<< Chapter < Page Chapter >> Page >

If you have a website, you will need to be sure that it is adequately protected from both internal and external threats. We discuss Internet risks in the next section.

Internet risks

Companies considering a web site or Internet-based services need to be aware of the various risks and regulations that may apply to these services. Over the past few decades, the Internet has become critical to businesses, both as a tool for communicating with other businesses and employees as well as a means for reaching customers. Each day of the week and every month, there are new internet threats. These threats range from attacks on networks to the simple passing of offensive materials sent or received via the internet. The risks and particular regulations that apply may vary depending on the types of services offered. For example, Institutions offering informational websites need to be aware of the various consumer compliance regulations that may apply to the products and services advertised online. Information needs to be accurate and complete to avoid potential liability. Security of the website is also an important consideration. Companies and some individuals traditionally have relied on physical security such as locks and safes to protect their vital business information now face a more insidious virtual threat from cyber-criminals who use the Internet to carry out their attacks without ever setting foot in an establishment or someone’s home. More often than not, these crimes are conducted from outside the United States. Security measures should protect the site from defacement and malicious code.

It is clear that no single risk management strategy can completely eliminate the risks associated with Internet use and access. There is no one special technology that can make an enterprise completely secure. No matter how much money companies spend on cyber-security, they may not be able to prevent disruptions caused by organized attackers. Some businesses whose products or services directly or indirectly impact the economy or the health, welfare or safety of the public have begun to use cyber risk insurance programs as a means of transferring risk and providing for business continuity.

Summary of is risk management

Managing IS Risk is a daily decision making process aimed at reducing the amount of losses and threats to a company. It is a pro-active approach to reducing ones exposure to data/information loss and ensuring the integrity of the applications used day-to-day. An IS security plan should include at minimum a description of the various security processes for specified applications, procedural and technical requirements, and the organizational structure to support the security processes. A risk assessment should be performed first. Identifying risks provides guidance on where to focus the security requirements. Security requirements and controls should reflect the business value of the information assets involved and the consequence from failure of security. Security mechanisms should be ‘cost beneficial’, i.e., not exceed the costs of risk. It should also include what is expectable for risk within the overall IS security plan

Get Jobilize Job Search Mobile App in your pocket Now!

Get it on Google Play Download on the App Store Now




Source:  OpenStax, Business fundamentals. OpenStax CNX. Oct 08, 2010 Download for free at http://cnx.org/content/col11227/1.4
Google Play and the Google Play logo are trademarks of Google Inc.

Notification Switch

Would you like to follow the 'Business fundamentals' conversation and receive update notifications?

Ask