Information Security Management as a Business Strategy and Its Financial Impact

Information Security Management as a Business Strategy and Its Financial Impact

Israel E. Mendoza (Universidad del Valle de Guatemala, Guatemala & Superintendencia de Bancos, Guatemala)
DOI: 10.4018/978-1-5225-4981-9.ch005

Abstract

The information security is importance as a strategic process to improve and maintain the continuity of the company. There have been developed various methodologies and risk management, safety guidelines information, however, does not go beyond operational and strategic part of business. Although some methodologies are based on international standards to implement controls to mitigate risks, but not the financial factors that could be impacted by these risks are analyzed. In some companies the legal aspect as a financial category, economic losses is not analyzed as a risk or information theft materializes. There are several methodologies based on guidelines and recommendations and provide general guidance on the management of information security; therefore, for purposes of this scientific research it will be taken into account some relevant points of those standards, which will undoubtedly help establish an appropriate risk methodology and subsequently to the definition of financial criteria for decision-making.
Chapter Preview
Top

Introduction

The information has taken important value for any business today, the reason is because certain information has value which is given by its content, however it must be protected against threats that exist at all times and that they may affect the business, its operations and therefore incur financial losses. Companies know that risks can not be eliminated but can be managed. However, when performing a risk analysis without finding the purpose or objective of its rationale, it is not relevant, due to it, a management methodology is presented, (ISO/IEC 27001:2013, 2013), where it analyzes its financial impact and the variations that could have an impact when making an investment or expense implementing controls that This methodology is based on a consulting firm (Datasec-MeycorKP, 2016) which emphasizes the alignment of risks with the implementation of controls to obtain the expected risk, at the same time, giving the results consistent. In order to understand the scope and purpose of risk management and to deepen the financial impact that could affect the company, a comparison has been made of the financial situation of the company with a history of its financial statements with a company that is listed on The Italian stock market (MCK:IM_Bloomberg, 2016), both with the same scope of labor market work, so that the comparative is coherent; The results obtained from the financial analysis can be studied and analyzed by experts in the field to make financial management decisions that could impact potential financial losses (Gerardo Guajardo Cantú, 2008).

Complete Chapter List

Search this Book:
Reset