Using Control Frameworks to Map Risks in Web 2.0 Applications
Web 2.0 applications are continuously moving into the corporate mainstream. Each new development brings its own threats or new ways to deliver old attacks. The objective of this study is to develop a framework to identify the security issues an organisation is exposed to through Web 2.0 applications, with specific focus on unauthorised access. An extensive literature review was performed to obtain an understanding of the technologies driving Web 2.0 applications. Thereafter, the technologies were mapped against Control Objectives for Information and related Technology and Trust Service Principles and Criteria and associated control objectives relating to security risks. These objectives were used to develop a framework which can be used to identify risks and formulate appropriate internal control measures in any organisation using Web 2.0 applications. Every organisation, technology and application is unique and the safeguards depend on the nature of the organisation, information at stake, degree of vulnerability and risks. A comprehensive security program should include a multi-layer approach comprising of a control framework, combined with a control model considering the control processes in order to identify the appropriate control techniques.
Year of publication: |
2011
|
---|---|
Authors: | RUDMAN, Riaan J. |
Published in: |
Journal of Accounting and Management Information Systems. - Faculty of Accounting and Management Information Systems, The Bucharest University of Economic Studies, ISSN 1583-4387. - Vol. 10.2011, 4, p. 495-515
|
Publisher: |
Faculty of Accounting and Management Information Systems, The Bucharest University of Economic Studies |
Subject: | Web 2.0 | Security risks | Control framework | Control Objectives for Information and related Technology (CobiT) | Trust Service Principles and Criteria |
Saved in:
freely available
Saved in favorites
Similar items by subject
-
FRAUD, CORRUPTION IN THE PRIVATE SECTOR AND INTERNAL CONTROL QUALITY
IONESCU, LuminiĊ£a, (2011)
-
EFFICACY OF INTERNAL CONTROL AND CONTROLLING BUSINESS RISKS
IONESCU, LuminiĊ£a, (2010)
-
Mesurer la performance des chercheurs, au risque de la bureaucratie
Berland, Nicolas, (2012)
- More ...
Similar items by person