The CPA Journal

Aligning Information Security Imperatives with Business Needs

By Oscar Kolodzinski

Unprotected information and breachable computer networks can seriously compromise a business’s future, through the loss of classified or customer critical information, exposure of trade secrets, unacceptable business interruption, or lawsuits stemming from security breaches. Information and computer network security involves more than technology. Most companies spend more money and man-hours than necessary on cutting-edge technology. Inaccurate analysis of the company’s needs can result in greater risk of information loss and higher frequency of security breaches.

Companies must consider the following potential scenarios:

The overarching goal is to develop a scalable corporate security structure that is responsive to short- and long-term needs as well as shifts in technology. A basic tenet of such business-

driven computer network security planning is that senior management and its risk management function lead the charge on linking business strategies to computer network security and identifying where information is at risk.

By knowing future needs, security planners can anticipate requirements for information protection with a view to making them able to expand or contract according to strategic actions that the company takes in pursuit of its targets and goals. Similarly, the planning process will be responsive to shifts in technology; needs will be known in advance and systems put in place that allow for technology upgrades or add-ons.

Oscar Kolodzinski most recently served as CFO for the international e-security consulting firm NextGen Internet. He is a CPA in Argentina and can be reached at oskolo@att.net.

Editor’s note: Some readers may think that e-security warnings are unnecessarily alarmist and exaggerated. But the Computer Security Institute’s “2002 Computer Crime and Security Survey” reports that 90% of respondents detected computer security breaches within the last 12 months; 80% suffered financial losses due to computer breaches. The most serious financial losses occurred through financial fraud and theft of proprietary information. The complete survey is available at www.gocsi.com.

This Month | About Us | Archives | Advertise| NYSSCPA

The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.