The state of IT security from a confidentiality-focused perspective and the role of IT risk management

Abstract

Information security is important for corporations. Decisions regarding security involve uncertainties, complexities related to various scientific and technological disciplines, and adverse impacts on business prosperity and goals. Risk management methodologies are widely accepted and used to increase the efficiency and effectiveness of information security, according to the priorities and limited resources of each firm. The common belief is that risk management offers a framework which summarizes scientific judgment and can be used to support decisions regarding the security of information. Still, every year and even on a daily bases, enterprises worldwide are reporting lost or stolen data and also suffer the various consequences. Legal penalties, diminishing reputation, lost costumers, financial losses are some of the most referenced examples. As risk management is used in the field of information security, it has been considered not only as a strengthening element but also as an opening. Some scientists and affected parties perceive risk management as narrowly focused, non-scientifically quantitative, overly quantitative, theoretical, and biased. If information security is related with risk management, if information security is violated, if failures of security are the cause of corporate loses, then where risk management has flows? Is it a matter of application or lies to the core of the practices? Is the concept of risk management misunderstood or security is unreachable? Those are some of the questions that were examined. A literature review shows that information security risk management is a scientific field for each own. Regarding security violations the paper shows that, especially regarding confidentiality, incidents occur worldwide. The impact of data breaches cannot be ignored in monetary terms as they lead to losses. Finally, the paper identifies possible sources of information risk management weaknesses. Future work could examine the given answers from different angles, time periods, and sample selection criteria. The importance and criticality of the issue can also lead to a depth analysis of how improvements in risk management will raise the efficiency of information security. Furthermore, other factors that can advance risk management practices can be found. This research focuses on confidentiality, integrity and availability oriented studies can be also held. It’s a field of growing importance, its critical for corporate success and as the value and amount of information increases more research is necessary.