The reality is however that legacy systems pose the greatest potential risk to any enterprise, as these platforms are anachronistic in terms of security support, lack many common safeguards, and don't have the necessary Application Programmer Interfaces (APIs) to scale globally as a secured platform (Gupta, Roth, 2007). Legacy systems were designed in an era where single authentication for an entire enterprise system was sufficient enough, and the concept of role-based access and computing was not considered a core requirement. Architects of these systems could not anticipate the breadth, depth and sophistication of attacks being carried out today against enterprise systems, websites, EDI links and every other potentially vulnerable entry point to a system. Enterprise software vendors including Oracle, SAP, Infor and others have opted to port or migrate their legacy ERP systems to Enterprise Application Infrastructure (EAI)-based platforms to increase their security while retaining compatibility with legacy databases and programs (Harney, 2006).
Legacy systems are the single greatest threat to any enterprise today (Talbot, 2006). This is because their initial architecture, design and implementation did not take into account the breadth, depth and sophistication of attacks today were not anticipated or forecasted decades previously. The retrofitting of legacy application is a formidable task with the costs for an ERP system being well over $16M or more for a typical distributed order management system for example (Talbot, 2006). Given the high costs of transforming legacy and home-grown ERP and enterprise systems into secured, scalable and role-based platforms, it is understandable why many companies today are looking at how their investments in compliance requirements can also attain a high level of risk mitigation and management. The following section illustrates how enterprises are pursuing compliance to government reporting requirements while working to quantify the financial value of their security management strategies.
Assessing the financial impact of enterprise security management strategies on an enterprise needs to capture the business improvements possible from role-based access to data and information while taking into account the measurable gains in performance due to reducing risk and increasing reporting accuracy. Measuring the financial impact of risk management needs to take a causal approach to best capture the return on investment (ROI) possible from greater security, risk mitigation and preventative security initiatives. These investments at the strategic level drive greater business improvements supported by highly scalable compliance platforms capable of supporting cost reductions while ensuring highly efficient use of assets. The relationships of these factors are shown in Figure 2 are used by enterprises to create unified, enterprise-wide strategies for security management that can have measurable, significant financial results over time. Figure 2, Causality of Security Management Strategies to Shareholder Value shows how compliance, security and compliance platforms, when coordinated, can deliver significant shareholder value over time.
Figure 2: Causality of Security Management Strategies to Shareholder Value
Source: (Nagaratnam, et.al, 2005)
The continual pursuit of security's contribution to shareholder value shown in Figure 2 is managed as an iterative workflow, with continual improvements made over time to system processes, procedures and integration points throughout enterprises. This iterative approach to continually strengthening and focusing enterprise security management investments to gain the greatest impact on financial performance has shown potential in reducing operating systems by reducing cost-based leakage, supply chain errors, and losses from pilferage and data loss including theft (Nagaratnam, Nadalin, Hondo, McIntosh, Austel, 2005). This model also illustrates how closely aligned enterprise risk management strategies are to the financial performance of enterprises that rely on them (Garbani, 2005). Each enterprise needs to take into account their specific strategic plans, IT integration points for core strategies, and the ability to quantify how risk management contributes to greater financial performance. While averting an attack that decimates information assets can't be calculated, when the performance of these systems are taken into account from a process improvement standpoint as part of a risk management strategy, their contributions can be clearly tracked (Nagaratnam, et.al, 2005). More efficient and highly targeted security management strategies can help an enterprise be more efficient in meeting the three triad requirements mentioned earlier in this analysis. Quantifying the value of risk management has the greatest impact in streamlining how IT resources are used in the attainment of long-term strategic plans and initiatives.
Analysis
Too often organizations rely on a tactical, short-term orientation for solving strategic, complex and intricate security problems. This leads to many enterprises continually churning through risk management programs and initiatives. Burning thousands of hours and millions of dollars in the process...
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now