In natural progression from e-Commerce Security - A Global Status Report, e-Commerce Security - Enterprise Best Practices offers specifics on keeping electronic commerce secure for your organization. Since the Internet is a broadcast network, whatever is placed on it is routed over wide-ranging, and essentially, uncontrolled paths. Maintaining and enhancing the integrity of information and transactions is the charge for business executives and IS auditors alike. This book presents concrete precepts on how to achieve these goals.
It establishes a framework for business managers to understand the principles of e-commerce security and how to best control and implement it within their organizations. The book offers valuable insights and best practices involving e-commerce issues such as protecting data, maintaining confidentiality, confirming identities, controlling system changes, detecting unauthorized intrusions and handling denial of service attacks. 2000, 52 pages.
The Information Systems Audit and Control Foundation (ISACF ™ ) was created in 1976 to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field. The role of the ISACF is to evaluate the latest guidelines for implementation of emerging technologies and their applications. The Foundation continuously searches for groundbreaking ways to capitalize on those advances to achieve competitive advantage. Information Systems Audit and Control Association ® The Information Systems Audit and Control Association is a leading global professional organisation representing individuals in more than 100 countries and comprising all levels of information technology - executive, senior management, middle management and practitioner. The Association is uniquely positioned to fulfill the role of a central, harmonising source of IT control practice standards for the world over. Its strategic alliances with other groups in the financial, accountng, auditing and IT professions are ensuring an unparalleled level of integration and commitment by business process owners. The vision of the Foundation and Association is to be the recognized global leader in IT governance, control and assurance.
"synopsis" may belong to another edition of this title.
Introduction
This document is intended to be a tutorial on the issues of e-Commerce Security for the control community- that is, to anyone with a professional interest in the design, implementation and assessment of controls for e-Commerce.
ISACA defines e-Commerce as the processes by which organizations conduct business electronically with their customers, suppliers and other external business partners, using the Internet as an enabling technology. It therefore encompasses both business-to business (B2B) and business-to-consumer (B2C) e-Commerce models, but does not include existing non-Internet e-Commerce methods based on private networks, such as EDI and S.W.I.F.T.
While this Perspective necessarily explores new technology issues of e-Commerce, it focuses on security, audit and control issues. The field of e-Commerce is developing rapidly on the combined fronts of technology and business use. By its nature, e-Commerce security challenges its practitioners in many different ways from the security environments of recent times that must now be considered as legacy. The primary objective of the authors has been to establish a framework that the reader can use to understand the principles of e-Commerce security and the challenges for their particular organizations and environments, and then go on to seek more detail from other sources.
This Perspective provides introductory material on technology and auditing. It is not intended to be product specific, and generally was developed around concepts or a range of technologies.
E-Commerce-Global Best Practices is a follow-up to the first publication developed in this series, e-Commerce-A Global Status Report. It takes up where the prior document left off. Now that the global status of e-Commerce security uncovered, this publication readily identifies the areas of e-Commerce that need attention to maintain a feeling that your organization’s security is not falling behind.
Security Goals
Security is a subject often used with different meanings in widely different contexts. For example, security of an enterprise’s financial investments is quite different from security of corporate personal data. This Perspective clearly focuses on the security of information as used in commercial transactions over the Internet. There are always many ways to define any term, especially one such as information security that is commonly shared among widely varying communities, including computer vendors, corporate business managers, private individuals and military interests. However, rather than endlessly debate the true definition, this document assumes a conventional approach with security defined by its principal objectives. These have often been expressed with the convenient CIA acronym as in confidentiality, integrity and availability.
Confidentiality is an e-Commerce issue in that potential consumers are (rightly) concerned about providing unknown vendors with personal, sometimes sensitive, information. Moreover, the medium of the Internet is a broadcast network; whatever is placed on it is routed over wide-ranging and essentially uncontrolled paths. There is concern about the integrity of information for much the same reason, in that data passing over a broadcast network can be intercepted and potentially misused. This, in essence, is the fear of hacking. While hacking undoubtedly occurs, it is questionable whether it is so prevalent as to be a direct threat to individual consumers, as much as an infrastructural inhibitor. Nonetheless, whether or not the fear is rational, it has been a factor affecting the initial growth of e-Commerce. E-vendors in particular are focused on availability. If their sites are not up, they cannot do business, and lose out on potential revenues.
SECURITY GOALS
Management should employ the controls, tools, mechanisms, and supervision necessary to ensure that they can: ·
Authenticate the identity of all parties to the application or communication ·
Protect the traffic from modification, destruction, interference, or contamination ·
Protect the traffic from inappropriate or unnecessary disclosure ·
Ensure that the business can continue to operate in the case of technology failures ·
Demonstrate to an independent party the accountability for all business transactions to the level of an individual ·
Recognize variances from the intended use, operation, or behavior of systems and take timely and effective corrective action
In addition to CIA, two further goals are increasingly required in dealing with e-Commerce: authentication and non-repudiation. These two are closely linked. Individuals using e-Commerce applications must be identified and in some manner must prove that they are who they say they are before the transaction is entered into, or at least, before it is completed. Then, after the fact, there must be some manner of ensuring that the individuals cannot deny that the transaction had been entered into, or at least that they had performed the transaction.
"About this title" may belong to another edition of this title.
(No Available Copies)
Search Books: Create a WantCan't find the book you're looking for? We'll keep searching for you. If one of our booksellers adds it to AbeBooks, we'll let you know!
Create a Want