E-Commerce Website Security Issues

2638 WordsApr 11, 200811 Pages
Running Head: SECURITY ISSUES OF SMALL E-COMMERCE WEBSITES E-commerce Website Security Issues March 26, 2008 Abstract The research topic I have chosen for this CIS666 final paper is focused on recognition and evaluation of e-commerce website security issues for a small company that lacks the technical and human resources to fully cover all aspects of running a website. How can a small company protect its e-commerce website against all the security threats endangering company’s assets and operations? With the list of security issues I covered in this paper, my recommendation is, that a small company with limited resources should outsource running of its e-commerce website to a credible web-hosting company with enough IT resources…show more content…
That might require additional staffing, extra training and also opening access to the systems to more people and that creates additional security issues. A critical hardware must be duplicated, periodically tested and updated to insure continuous operations. The best practice is to have at least two geographical locations to prevent a disruption of operations due to a local disaster. The same applies for data. There must be a sufficient data backup that is occasionally tested for consistency and there should be several geographical locations for back-up data storage, but easy and fast access in case of emergency. And that in turn creates again some additional security issues, because the back-up data must be as secure as the original data to insure full data security. Successful security plans include evaluation of data sensitivity, integrity, confidentiality, and date availability. System confidentiality assures that all data in the system is protected from disclosure to unauthorized processes, people, or devices. System integrity insures that company’s data is protected from unanticipated/unauthorized, or unintentional destruction (or modification). System availability provides assurance that data, services, and IT system resources are accessible to all system-related processes and authorized users on a reliable and timely basis, while protected from denial of service (Assessing the Security of Federal IT Systems, 2007).
Open Document