|
Topics:
|
|
|---|---|
Words: |
1022 |
Pages:
|
2
This essay sample was donated by a student to help the academic community. Papers provided by EduBirdie writers usually outdo students' samples.
|
Cite this essay
Download
To remain competitive in today’s business world and continue to grow evolve and innovate at the same time, corporations all over the globe are resorting to digital transformation. Although new-generation successful companies like Google, Amazon, Netflix, etc. are leaders in this space, they have also, in a way disrupted the market and made all other legacy companies follow the same path. Digital transformation is the process of using digital technologies to create new or modify existing business processes, culture, and customer experiences to meet changing business and market requirements. This reimagining of business in the digital age is digital transformation. Technologies like SMAC (Social, Mobility, Analytics, and Cloud) are being adopted by most companies irrespective of size and scale to digitally transform their business and make this a business differentiator.
There is widespread recognition among leaders in most industries that the role of digital technology is rapidly shifting, from being a driver of marginal efficiency to an enabler of fundamental innovation and disruption. Digitization is the cause of large-scale and sweeping transformations across multiple aspects of business, providing unparalleled opportunities for value creation and capture, while also representing a major source of risk. Business Leaders across all sectors are grappling with the strategic implications of these transformations for their organizations, industry ecosystems, and society. The economic and societal implications of digitalization are contested and raising serious questions about the wider impact of digital transformation (WEF-2016).
The rapid expansion of the data economy is raising important questions about Data Privacy and Security. Business models created entirely around the value of individuals’ data are arguably one of the most important features of the digital revolution. The size and importance of this personal data economy are neatly illustrated by Facebook’s user base (1.5 billion people worldwide), and current value (around $245 billion). While business models built around user’s data are not in themselves problematic per se, there are growing concerns about the security and governance around these data. Over and above this, Cybercrime is also an increasing threat that costs the global economy $575 billion (McAfee, 2014). Cyber Security Risk is now very prominent and is recognized by all the stakeholders from Individuals to corporations to Governments and Global multilateral organizations. World Economic Forum in their Global Risk Report (2019) has flagged Cyber Security Risk as one of the top 5 Global risks.
A few landmark corporate accounting scandals like Enron, WorldCom, Global Crossing, Tyco, and Arthur Andersen, which resulted in billions of dollars in corporate and investor losses, made the way for Information security as an integral part of corporate governance. The Sarbanes-Oxley Act (SOX) of 2002 was enacted and Section 404 of the act states that a corporation must assess the effectiveness of its internal controls and report this assessment annually to the SEC. While the topic of information security is not specifically discussed within the text of the act, the reality is that the current financial reporting systems are heavily dependent on technology and associated controls. Any review of internal controls would not be complete without addressing controls around information security. From the year 2000 onwards, Governments and Regulators all over the world enacted laws and regulations to enforce strict discipline on Information security and Privacy. “Personal data is the new oil of the Internet and the new currency of the Digital world (Kuneva,2009) was gradually felt by all the stakeholders of the world and the famous GDPR (General Data Protection Regulation) of the European Union came into existence in May 2018. In the sequel to this Govt of India too drafted a new Data protection law, which is yet to be enacted by the parliament. Somehow or other these laws and regulations drove stricter Cyber Security discipline and governance across the world.
As per the recent studies by Gartner (2019), Overall spending on cybersecurity increased 10.5% in 2019, with cloud security projected to grow 41.2% over the next five years. The main driver for this increase in spending is the expanding need to be compliant with various laws and regulations related to Intellectual Property Rights, Data Privacy, and Cyber Security. With this increase in spending, it is obvious that the discussion on the ROI (Return on Investment), Cyber Security Performance, and above all the governance around Cyber Security also increased among all the stakeholders including the Research Community.
ISACA (Information Technology Governance Institute (ITGI)) has defined Information Security governance as a subset of enterprise governance that provides strategic direction, ensures that objectives are achieved, manages risks appropriately, uses organizational resources responsibly, and monitors the success or failure of the enterprise security program (Brotby, 2006). If an organization’s management—including Boards of Directors, senior executives, and all managers—does not establish and reinforce the business need for effective enterprise security, the organization’s desired state of security will not be articulated, achieved, or sustained. This desired state of security is very dynamic as it has to be commensurate with the business objective, technology penetration, associated threats, and risk appetite. Thus, there is a need for a generic set of guidelines for Information security which should serve as a reference point for management metrics. These guidelines should serve as a Continuous Improvement program (CIP) for the organizations to measure their Information Security posture on an ongoing basis. Essentially these CIPs are Maturity models, which need to be very comprehensive, considering all digital technology and processes, and need to be empirically validated. Although various Maturity Models on Cyber Security were found in our literature study, very few have followed this end-to-end perspective and have been empirically validated.
While Maturity Models are very important, equally important is to determine how the levels of maturity, benefit the business, which is very relevant from the overall governance perspective. Maturity Models or CIPs generally represent the efficiency metrics of the Information Security organization, but, what matters is the external effectiveness, which means how these efficiency parameters impact the business parameters like Customer acquisitions, Profit, etc. Not much research in this area was found in the Research literature.
Get your paper done in as fast as 3 hours, 24/7.
Fair Use Policy
EduBirdie considers academic integrity to be the essential part of the learning process and does not support any violation of the academic standards. Should you have any questions regarding our Fair Use Policy or become aware of any violations, please do not hesitate to contact us via support@edubirdie.com.
Stuck on your essay?
