Business Process Security - Protecting What Is Really Valuable
The conventional view of security is primarily aimed at securing an organization's assets, including facilities, goods, IT-infrastructure and information. However, the characteristics of the threat environment organizations are exposed to are changing. Whereas in the past solitary intruders sought entry into an organization's network and facilities and created minor damage; nowadays these attacks originate from highly organized groups and are aimed at obtaining services or money by disrupting or diverting the victim's normal business operations. To achieve this, the diversity and sophistication of their means and methodologies has increased drastically from purely IT-based to social engineering, planting a mole or having their own communication device plugged into the network. Possible damages for victim organizations could run into millions of dollars or more and managers could be held legally accountable.