Security for the little guys
By Az Shah
Scenario :
You are the MD of a small company that handles important financial information, for the sake of argument you run a credit collection agency.
Business has been steady for many years but a large Bank has offered you a massive contract to handle 10x the business workload with commission rates you have not dreamed of.
You have been in control of the mandatory financial regulation required by using “trusted” long-term staff who have become in field experts in compliance ; Federal Trade Commission (US), Office of Fair Trading (UK), the audits have been soft touch given the small size of the business. Security has never really been independently addressed.
Given that you decide to ramp up your operation to take advantage of the new business the Bank business comes with ”compliance” strings attached amongst them security is implicit.
You have the following courses of action that you can follow ;
1) Concentrate on winning the business and attempt to play on your existing good name to get soft touch audits, address security issues if they arise.
2) Approach industry experts to put a compliance framework in place including security with a view to winning future business.
3) Put a fast track project in place to get compliance “sorted”
4) Consider the positives of implementing clever compliance and “own” the process, drivers for the outcomes, aim to get the Bank business but avoid making it the singular driver.
After careful consideration you take option 4) and consider the implications of rapid expansion with larger controlled IT systems and decide to implement ISO27001 (EU) or COBIT (US) “Red Flags”. You identify a gap in the market where execution of compliance dictates whether a company wins or loses business. You decide you are a winner !
Next Article will focus on project planning.
Articulos Relacionados
Leave your response!