A Case Study: The Deficiency of Information Security Assurance Practice of a Financial Institute in the Protection of Privacy Information

Driven by business efficiencies and the need for a competitive advantage, enterprises are now collecting more clients' information to increase market share and to offer better services. The hyper-growth of business and competition increases the implementation of ubiquitous and pervasive computing. Such implementations have created a privacy void, in which clients' information is sent over from machines to machines without the assurance of information security. information security assurance (IA) aims to restore clients' confidence level by ensuring confidentiality, integrity and availability of their information. This paper suggests a holistic and systems approach to deploying information security assurance and illustrates the approach by using a case of inappropriate information privacy practices in a large Canadian financial institute.