Cybersecurity, a popular term due to several statements and Executive Orders from the White House related to Homeland Security issues, is closely related to Information Security. The latter aims to protect items of value (information: personal, corporate and governmental), while the former aims to protect the devices (computers and smartphones) and networks (Internet) which store and transmit the information.
Let's consider the following scenario: Your organization enforces mandatory vacations in an effort to prevent occupational fraud. A current employee is perpetrating a fraud scheme involving a fictitious employee and must access your accounting system bi-weekly to continue the fraudulent activity. Unfortunately for you, employees are allowed to work from home and the fraudster in question simply logs in after-hours and performs the necessary steps to maintain his/her scheme.
This scenario highlights the importance of IT controls, as we see that the fraudster was able to circumvent the organization's anti-fraud efforts by taking advantage of a weakness in the IT control environment.
Much has been written and heard about the ”great Target breach,” but most of it is targeted (sorry!) at those involved in the event and much less is aimed at the lessons that all businesses can learn from this. Here areas: