Risks to Information Confidentiality

933 WordsFeb 4, 20184 Pages
Risk1 – Risks to information confidentiality. Risks to information confidentiality also refer to information security. As the whole developers’ team has constant and easy access to the information of the entire project, providing a total security become difficulty. Oleg I. (2005) illustrates an example: A developer sends some core files with the source code to his own mailbox on the Yahoo server in order to work at home. This kind of security breach is likely to ruin the contract. Controls and Reasons To minimize these risks, the executive team and CIO in Finance Co. have to think about increasing the frequency of visiting their suppliers. Additionally, for those parties managing highly confidential information such as end-user computing and wealth platform, CIO should often conduct visits in terms of their information protection controls and security. Finance Co. can also require their suppliers to provide SAS 70 reports to improve their risks management. SAS 70 is an auditing standard designed to evaluate and issue an opinion on a service organization’s controls, especially in information security and protection. By receiving these reports periodically, Finance Co. has an opportunity to monitor the confidentiality of data and feedback to the third parties to improve security. Risk2 – Increased complexity of management As Finance Co. is shifting to a largely outsourced IT company a strong IT management is quite important. Outsourcing IT is originally used to decrease the
Open Document