Finding the Right Balance Between Business and Information Security Priorities in Online Companies

In order to keep up with the trend and satisfy the Internet users, it is crucial for the online businesses to adapt to new technologies and offer the right services (shop, bank online, etc.) to their customers. To anticipate customer needs, the online businesses use customer behaviour analysis and process customer data. Even if companies handle customer information (e.g. PII is considered highly confidential and must be protected accordingly) to anticipate and meet customers’ expectations, the management often struggles finding the right approach in making informed decisions when talking about information security of such data. This can threaten the sustainability of the business and put its customers at major risks (e.g. identity theft), risks that decision makers of companies do not see, or do not understand, the results being they do not invest properly to secure the data they handle.This paper gives a parallel overview between:a)    the management priorities of an online business that handles customer data and b)    the implicit information technology and security threats that those priorities generate.Once we have a view around point a) and point b), the paper will also show potential ways of finding a right balance between business needs, regulatory requirements and security of customer data so that the business can take risks to achieve their goals in an informed manner, using a customised risk assessment methodology, based on COBIT5 framework, industry leading standards and potential internal customised processes.