Many
businesses fail to recognise fraud, bribery and corruption as a serious threat
to the viability of the business mainly due to readily available security
software. Trust is placed in virus
protection, security software and the like; however the necessity for
information security is essentially ignored.
Information
security ensures that information is protected against disclosure to
unauthroised users, improper modification and non-access when required (ISACA,
2012, p. 14). At my current place of
employment, a mid-tier accounting firm, access is restricted to client files
which relate to a directors entity. This
practice is to manage the risk of internal misappropriation of information.
Essentially,
information security encompasses the protection against both internal and
external fraud, corruption and bribery risks.
The number of respondents to the Computer Crime & Security Survey
who reported a breach of security decreased from 90 per cent in 2003 to 45.6
per cent in 2011 (Silic & Back, 2014, p. 279). Although this demonstrates businesses
actively sought to target the risk of security breaches, technology is ever
changing. It is within the best interest
of businesses to constantly evolve their information security in order to manage
the risk of fraud, bribery and corruption.
References
ISACA
(2012). Cobit 5 for Information Security.
Retrieved from http://www.isaca.org/COBIT/Documents/COBIT-5-for-Information-Security-Introduction.pdf
Silic,
M., & Back, A. Information security: Critical
review and future directions for research. Information
Management & Computer Security, 22(3), 279 – 308,
DOI: 10.1108/IMCS-05-2013-0041
No comments:
Post a Comment