Journal of Accounting and Management Information Systems (JAMIS)


USING CONTROL FRAMEWORKS TO MAP RISKS IN WEB 2.0 APPLICATIONS

Vol. 10, Nr. 4/2011 ,   p495..515

Author(s):  
Riaan J. RUDMAN


Keywords:   Web 2.0, Security risks, Control framework, Control Objectives for Information and related Technology (CobiT), Trust Service Principles and Criteria

Abstract:  

Web 2.0 applications are continuously movinginto the corporate mainstream. Each new development brings its own threats ornew ways to deliver old attacks. The objective of this study is to develop aframework to identify the security issues an organisation is exposed to throughWeb 2.0 applications, with specific focus on unauthorised access. An extensiveliterature review was performed to obtain an understanding of the technologiesdriving Web 2.0 applications. Thereafter, the technologies were mapped againstControl Objectives for Information and related Technology and Trust ServicePrinciples and Criteria and associated control objectives relating to securityrisks. These objectives were used to develop a framework which can be used toidentify risks and formulate appropriate internal control measures in anyorganisation using Web 2.0 applications. Every organisation, technology andapplication is unique and the safeguards depend on the nature of theorganisation, information at stake, degree of vulnerability and risks. A comprehensivesecurity program should include a multi-layer approach comprising of a controlframework, combined with a control model considering the control processes inorder to identify the appropriate control techniques.



Download:   http://online-cig.ase.ro/jcig/art/10_4_4.pdf

Back