E-Commerce Security: Advice from Experts (IT Solutions series)
|
| < Day Day Up > |
|
With the introduction of e-commerce, the Information Technology and Systems (ITS) environment has changed substantially and business is no longer conducted ‘as usual'. While some of the risks associated with e- commerce are not new (e.g., hacking, theft of intellectual property), new insecurities have arisen because of the far-reaching scope of e-commerce. To understand the new risk environment, it is necessary to contrast it with that of the previous ITS environment.
-
Closed vs. Open Systems: With previous generations of IT, systems were less accessible and open to attack. For example, damages to stand-alone systems and local area networks (LANs) are restricted in-house. E-commerce systems, on the other hand, provide increasing levels of connectivity and accessibility to data and networks from outside the organisation.
-
Tangible vs. Virtual Assets: Traditional ITS environments are more tangible and were easily recognised as data processing centres. With e-commerce, information and virtual trading communities are more difficult to track. Intangible assets have become more important and take the form of intellectual property, information and knowledge.
-
Development vs. Operations: Systems in the past were developed in a controlled manner and released for operations after extensive testing. With e-commerce, the need for market responsiveness requires that systems are developed and operated in a very short time. Operations have become critical because e-commerce aims at high transaction rates in order to bring down the costs of transaction processing.
-
Predictability vs. Volatility: In the past, risk and security management could take place at a leisurely pace and reviews were conducted every couple of years. The RSM culture for traditional ITSs is unlikely to be satisfactory for the e-commerce environment. With each development of an e-commerce function, new elements of risk emerge and uncertainty arises.
Compared to the RSM processes of older ITSs, those for e- commerce have become more complex and greater interdependencies have to be considered. Furthermore, the nature of assets to be protected has changed and business continuity has become critical. The changes are reflected in Figure 1.
Security responses to the e-commerce risks identified here have also changed, especially when compared to traditional approaches. They are reflected in Table 1.
| Security Domain | Traditional Approach | E-Commerce |
|---|---|---|
| Access | Locks and keys, fences and walls | Firewall software |
| Confidentiality | Limit physical access to documents | Encryption |
| Authentication | Letterheads, written signatures | Identification and passwords Digital signatures and certificates |
| Integrity | Clerical checking and managerial control | Organization controls Application controls |
| Attack | Theft of goods | Computer viruses Computer crime |
| Continuity | Manual processing and recovery | Electronic backup and recovery |
As can be seen from the above table, a number of new technology- based security approaches are needed for e-commerce. They include firewall software which has the purpose of securing the internal 'trusted' network from the external 'untrusted' network through a highly monitored access point. The software provides essential protection against computer hackers. Other important technologies are encryption, where confidential and sensitive information is changed to protect content, and digital signatures and certificates which take the place of handwritten signatures and physical evidence of a person's credentials.
|
| < Day Day Up > |
|