Implementing and maintaining Digital Security in a digitized ecosystem takes work. Nowadays, multiple complex frameworks and models are used to implement Digital Security. Unfortunately, these tools are perceived as complicated to implement and maintain in digitized value chains and platforms. Most companies still use spreadsheets to demonstrate their compliance. Surprisingly, regulators also use spreadsheets for supervision. Business at risk Research has shown that the number of security incidents has increased [1] over the years, as has the financial impact per data breach [1]. Mastering emerging technologies such as big data, Internet of Things [2], Artificial Intelligence, and social media, and combating cybercrime [3], while protecting critical business data, requires a team instead of a single IT person [4]. To protect this data, security professionals need to know about the value of information and the impact if it is at risk [4]. In the past [7], IT security controls were implemented to reduce this risk. These controls were based on best practices prescribed by vendors, without a direct link to risks, regulatory requirements, or business objectives [7]. The controls rely on technology, and the audits and assessments (in spreadsheets) were used to prove their effectiveness [8]. Working with scattered Excel spreadsheets becomes a risk on its own due to upcoming regulatory requirements in the European Union, such as NIS2, and the DORA act. And other legislations (see table below). Unreliable and splintered data across multiple files and systems Filling in spreadsheets is subject to manipulation [28] because it is not a closed-locked-down cycle. Spreadsheets are stored–sometimes double versions- on decentralized systems, sometimes not well protected, making evidence unreliable. Spreadsheet data cannot always be gathered from the sources, which reduces authenticity and integrity .
Full Article
