Risk Management

2 Pages 522 Words

Today’s Internet economy has forever changed the way the world conducts business. At no other time in history has technology opened the doors to new markets at a faster pace. While e-Commerce presents tremendous opportunities, it also introduces an enormous amount of risk. After all, the same technology that connects companies to the global marketplace also makes their systems vulnerable to attack.
As organizations leverage computer networks and the Internet to scale
their businesses and be more competitive, directors and managers must understand the new risks introduced and the responsibilities assumed by opening their critical business systems and data to a public network. Regulations, guidelines, and standards are emerging to help companies define and implement appropriate security and privacy practices. However, without a reliable mechanism for frequently assessing and improving compliance with these standards, there is no prudent way to strike the appropriate balance between the risks assumed and the additional opportunity realized through e-Business initiatives.
Security can only be evaluated by better understanding the tools and processes that dynamically interact to protect the computing environment. This interaction should occur in a way that is appropriate for the sensitivity of the environment’s data or the function it provides. Preventive controls stop inappropriate activity before it occurs. Detective controls track security events after they occur and provide information for investigations when an incident is noticed or data is missing or corrupted. Assessment controls identify weaknesses in the environment by evaluating system configurations, security settings, access control lists, and other security elements of a particular system or layer. Corrective controls are measures that strengthen a computer resource or environment. Enhancement controls are structures and frameworks that are put into place to assist in m...