Risk Controls



A sustainable information risk management system is vital to any business’ survival in battling off the growing number of potential threats associated with the dynamically changing IT environment (Saluja & Idris, 2015). It is important for all companies to implement a framework such as COBIT 5 or the ISO 31000* standard in order to effectively respond to risk scenarios. A system like such would have been useful to a former workplace of mine where a manager left his unlocked phone in the back of an UBER. His phone was stolen, and the perpetrator was able to access the companies own Facebook account. Without a password on his phone, the perpetrators were able to tarnish the business’ reputation and caused a lot of negative publicity.

Cobit 5 highlights the firm’s processes, such as controls around strong passwords, as an enabler to achieve a sustainable risk appetite and overall end-to-end approach. It would be necessary for companies to implement a system which will safeguard themselves against physical loss of data, unauthorised individuals accessing private information and from the ugly wrath of cyber hackers (Mentzer & Manuj, 2008). Therefore, businesses should view managing said risks as a fundamental element to sustaining effective daily operations.



* ISO 30000 Standard
·       https://www.iso.org/iso-31000-risk-management.html






Report finds Australia to be lucrative market for cyber criminals: http://www.abc.net.au/news/2016-02-26/cyber-criminals-increasingly-targeting-australia/7203478 


References

Mentzer, J. T. & Manuj, I., 2008. Global Supply Chain Risk Management. Journal of Business Logistics, Volume 29.
Saluja, U. & Idris, D. N., 2015. Statistics bases on Information Security Risk Management Methodology. International Journal of Computer Science and Network Security, 15(10).


Comments

Post a Comment

Popular posts from this blog

The Fraud Triangle lives on

Image
Over the years there have been many comprehensive frameworks that relate to fraud such Differential Association theory and the General Strain theory. Despite the rapidly advancing culture of technology, Cressey’s Fraud Triangle continues to be a pivotal model used in many industries (Allbrecht, 2014). The model explains the three components that lead to fraud, bribery or corruption as pressure, opportunity and rationalisation . An example of these components was seen at my Dad’s old workplace. A few members were feeling mistreated by management and felt they were greatly underpaid for all their hard work and service.  They decided to begin stealing money from the cash registers over a period of time and were later caught and dealt with accordingly. The workers were able to rationalise as they thought they deserved to be paid more for all their hard work. They had the pressure of financial difficulties and the resentment towards management and lastly had the opportunity ...
Read more

Should small-medium entities ignore AS 8001-2008?

Image
Fraud, corruption and bribery control is vital to any business in mitigating risk (THEIIA, 2008).  I disagree with the statement that small-medium entities should ignore such standards like the Australian Standard (AS) 8001-2008. AS 8001-2008 provides a proactive approach for businesses to use in controlling fraud, bribery and corruption. Large business should implement the standard, whilst small-medium business will still benefit greatly from simply choosing relevant parts to assist them in developing their own fraud and risk mitigation program (Standards Australia, 2008). One of my close friend’s old workplace, a local café, fell victim to fraud due to their lack of implementation of a fraud management program. One worker, over the course of several months was able to take large sums of money. This eventually led to the café’s closure and in turn my friend and all her colleagues were out of employment.   Despite being a small entity, this café would have benef...
Read more

Out with the old. In with the new!

Image
Whilst a good cop/bad cop has reaped good results over the years, of late a more humanitarian approach such as Motivation Interviewing or PEACE is proving to be more successful, particularly for first time fraudsters. Choosing the right technique can make a significant impact to investigating fraud. An example of the negatives of the good cop/ bad cop approach was felt when I went for an interview a couple of years ago at a clothing store. The interviewers took a good cop/bad cop approach to the interview and it made me feel very intimidated. In turn, I was unable to answer questions properly and found myself even lying in different parts due to the intimidation. This is similar to when good cop/ bad cop approach in legal interviews leads to a false confession.  If the interviewer had taken a more humanitarian approach by building relationship of trust and understanding, I would have felt more relaxed and would have most likely been able to properly and truthfully answer the ...
Read more