Q: There is an exaggerated reaction by business in general on the need for information security to minimise fraud, bribery and corruption. These days, with virus, adware and malware protection, along with other information and security software, passwords and user IDs, the need for addressing security in 2016 has been minimised.
I disagree with the statement because information technology continues to evolve rapidly. Looking through the lens of the COBIT 5 framework, it is important to continually update and maintain IT security to an acceptable level (COBIT 5, 2007). Hardly a day goes by without news of a new exploit or data theft somewhere around the world. As an enabler of fraud, bribery and corruption, new technology provides criminals with a rich opportunity to constantly revise and modify behaviour to bypass increased security. The idea of ‘set and forget’ security as a means of protection is a myth as such security measures quickly become obsolete (Tibken, 2012).
I disagree with the statement because information technology continues to evolve rapidly. Looking through the lens of the COBIT 5 framework, it is important to continually update and maintain IT security to an acceptable level (COBIT 5, 2007). Hardly a day goes by without news of a new exploit or data theft somewhere around the world. As an enabler of fraud, bribery and corruption, new technology provides criminals with a rich opportunity to constantly revise and modify behaviour to bypass increased security. The idea of ‘set and forget’ security as a means of protection is a myth as such security measures quickly become obsolete (Tibken, 2012).
I understand how one could rely too much on computer software to protect
them, especially if one does not consider the data held to be of much value or
when there have been no attempts or instances of fraud or corruption detected
by the business.
Reflecting on my own experience, I have relied on software to detect
every virus and malicious software. I was playing a computer game online and
after downloading ‘maintenance patches’, I later found one of them consisted of
an embedded key logger. Thankfully it was a segregated computer only used for
gaming. Now as I consider my own online activity, I realise the value
that my personal information assets hold for other people. Working in a
Doctors Surgery, I can only imagine the value of our patients health records,
should they be stolen or unlawfully accessed.
I think that in a business environment, it is vital to make sure correct
Information security policies are both in place, and constantly revised and
updated, in order to minimise these risks. Working with information technology
is inevitable in the current day and age. I am now more aware of the
value of COBIT 5 enablers as a control measure to assist in minimising business
risk.
References
COBIT 5 Executive Summary and
Framework. IT Governance Institute (2007). (pp5-28, 29-32)
Tibken, S. (2012, Apr 02).
Leadership: Information technology (A special report) --- the enemy within: For
the IT staff, the biggest security risk is...the IT staff.Wall Street Journal Retrieved from
http://gateway.library.qut.edu.au/login?url=http://search.proquest.com/docview/963476250?accountid=13380
Additional links and relevant information on why security cannot be minimised and why we must be aware of cyber criminals:
http://www.kpmg.com/us/en/issuesandinsights/articlespublications/press-releases/pages/81-of-healthcare-organizations-have-been-compromised-by-cyber-attacks-in-past-2-years-kpmg-survey.aspx
https://www.kpmg.com/Global/en/IssuesAndInsights/.../cyber-crime.pdf
Additional links and relevant information on why security cannot be minimised and why we must be aware of cyber criminals:
http://www.kpmg.com/us/en/issuesandinsights/articlespublications/press-releases/pages/81-of-healthcare-organizations-have-been-compromised-by-cyber-attacks-in-past-2-years-kpmg-survey.aspx
https://www.kpmg.com/Global/en/IssuesAndInsights/.../cyber-crime.pdf
