Electronic Data Explained
Electronic data is an organizational feedstock that can be used to achieve objectives and build competitive advantage. As such, electronic data is an organizational asset and should be managed as an asset. Despite the existence of governance, risk management and compliance (GRC) best practices for the management of electronic data assets, the frequency of reported data breaches since 2005 continues to increase.
Given that computer threats may cause widespread disruption to enterprise stability, computer security has evolved from a back office discussion to a recurring topic of interest at the highest levels of senior management. To effectively mitigate modern computer threats it is necessary to understand the collective vulnerabilities that increase computer security risk from an enterprise perspective, and address computer security comprehensively, as opposed to managing computer security as a series of discrete computer vulnerabilities. Developing such an approach is critical to ensure the achievement of enterprise objectives and to maintain enterprise sustainability.
Although it remains possible for organizations to manage their affairs without the use of modern technology, few managers choose to do so. Given the ready availability of information technology (IT) that enables data collection, data management, and data sharing at low cost, high speed, and reduced human error, modern organizations leverage IT to remain competitive within the industry in which they compete. As suggested by Porter's Five Forces model, the availability of commercial-off-the-shelf (COTS) IT permits the smallest organization to achieve IT economies of scale that enable rivalry against larger competitors. Also, the phenomenon of low cost, readily available IT has lowered the barrier of entry across many industries, as COTS IT empowers organizations of all types with the ability to compete more aggressively on a more equal footing to achieve enterprise objectives.
While the skillful implementation of IT aligned with organizational requirements enables the achievement of enterprise objectives, the ease with which IT can be implemented is not without liability. In fact, the ease with which IT can be deployed can be viewed as a modern day version of the sirens' song, in that implementation of IT includes acceptance of risk that may or may not be immediately visible to the adopting organization. Some of this risk is manifested in the form of data breaches and the leakage of sensitive information, while an increased likelihood of risk impacting other vulnerabilities is incurred if due care and due diligence are not taken into consideration.
Managerial failure to understand the vulnerabilities associated with IT can lead to organizational ineffectiveness, in that failure to manage IT risk decreases an organization's ability to achieve enterprise objectives and maintain enterprise sustainability. In regard to managing the vulnerabilities that enable IT risk, the technology known as the Internet of Things (IoT) has been identified by the National Intelligence Council as one of six disruptive technologies with the power to spread IT risk far more widely than the Internet has to date. Given the need for effective and uninterrupted IT to achieve enterprise objectives and to maintain enterprise sustainability, the strategic focus of IT has shifted from maximizing IT competitive advantage to minimizing IT vulnerabilities. Thus, the study of comprehensive computer security from an enterprise perspective represents a current challenge of significant interest to the manager of any organization that relies on IT as a strategic organizational component.
It is with this thought that the University of Findlay's Information Assurance (IA) Emphasis program builds upon a computer science curriculum to help each student develop a sound understanding of electronic data.