Executive summaryThe study is engineered to find out how the business and corporations are handling the advance technology in business operations. The key factor is the collection of personal data by the firms for the purposes of better provision of services and understanding the market. However in this process the information security and privacy may land in the wrong hands. With such kind of information it exposes the customers to unknown risks at unknown times. The information from the consumer provides good information for basing a decision but the same information if used for other purposes is very harmful.
In this particular case we take a look at the Vodafone Australia where the company exposed consumer database to unauthorised personnel. We review strategies in place from companies like the COBIT and the Trust Services on how such cases can be avoided. Accounting systems and assuranceMost businesses have currently recognised information as an asset just like capital and other forms of assets. Then information is then quite hard to control especially in times of advance technology. The company information can change hands very fast through the internet and other means of communication.
Information can be moved from one point to the next without necessarily involving the movement of individuals making it quite hard to control. The information can also contain many personal details of the customers provided to the service provider to enhance better service delivery. (COBIT Steering Committee & the IT Governance Institute, 2000)However if this information lands in the wrong hands it can be used against the customers for the wrong purposes. With globalisation and technological advancement the control objectives for information and related technology (COBIT) has been formed to help meet the many needs for management.
This is achieved through minimising the business risks involved, control requirement provisions and the technology involved. It is critical that all the involved parties are well informed of their functions to ensure such a program runs smoothly. Another organisation that has been developed is the trust services, the organisation works at trying to help businesses balance between the risks and opportunities that are associated with it. The trust has several criteria for provision of their services; the common ones include the security which control the access of the information whether physical or logical by unauthorised parties.
There is also the privacy criteria which protects the consumer information provided to the business during their transactions or intended to be used for provision of quality services. (COBIT Steering Committee & the IT Governance Institute, 2000)Security criteriaAccording to trust services the information in an organisation should only be accessed by authorised personnel only. This information is usually prone to illegal access when in transit or when in storage.
The companies should limit the access and controlled access. Several factors are to be observed in maintaining good security for the information. The company security policies have certainly to be established and reviewed at regular intervals. The process should be approved a qualified personnel for the interest of the company. (A. I.C. P.A, Inc. & C.I. C.A. , 2006)Most common scenarios involve the documenting all procedures and clearly outlining the access levels of each employee. The officers in charge of security are to present an annual report indicating recommendations to the system. Some recommended security policies by the trust services include; all the authorised users should be well identified and all the security expectations from them be documented.
The authorisation of access should be well monitored. The kind of access allowed whether to the level of altering the information or as read only and who has the authority to permit such permission. By all means possible the unauthorised access should not be allowed. (A. I.C. P.A, Inc. & C.I. C.A. , 2006)Clear procedures on how to add new users, modification of the access levels of the continuing user and the removal of the users who are not using the system anymore should be put in place.
This would ensure smooth transition process when the need arises. Personnel should solely be present to assume accountability and responsibility of the security of the system. This team should also be responsible for any changes and maintenance requirements whenever necessary. The system should at all times be tested, evaluated, authorized before it is implemented. This helps to pre determine the effectiveness the system operates with in respect to the respective company.
Creation of a special unit for dealing with complaints requests regarding security details. This may be from the staff, clients or the stakeholders. Procedures on how to handle any security breaches and all forms of related cases should be put in place. There should be training to the staff to keep them to date with the current operating technologies. The company should also take responsibility and accountability of all the security policies that they have. (A. I.C. P.A, Inc. & C.I. C.A. , 2006)This should be inclusive to the updates and changes made along the operation line.
In many cases the management assigns these duties to the chief information officer, the officer with the supporting staff should oversee effective running of the company. There should be strict restriction to logical access to the data which is in offline storage, the system configuration passwords and functionality should at master levels to prevent access or hacking. The system also advocates for the use of antivirus and firewalls to prevent and control viruses. Information for transmission over the internet and other media should be encrypted to avoid authentification.
The COBIT approaches the security issues in a simple but effective high level control objective. The main goal is to satisfy the business aspect of protecting information from illegal access, being modified, loss, disclosure to wrong individuals or destruction. The following factors enables a company maintain their information securely;