THE ACCOUNTING SYSTEM AS THE BASIS FOR ORGANISING ENTERPRISE CYBERSECURITY
Keywords:accounting, cybersecurity, security audit, information security, information risks and barriers, accounting policy
The increasing number of cyberattacks as part of the hybrid influence on social and economic processes and the threat of confidential information leaks dictate the need to ensure cybersecurity for enterprises, sectors and branches of the economy. Since most economic information is produced by the accounting system, its cybersecurity is a priority.
The review of literature on enterprise cybersecurity has indicated that the researchers increasingly define the accounting system as the target of cybersecurity measures. This approach is scientifically limited, as it does not consider that the accounting system may be the subject ensuring the cybersecurity of enterprises in the conditions of rapid development of latest computer and communication technologies. The aim of the article is to investigate the prospects of organising accounting when it is acting as the subject in a platform for ensuring the cybersecurity of enterprises.
It is substantiated that accounting should be used as the basis for ensuring cybersecurity, given that accounting is the main producer of economic information, much of the accounting information is confidential, modern accounting specialists are qualified in multiple different areas of expertise, numerous cyberattacks are perpetrated via accounting software, and the regulatory nature of accounting standards pertaining to information processes.The prospects of reorganising the accounting department of enterprises and transforming the operational responsibilities of accounting specialists to focus on ensuring the cybersecurity of enterprises are explored. It is proposed to use the accounting policy of the enterprise and the internal regulations linked to it as the basis for the development of cybersecurity regulations. The necessity of introducing permanent security audit to accounting and control activities of the enterprise is proved. It proposed that internal controllers (accountants) or external specialists from audit firms monitor and test the cybersecurity system of enterprises that will facilitate efficient prevention, avoidance and elimination of information barriers and threats to the effective operation of economic entities.
Global Cybersecurity Index (GCI) 2018. (2019). International Telecommunication Union. Geneva: ITU Publications. 86 p.
Moroz, Yu. Yu. & Tsal-Tsalko, Yu. S. (2017). Oblikova polityka pidpryiemstva ta yii kiberbezpeka [Accounting policy of the enterprise and its cybersecurity]. Oblik, analiz i kontrol v umovakh suchasnykh kontseptsii upravlinnia ekonomichnym potentsialom i rynkovoiu vartistiu pidpryiemstva — Accounting, analysis and control in the conditions of modern concepts of management of economic potential and market value of the enterprise, Vol. IV, I, 8—11 [in Ukrainian].
Viter, S. A., & Svitlyshyn, I. I. (2017). Zakhyst oblikovoi informatsii ta kiberbezpeka pidpryiemstva [Protection of accounting information and cybersecurity of the enterprise]. Ekonomika i suspilstvo: elektronne fakhove vydannia — Economy and society: electronic professional publication, 11, 497—502 [in Ukrainian].
Janvrin, D., & Wang, T. (2019). Implications of Cybersecurity on Accounting Information. Journal of Information Systems, Vol. 33, 3. A1-A2. doi:10.2308/isys-10715.
Haapamäki, E., & Sihvonen, J. (2019). Cybersecurity in accounting research. Managerial Auditing Journal, 34, 808—834. doi:10.1108/MAJ-09-2018-2004.
Shpak, V. A. (2015). Orhanizatsiia zakhystu oblikovoi informatsii [Organization of protection of accounting information]. Bukhhalterskyi oblik, analiz ta audyt: problemy teorii, metodolohii, orhanizatsii — Accounting, analysis and audit: problems of theory, methodology, organization, 2, 181—187 [in Ukrainian].
Denha, S. M., & Veryha, Yu. O. (2004). Zakhyst informatsii v kompiuternykh informatsiinykh systemakh bukhhalterskoho obliku [Information protection in computer information systems of accounting]. Bukhhalterskyi oblik i audyt — Accounting and audit, 5, 59—65 [in Ukrainian].
Hrabchuk, I. L. (2018). Orhanizatsiia zakhystu oblikovoi informatsii v umovakh hibrydnoi viiny [Organization of protection of accounting information in a hybrid war]. Problemy teorii ta metodolohii bukhhalterskoho obliku, kontroliu i analizu — Problems of theory and methodology of accounting, control and analysis, 3 (41), 20—24. doi:10.26642/pbo-2018-3(41)-20-24 [in Ukrainian].
Eaton, T., Grenier, J., & Layman, D. (2019). Accounting and Cybersecurity Risk Management. Current Issues in Auditing, Vol. 13, 2. doi:10.2308/ciia-52419.
Popivniak, Yu. M. (2019). Kiberbezpeka ta zakhyst bukhhalterskykh danykh v umovakh zastosuvannia novitnikh informatsiinykh tekhnolohii [Cybersecurity and protection of accounting data in the application of the latest information technologies]. Biznes Inform — Business Inform, 8, 150–157. doi:10.32983/2222-4459-2019-8-150-157 [in Ukrainian].
Demirkan, S., Demirkan, I., & Mckee, A. (2020). Blockchain technology in the future of business cyber security. Journal of Management Analytics, Vol. 7, Is. 2. 189—208. doi:10.1080/23270012.2020.1731721.
Georg Schaffner Laura, Grove Hugh, Holder Anthony, & Clouse Mac. (2018). Cybersecurity Guidance for Accountants and Executives. Internal Auditing, Vol. 33, 5, 5—20.
Rozheliuk, V. M. (2013). Zakhody zabezpechennia zakhystu oblikovoi informatsii [Measures to ensure the protection of accounting information]. Bukhhalterskyi oblik, analiz ta audyt: problemy teorii, metodolohii, orhanizatsii — Accounting, analysis and audit: problems of theory, methodology, organization, 2 (12), 335—340 [in Ukrainian].
Pendley, J. (2018). Finance and Accounting Professionals and Cybersecurity Awareness. Journal of Corporate Accounting & Finance, 29, 53—58. doi:10.1002/jcaf.22291.
Spitters Thomas Heaton CPA. (2019). A Supplement to Cybersecurity Breviary for Accountants Kindle Edition. San Francisco: Baume Verlag.
Symantec. (2019). Internet Security Threat Report. Mountain View: Symantec Corporation.
Cyberthreat Defense Report. (2019). Annapolis: CyberEdge Group.
Summary Report. (2019). Telstra Security Report 2019. Paddington: Telstra Corporation Limited. 19 p.
Risk committees. The Institute of Chartered Accountants in England and Wales. Retrieved from https://www.icaew.com/technical/corporate-governance/committees/risk-committees.
How to Cite
Copyright (c) 2020 Z. Zadorozhnyi, V. Muravskyi, О. Shevchuk, V. Muravskyi
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors of research articles published in the Collection agree to the following terms:
- authors reserve the right to his authorship of scientific articles and broadcast journal right of first publication of scientific articles licensed under CC Attribution (Creative Commons Attribution License), which allows others to freely distribute the published scientific article referring to the original authors of the article and the first publication of the article in Research Works’ Collection on "Finance and credit activity: problems of theory and practice";
- authors have the right to enter a separate agreement concerning additional exclusive distribution of the article in the form it was published in the journal (for example, to post the research in an electronic storage of the establishment or publish as a part of a monograph), provided that the reference to the first publication of the article in the Collection.