ISSN 2756-3677
International Journal of Banking, Economics and Finance ISSN: 8201-4728 Vol. 2 (11), pp. 001-014, November, 2018. © International Scholars Journals
Full Length Research Paper
Framework to identify and manage risks in Web 2.0 applications
Riaan J. Rudman
Department of Accounting, Stellenbosch University, South Africa. E-mail: [email protected].
Tel: +27 - 72 - 1888 – 022. Fax: +27 - 86 - 514 – 0336.
Accepted 18 June, 2018
Abstract
Web 2.0 applications are continuously moving into the corporate mainstream. Each new development brings its own threats or new ways to deliver old attacks. In order to mitigate these security risks, internal controls should be implemented at different levels. In order to identify the risks, a proper control framework of generally accepted control techniques and practices are needed as a benchmark. Because, implementing these control techniques on their own is merely ad hoc, if not linked to a proper control framework or model. The objective of this study is to develop a framework that can be used to identify the security issues an organisation is exposed to through Web 2.0 applications, with specific focus on unauthorised access. An extensive literature review was performed to obtain an understanding of the technologies driving Web 2.0 applications. Thereafter, the technologies were mapped against control objectives for information and related technology (CobiT) and trust service principles and criteria and associated control objectives relating to security risks. These objectives were used to develop a framework that can be used to identify risks and formulate appropriate internal control measures in any organisation using Web 2.0 applications. Every organisation, technology and application is unique and the safeguards depend on the nature of the organisation, information at stake, degree of vulnerability and risks. A comprehensive security program should include a multi-layer approach comprising of a control framework, combined with a control model considering the control processes in order to identify the appropriate control techniques.
Key words: Web 2.0, social networking, security risks, computer risks, control framework, control objectives for information and related technology (CobiT), trust service principles and criteria.