Most organizations assume that the system is safe and everything is good. But can anyone guarantee that the system and its control mechanisms are functioning properly without regularly assessing and auditing risks? I argue that information system audits are more productive when performed during requirements compilation, system construction, pre-production, and post-production stages. After the system is up and running, in addition to self-assessment, it should be audited at least annually. I think this will maximize the consistency and continuity of the system and its control process.
Aside from some of the critical vulnerabilities of open-source solutions (e.g. the recent Log4j vulnerability), some Silicon Valley technology startups claim to offer revolutionary modification solutions. Theranos founder Ms. Elizabeth Holmes, who went from being a Silicon Valley star to being found guilty of wire fraud and conspiracy. According to Business Insiders, "Holmes claimed that she is inventing a patent application for a "medical device for monitoring analytes and drug delivery," a wearable device that administers drugs, monitors patients' blood, and adjusts dosages as needed." Theranos' business model was based on the idea that it could perform blood tests, using proprietary technology that only requires a finger prick and a small amount of blood. Holmes said the tests would be able to detect diseases like cancer and high cholesterol. Though she was able to build a $9 billion startup, it didn't last long. The technology has been exposed.
"fake it till you make it"
This would not have happened if the alleged solution had been audited by an external auditor before a major fraud with losses of over $ 9 billion. This happened because Silicon Valley's startup culture is always big. As National best seller author John Carreyrou explains about the Holmes story as a "virtually to perfection" and layout in his book BAD BLOOD Secrets and lies in Silicon Valley Start-up "as much a cautionary tale of what happens when Silicon Valley's "fake it till you make it" mentality meets public health as it is a study of human psychology."
The time is now!
Comparing Ethiopia to Silicon Valley may be extreme, but there are so many startups and ambitious plans in Ethiopia right now. My point is that with the revolutionary initiatives and implementation of ICT solutions, a lot has to be done in terms of awareness and capacity building of cybersecurity controls.
The Ethiopian Information System Audit Association can play a leading role and is more than willing to work with government and NGOs in this regard.
Comments