Security
issues and threats in an e-commerce environment are varied and can be
caused intentionally. Security issues and threats related to an e-commerce environment can
be categorized as many types controllable, partially controllable, and uncontrollable.
Security threats on the Internet include Spoofing, Unauthorized disclosure, Unauthorized
action, Data alteration etc. Spoofing is the copying of legitimate webpages by
those with criminal intentions to create seemingly legitimate websites for the
sole purpose of gathering private information like credit card numbers, social
security numbers and so on. In Unauthorized disclosure When transactions are
conducted over the Internet on unsecured sites, hackers can intercept transmissions
and gain access to our customer’s sensitive data. Anyone with a grudge
against us can alter your site to deny access to customers in Unauthorized
action and the other one id the data alteration. Here. Hackers can alter
transaction contents as they flow across the internet resulting in mixed,
incomplete, or incorrect messages being sent back and forth from our site to
your customer and vice versa.
There include many guidelines that identify various security issues and threats in an
e-commerce environment and then offers a comprehensive security plan and
guidelines for recovery if disaster strikes. Creating security awareness,
employees and key decision-makers first should understand what security is and also why is it important to create and
implement a comprehensive security program in an e-commerce environment. Formation of the security task force, key
employees and decision-makers have to be involved in the design and implementation
of a security program. In which a buy-in process and sense of ownership have to
be created at the early stages of the security program design and implementation.
Next one is the Conducting risk analysis. Here the information should be
considered as a commodity with a value attached to it. Means more/less
financial analysis and capital budgeting techniques could be applied to this
process. Identification of basic security safeguards is considered as one of
the main guideline. The most basic security safeguards that have to be in place
in any security program development include the Uninterruptible Power Supply
(UPS), redundant arrays of independent disks (RAID), and mirror disks.
Identification of general security threats, intentional threats, security
measures and enforcements, computer emergency response team services are the
other guidelines. In the Identification of general security threats, natural
and human created disasters as they apply to an e-commerce environment have to
be identified and in the Identification of intentional threats, the computer
viruses, worms, Trojan horse programs, and other intentional threats must be
identified. Formation of a comprehensive security plan should be effective
inorder to make a security plan which should include should include hardware,
software, and policy measures that collectively protect the information
resources of an ecommerce
site. An organization must be prepared to respond to a disaster if it occurs. One
of the best security measures is to plan for disaster and here the response
process known as thedisaster recovery planning or contingency planning system
can play a major role in putting the organization back on its feet. For more
Comments
Post a Comment