Running Head: SECURITY ISSUES OF SMALL E-COMMERCE WEBSITES
E-commerce Website Security Issues
March 26, 2008
Abstract
The research topic I have chosen for this CIS666 final paper is focused on recognition and evaluation of e-commerce website security issues for a small company that lacks the technical and human resources to fully cover all aspects of running a website. How can a small company protect its e-commerce website against all the security threats endangering company’s assets and operations? With the list of security issues I covered in this paper, my recommendation is, that a small company with limited resources should outsource running of its e-commerce website to a credible web-hosting company with enough IT resources
…show more content…
That might require additional staffing, extra training and also opening access to the systems to more people and that creates additional security issues. A critical hardware must be duplicated, periodically tested and updated to insure continuous operations. The best practice is to have at least two geographical locations to prevent a disruption of operations due to a local disaster. The same applies for data. There must be a sufficient data backup that is occasionally tested for consistency and there should be several geographical locations for back-up data storage, but easy and fast access in case of emergency. And that in turn creates again some additional security issues, because the back-up data must be as secure as the original data to insure full data security. Successful security plans include evaluation of data sensitivity, integrity, confidentiality, and date availability. System confidentiality assures that all data in the system is protected from disclosure to unauthorized processes, people, or devices. System integrity insures that company’s data is protected from unanticipated/unauthorized, or unintentional destruction (or modification). System availability provides assurance that data, services, and IT system resources are accessible to all system-related processes and authorized users on a reliable and timely basis, while protected from denial of service (Assessing the Security of Federal IT Systems, 2007).
Information will only have value if customers can access it at the right times. Availability can be affected by system errors, and malicious attacks as well as infrastructure problems. Availability is ensured by maintaining hardware as well as repairing hardware immediately when need arise. A correct functioning operating system should also be maintained in the environment free of software conflicts. Adequate communication bandwidth should also be addressed as well as preventing bottlenecks from occurrence.
Other security elements are in reference to data recovery, database administration, handling a breach in security and administrative security policies such as access procedure, employee transfer and excessive user access. As I assume the role of the chief security officer, database designer, database administrator, and chief applications designer this project is very important to the armed services and the Virgin Islands National Guard as we strive to provide global security.
An effective information security program should include, periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the organization. Policies and procedures should be based on risk assessments, cost effective reduced information security risk, and it should ensure that the information security is addressed throughout the entire life cycle of each and every organizational information system. Subordinate plans for providing sufficient information security for groups of the information system, facilities, networks, or information systems.
Assessments are used to determine if sufficient security is being utilized to protect federal data. These requirements are put in place to identify vulnerabilities within the information security infrastructure. It rates potential weak points that may be caused if vulnerability was found and a plan of action must be developed and executed to elevate found vulnerabilities to meet desire security standards. System administrators are obligated to assist their higher levels with found assessment and suggestions on how to improve the information system infrastructure. Scanning the system infrastructure is one of many modes used to assess the strength of information security. Several software, such as QualysGuard, have been designed to scan system architecture. QualysGuard is an automated suite that simplifies information security measures by rendering critical security intelligence. The suite offers full protection of all information security systems, auditing, and compliance assessments. Accrediting and
In cutting edge business situations that depend vigorously on data innovation, the system security review or evaluation is a crucial part of system support and repair. A system security advisor will regularly play out a review as the primary stage in giving counseling administrations to a business. Notwithstanding, these establishment building reviews, organizations should likewise perform system security reviews or appraisals all the time to guarantee ideal execution.
There are a variety of vulnerability identification factors that are seen as critical. The types of vulnerabilities associated with the Information Technology System depend on the nature of the system itself. Certain rules govern what action should be taken in this step. If the system has not yet been designed, the search for vulnerabilities should concentrate on the security policies of the organization, security procedures, system requirement definitions, vendor and developer’s product analysis. If the system is being implemented the identity of vulnerabilities should to expanded to include more specific information including security features described in the security documentation and results of the security certification test and evaluation. If the system is up and running, then the analysis of the IT system security features and security controls, technical and procedural should be used to protect the system. A table of Security Criteria can be found below:
Today, in this highly digitized world, information and data security plays a key role for any organization. And, especially, if the organization is dealing with lots of sensitive data, then it needs to have a robust security system in order to protect the data. For the given organization, the key objective of installing appropriate IT systems will be to deliver better services to its respective customers, keep the track records of all the data that is transacted through the information systems, and thereby subsequently increase the efficiency of all the operational activities of the given organization (Barton, Smith, & Weaver, 2010). It will also help in keeping the financial records of the organization in a more optimized and in a safer way.
In the last decade, more and more companies have started to look into e-commerce to connect them to the infinite world of global suppliers, partners, consumers and much more. This boom in technology has placed multiple assets are risk from a security stand point allowing hackers/crakers and anyone on the internet to gain access to these network and gain information or try to jeopardize business to a point where it stand stills.
Cincom Systems is a global provider of enterprise software for many of the world's largest manufacturers and defense contractors. Their approach to defining an IT Security Plan is defined in this document as is the definition of their Disaster Recovery Plan (DRP). As Cincom is a global leader in the development and implementation of enterprise software, the focus of this IT Security Plan details how to best secure and protect not only their core intellectual property (IP) but that of their customers as well, many of which are government agencies headquartered both in the U.S. and throughout the world. The most effective IT Security Plans and Policies both support and streamline the attainment of corporate objectives over time (Johnson, 2011). Information security is crucial for the overall development of an effective strategic plan as well, concentrating on how enterprise systems can be extended, enhanced while also better aligned to the specific needs of global expansion in a business (Merkow, Breithaupt, 2006). As Cincom operates in 17 different nations and continually invests in new application development to support many foreign governments' information systems and defense-related needs, there is a corresponding increase in the level of security its systems must also deliver. The intent of this analysis is to define how Cincom can become more effective in managing potential threats, and also how it can use a
This paper will describe a nine-point mission statement for the company from the new corporate CIO. It will address the new strategy in a three-phase rollout plan. It will then speculate why the fifth point, “Meet information requirements of management”, is in the CIO’s list of nine points. It will then imagine only three points are to be rolled out in the first phase and evaluate each point to determine the most important three for the initial rollout phase. Finally, it will recommend one additional point the CIO should include in order to ensure the topic of security is addressed in the mission statement with an explanation.
He/she must perform a risk assessment of common applications to identify potential security problems. The preliminary analysis will also answer questions such as who requires internet access, email, or VPN which might implicate the need for firewalls on the network to protect against unauthorized access to and from the outside of the network. Finally, the impact of any downtime whether planned or unexpected needs to be addressed. How critical is it to the business to have near 100% uptime? This determination effects how protective measures such as redundancy, clustered servers, disk arrays with RAID techniques, or multiple links between sites are built into the network.
As we discussed in our steering committee last week, you raised two concerns – security and data confidentiality – about hosting our corporate’s website outside our datacenter – in particular, on the cloud. I’m writing to you to convince you that hosting the corporate’s website on the cloud is the best option for the following reasons: it reduces operating cost, frees our staff to do other tasks, and provides better security. This report gives an overview of the current status of our website, explores available hosting options, and shows overall risks. In addition, you will find the team’s recommendations on this subject.
Financial institutions in particular must maintain an ongoing information security risk assessment program that effectively gathers data regarding the information and technology assets of the organization, threats to those assets, vulnerabilities, existing security controls and processes, and the current security standards and requirements, analyses the probability and impact associated with the known threats and
We hear of IT security, Information Security and Enterprise Security, these are three areas that any company needs to have a plan to safeguard since these are three areas of accountability. While all ares need safeguarding they are not all one in the same. There are three elements to information security, preservation of confidentiality, maintaining integrity, and ensuring availability. (Gelbstein, 2013, p. 27)
E-Commerce Security Issues "The new electronic interdependence recreates the world in the image of a global village." (From The Medium is the Message) Historical Glimpse Marshall McLuhan was the first person to popularize the concept of a global village, and to predict its social effects. His insights fundamentally changed how everyone has thought about media, technology, and communications ever since. He chose the phrase "global village" to highlight his insight that an electronic nervous system was rapidly integrating the planet, so that events in one part of the world could be experienced in real-time from other parts, which is what human experience was like when we lived in small villages. Since he describes the world global village, the world is starts emerging over one point (Internet) and it is quite true yet. (http://livinginternet.com/?i/ii_mcluhan.htm) Introduction In almost all aspects of life we are facing security issues, either if we are talking about literal world or talking about cyber world. Since this world is originated and men started earning, financial and commerce security issues are always been there. After the invent of the Internet our world is now become global village, through Internet we can communicate easily, effectively, and rapidly with low cost. The Electronic Commerce (E-Commerce) is the other vital use of Internet, through this companies are doing business of billions of dollars in the year, and corporations are expecting more and more