Security of the Digital Transformation

In the early days of computation the focus was mainly on designing, developing, maintaining, and administering infrastructures and information systems housed in data centers. To this extend, security was traditionally organized around the basic technical components (e.g. data center facilities). The point was that an associated security activity was mostly separated from a business context and in general executed by the technical staff. Security was not fully understood by other audiences because the computer terminologies were frequently used. When security elements (e.g. logical access protocols used for identification, authentication, authorization) became part of the financial statement audit, its context became clearer, and it was conducted for external auditors. However, the presented outcome of the work was not completely interpretable for these practitioners as again, it was mainly reported in Information Technology (IT) jargon, and was not linked with the financial statement either. With the emergence the Sarbanes–Oxley Act (SOX) and the fundamental role of IT in relation hereto, the context of security suddenly changed to a great extent. The audience extended as compliance, including security, became the dominating item on the agenda of many C-levels (e.g. CFOs).