The top five security threats in terms of costs per attack to an organization are financial fraud $21 million, viruses $8.3 million, theft of customer/employee data $7.8 million, system penetrations $6.8 million, and laptop/mobile device thefts $3.8 million, according to CSI (Richardson, 2007).
Couple these kinds of attacks with generous press coverage, and the results can be significantly damaging to an organizations reputation, brand, investors, and customers.
Turban, Lee, King, McKay and Marshall recommend a sensible approach/model called enterprise-wide security which is based on four pillars: Senior management commitment and support, Security policies and training, Security procedures and enforcement, and Hardware/Software Security tools (2008).
Senior manager commitment and support ensures that security programs are established and maintained. Security policies and training provide guidance on acceptable use of computing assets, access control, enforcement, roles and responsibilities.
Security procedures and enforcement focus on the evaluation of the assets at risk and the costs/value to the organization, customers, and criminals. The hardware/software security tools are implemented to support and enforce the policies and procedures that were put in place (Turban et al. 2008).
The enterprise-wide approach focuses on managing prioritized security risks versus addressing all security risks which can stretch scare resources.
References
Richardson, R. (2007). 2007 CSI Computer crime and security survey. Retrieved November 25, 2007 from http://i.cmpnet.com/v2.gocsi.com/pdf/CSISurvey2007.pdf
Turban, E., Lee, J., King, D., McKay, J. & Marshall, P. (2008). Electronic Commerce 2008. Upper Saddle River, NJ: Pearson Prentice Hall.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment