Java Reference
In-Depth Information
Security is the need of the hour for customers all over the world. Customers end up sharing data
and applications or even allowing their partners to connect to their network to carry out their
activities. Because of the highly interconnected state of afairs with their partners, customers real-
ize that information could be disclosed, stolen, modiied, or even deleted by the partner or the
partner's employees. Let us consider a simple scenario. A partner accesses a customer's ile server
to perform some activities and process some data for the customer. If the partner's computer has a
virus or a worm, it infects the server and consequently spreads within the customer's network. his
could potentially result in heavy inancial losses and unauthorized disclosure of information in the
client's systems. he business value motivation for the vendor in this case is a strong information
security practice. If the partner has a clearly established and robust information security practice,
it can be showcased to the prospective client or customer. Customers would ind that they can
trust the entity with their data owing to the information security practices adopted by the partner.
his results in greater business value for the partner.
2.1.2.3 Financial Impact
Financial impact cannot be overlooked as a motivation for a sound information security practice.
he world is moving toward a dependency on the round-the-clock delivery of goods and services.
Major discrepancies in the delivery of services and goods can have catastrophic efects on an
organization that is in business in today's competitive world. For instance, if an e-commerce site
is breached and customer details and credit card information are stolen and the site is down for a
few hours, the organization sufers a serious inancial impact. Not only has the reputation of the
organization been severely impacted, but the fact that the site is down means that the organiza-
tion is losing out on valuable business opportunities that would have been present if the site had
been up and running. here is a serious efect on the site's revenue. Apart from this, ines would
be levied on the e-commerce merchant by credit card-issuing banks for the breach of credit card
information, not to mention the tirade of angry consumer lawsuits that would be iled by consum-
ers as a result of the data breach. Examining these impacts, one would agree that having a strong
information security practice would have prevented all of these incidents and outcomes in the irst
place. his would mitigate or, in the worst case, minimize the efect of the incident. hus, the
motivation of inancial impact is a powerful one.
2.1.2.4 Legal and Compliance
Recent years have seen the promulgation of several pieces of legislation and industry-driven stan-
dards with which the organizations in that industry space have to compulsorily comply to do
business. For instance, the Sarbanes-Oxley Act is a piece of legislation with which all publicly
listed companies in the United States have to comply. Noncompliance with SOX would result in
ines as well as civil and even criminal implications for a company's senior oicers and executives.
SOX was created in the wake of the Enron and WorldCom scams. On the compliance front, PCI
is an initiative by the Payment Card Industry where any entity that stores, processes, or trans-
mits cardholder information has to get compliant with the PCI-DSS. PCI applies to merchants,
banks, and services providers like credit card processors and other service providers with whom
cardholder data is shared. PCI also gained traction because of the CardSystems breach and the
TJ Maxx breach, which woke the Payment Card Industry from its slumber. Although PCI is not
a piece of legislation, it is driven by the payment brands like Visa, MasterCard, JCB, American
Express, and Discover, where they impose ines and other constraints like increased transaction
Search WWH ::
Custom Search