Читать книгу You CAN Stop Stupid - Ira Winkler - Страница 53

Operational vulnerabilities are vulnerabilities in business processes that can cause loss. Within every business operation, there are some steps that allow for human error or facilitate malicious activity. For example, the collection of information itself is a potential vulnerability, but collecting excessive information is an additional, unnecessary vulnerability.

There will always be a vulnerability in any business process. You need to identify the vulnerabilities to potentially proactively account and prepare for their potential exploitation. You also need to watch for operational vulnerabilities that do not need to exist.

Websites are an example of this. You need to provide information. However, that information does not have to be excessive. Social media is an extension of this concept. Individuals want to share their lives, yet at the same time, they share so much that they expose themselves unnecessarily to criminal activity. For example, online banking account reset security questions include questions such as the name of your pet or your birthday, which are frequently available on social media.

Physical inventory is also affected by operational processes. When you are dealing with physical inventory, sometimes there are good accounting practices to ensure that every piece is properly tracked from the manufacturing to final sale to a customer and all steps in between. More often, there are less effective processes in place, and loss occurs over time.

Operational processes should be defined by organizational governance through policies, procedures, and guidelines. Governance should specify every process in your organization and should tell people how to specifically perform their job responsibilities and how to make decisions. Chapter 13 discusses governance further, but at this point it suffices to say that most governance is poorly defined and increases operational vulnerabilities.