an informed manner, using a customised risk assessment methodology, based on COBIT5 framework, industry leading standards and potential internal customised processes.
Keywords
Full Text:
PDFReferences
Betfair LTD (2014). Risk Taxonomy. London, UK.
Betfair LTD (2014). Security Engagement Form. London, UK.
COBIT (n.d.). COBIT Framework Usage. In COBIT.
COBIT Online (2014). COBITONLINE. Retrieved from https://cobitonline.isaca.org/l3-main?book=risk#risk-preface01-section03
ENISA (February 2007). Information Package for SMEs, with examples of Risk Assessment/Risk Management for two SMEs. Technical Department of ENISA.
ISACA (2011). Creating a Culture of Security. ISACA.ORG.
ISACA (2013). Responding to Targeted Cyberattacks. USA: ISACA.
ISACA (2013). Transforming Cyber Security. ISACA.ORG.
ISO27005 (n.d.). Information Security Risk Management.
Kouns, J. and Minoli, D. (2010). Information Technology Risk Management in Enterprise Environments. New Jersey.
Gottlieb J., Willmott, P. (2014, June). McKinsey’s. Retrieved from http://www.mckinsey.com/insights/business_technology/The_digital_tipping_point_McKinsey_Global_Survey_results?cid=other-eml-nsl-mip-mck-oth-1407
Kendler, P. B. (2013). Retail IT Security Challenges.
Harden, L. and Heyman, B. (2009). Digital Engagement – Internet Marketing That Captures Customers and Builds Intense Brand Loyalty. American Management Association.
Maughan, D. (2014). DHS S&T Cyber Security R&D Programs.
PWC (September 2013). Key findings from The Global State of Information Security Survey 2014.
The Business Index (2014). www.thebusinessindex.com. Retrieved from http://www.thebusinessindex.com/categories/business-directory.aspx
DOI: http://dx.doi.org/10.17951/ijsr.2015.4.2.29
Date of publication: 2016-05-25 10:49:53
Date of submission: 2016-05-25 10:23:05
Statistics
Indicators
Refbacks
- There are currently no refbacks.
Copyright (c) 2016 Vasile Dorca
This work is licensed under a Creative Commons Attribution 4.0 International License.