ISSN: 2225-8329
Open access
Attacks on information are an ever-increasing threat to every industry. To protect financial information from accounting applications, organizations require general information technology controls (GITC) to operate effectively and comply with laws and regulations. GITC related to change management or system change controls (SCC) are critical in ensuring the accuracy and completeness of the aforementioned information. Alarmingly, the literature evidences traditional change management assessment methodologies that do not promote effective evaluation of SCC, prompting for the development of additional methods to assist organizations in protecting their financial information. This research proposes the development of a decision-support methodology, using fuzzy set theory, that can better safeguard accounting applications by allowing for a more robust implementation of SCC. It is argued that evaluating SCC using fuzzy set theory leads to a more precise assessment, resulting in a more secure financial environment.
Barnard, L., & Von Solms, R. (2000). A formalized approach to the effective selection and evaluation of information security controls. Computers & Security, 19(2), 185-194.
Da Veiga, A., & Eloff, J. H. P. (2007). An information security governance framework. Information Systems Management, 24(4), 361-372.
Das, P. (2009). Adaptation of fuzzy reasoning and rule generation for customers' choice in retail FMCG business. Journal of Management Research, 9(1), 15-26.
Deloitte. (2018). Deloitte’s Risk Advisory - General IT Controls (GITC) Risk and Impact. Deloitte. https://www2.deloitte.com/content/dam/Deloitte/in/Documents/risk/in-ra-general-it-controls-noexp.pdf
Demicco, R. V., & Klir, G. J. (2004). Fuzzy logic in geology (1st ed.). Academic Press.
Ejnioui, A., Otero, A. R., Tejay, G., Otero, C. E., & Qureshi, A. (2012). A multi-attribute evaluation of information security controls in organizations using Grey Systems Theory. International Conference on Security and Management, 1-7.
Federal Bureau of Investigation. (2019). White-Collar Crime. FBI Major Threats & Programs. What We Investigate. https://www.fbi.gov/investigate/white-collar-crime.
Genske, D. D., & Heinrich, K. (2009). A knowledge-based fuzzy expert system to analyze degraded terrain. Expert Systems with Applications, 36(1), 2459-2472.
Gerber, M., & von Solms, R. (2008). Information security requirements – Interpreting the legal aspects. Computers & Security, 27(5), 124-135.
Herath, T., & Rao, H. R. (2009). Encouraging information security behaviors in organizations: Role of penalties, pressures, and perceived effectiveness. Decision Support Systems, 47(2), 154-165.
ISACA. (2009). COBIT and Application Controls: A Management Guide. ISACA.
Karyda, M., Kiountouzis, E., & Kokolakis, S. (2004). Information systems security policies: A contextual perspective. Computer Security, 24(1), 246-260.
Keef, S. (2019). Why Security Product Investments Are Not Working. ISACA Journal. https://www.isaca.org/Journal/archives/2019/Volume-2/Pages/why-security-product-investments-are-not-working.aspx
Klir, G. J., & Yuan, B. (1995). Fuzzy Sets and Fuzzy Logic: Theory and Applications. Upper Saddle River, NJ: Prentice Hall PTR.
Lavion, D. (2018). Pulling fraud out of the shadows: Global Economic Crime and Fraud Survey 2018. PricewaterhouseCoopers LLP. https://www.pwc.es/es/publicaciones/deals/assets/encuesta-mundial-fraude-delito-economico-2018.pdf
Mizumoto, M., & Zimmermann, H. J. (1982). Comparison of fuzzy reasoning methods. Fuzzy Sets and Systems, 8(3), 253-283.
Nachin, N., Tangmanee, C., & Piromsopa, K. (2019). How to increase cybersecurity awareness. ISACA Journal. https://www.isaca.org/resources/isaca-journal/issues/2019/volume-2/how-to-increase-cybersecurity-awareness
Otero, A. R. (2019a). Optimization methodology for change management controls using GST. International Journal of Business and Applied Social Science, 5(6), 41-59.
Otero, A. R. (2019b). System change controls: A prioritization approach using AHP. International Journal of Business and Applied Social Science, 5(8), 56-68.
Otero, A. R. (2015a). Impact of IT auditors’ involvement in financial audits. International Journal of Research in Business and Technology, 6(3), 841-849.
Otero, A. R. (2015b). An information security control assessment methodology for organizations’ financial information. International Journal of Accounting Information Systems, 18(1), 26-45.
Otero, A. R. (2018). Information technology control and audit (5th ed.). Boca Raton, FL. CRC Press and Auerbach Publications.
Otero, A. R. (2014). An information security control assessment methodology for organizations (Doctoral dissertation). Nova Southeastern University, Fort Lauderdale, USA. Retrieved from NSUWorks, Graduate School of Computer and Information Sciences. (266) https://nsuworks.nova.edu/gscis_etd/266
Otero, A. R., Ejnioui, A., Otero, C. E., & Tejay, G. (2011). Evaluation of information security controls in organizations by Grey Relational Analysis. International Journal of Dependable and Trustworthy Information Systems, 2(3), 36-54.
Otero, A. R., Tejay, G., Otero, L. D., & Ruiz, A. (2012). A fuzzy logic-based information security control assessment for organizations. IEEE Conference on Open Systems, 1-6. doi:10.1109/ICOS.2012.6417640
Otero, A. R., Sonnenberg, C., & Bean, L. (2019). Quality assessment of access security controls over financial information. International Journal of Network Security & Its Applications, 11(6), 1-18.
Pedrycz, W. (1994). Why triangular membership functions? Fuzzy Sets & Systems, 64(1), 21-30.
Petrovic-Lazarevic, S. (2001). Personnel selection fuzzy model, International Transactions in Operational Research. 8(1), 89-105.
PricewaterhouseCoopers LLP. (2014). Economic crime: A threat to business globally. PwC’s 2014 Global Economic Crime Survey. https://www.pwc.at/de/publikationen/global-economic-crime-survey-2014.pdf
Saint-Germain, R. (2005). Information security management best practice based on ISO/IEC 17799. Information Management Journal, 39(4), 60-66.
Salkind, N. J. (2009). Exploring research (7th ed.). Upper Saddle River, NJ: Prentice-Hall, Inc.
Schryen, G. (2010). A fuzzy model for IT security investments. Proceedings of Sicherheit, Schutz und Zuverlässigkeit, 289-304.
Singh, A. N., Picot, A., Kranz, J., Gupta, M. P., & Ojha, A. (2013). Information security management (ISM) practices: Lessons from select cases from India and Germany. Global Journal of Flexible Systems Management, 14(4), 225-239.
The Institute of Internal Auditors. (2012). Global Technology Audit Guide 2: IT change management: Critical for organizational success (3rd ed.). https://na.theiia.org/standards-guidance/recommended-guidance/practice-guides/Pages/Global-Technology-Audit-Guide-IT-Change-Management-Critical-for-Organizational-Success.aspx
The Institute of Internal Auditors. (2019). Global Technology Audit Guide 8: Auditing Application Controls. https://na.theiia.org/standards-guidance/recommended-guidance/practice-guides/Pages/GTAG8.aspxs
Thome, J., Shar, L. K., Bianculli, D., & Briand, L. (2018). Security slicing for auditing common injection vulnerabilities. Journal of Systems and Software, 137(1), 766-783.
Vaast, E. (2007). Danger is in the eye of the beholders: Social representations of information systems security in healthcare. Journal of Strategic Information Systems, 16(1), 130-152.
Van der Haar, H., & Von Solms, R. (2003). A model for deriving information security controls attribute profiles. Computers & Security, 22(3), 233-244.
Volonino, L., & Robinson, S. R. (2004). Principles and practice of information security (1st ed.). Upper Saddle River, NJ: Pearson Prentice Hall, Inc.
Yager, R. R. (1996). Knowledge-based defuzzification. Fuzzy Sets Systems, 80(1), 177-185.
Zadeh, L. (1965). Fuzzy sets. Information Control, 8(1), 338-353.
Zimmermann, H. ?J. (2010), Fuzzy set theory. WIREs Comp Stat, 2: 317-332. doi:10.1002/wics.82
In-Text Citation: (Otero, 2020)
To Cite this Article: Otero, A. R. (2020). Enhanced Security over Accounting Data: A Fuzzy-Based Evaluation Model to Aid Organizations in Safeguarding their Accounting Systems. International Journal of Academic Research in Accounting, Finance and Management Sciences. 10(3), 160-175.
Copyright: © 2020 The Author(s)
Published by Human Resource Management Academic Research Society (www.hrmars.com)
This article is published under the Creative Commons Attribution (CC BY 4.0) license. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this license may be seen at: http://creativecommons.org/licences/by/4.0/legalcode