New Forms of Risk and Security

 < Day Day Up > 

With the introduction of e-commerce, the Information Technology and Systems (ITS) environment has changed substantially and business is no longer conducted ‘as usual'. While some of the risks associated with e- commerce are not new (e.g., hacking, theft of intellectual property), new insecurities have arisen because of the far-reaching scope of e-commerce. To understand the new risk environment, it is necessary to contrast it with that of the previous ITS environment.

  • Closed vs. Open Systems: With previous generations of IT, systems were less accessible and open to attack. For example, damages to stand-alone systems and local area networks (LANs) are restricted in-house. E-commerce systems, on the other hand, provide increasing levels of connectivity and accessibility to data and networks from outside the organisation.

  • Tangible vs. Virtual Assets: Traditional ITS environments are more tangible and were easily recognised as data processing centres. With e-commerce, information and virtual trading communities are more difficult to track. Intangible assets have become more important and take the form of intellectual property, information and knowledge.

  • Development vs. Operations: Systems in the past were developed in a controlled manner and released for operations after extensive testing. With e-commerce, the need for market responsiveness requires that systems are developed and operated in a very short time. Operations have become critical because e-commerce aims at high transaction rates in order to bring down the costs of transaction processing.

  • Predictability vs. Volatility: In the past, risk and security management could take place at a leisurely pace and reviews were conducted every couple of years. The RSM culture for traditional ITSs is unlikely to be satisfactory for the e-commerce environment. With each development of an e-commerce function, new elements of risk emerge and uncertainty arises.

Compared to the RSM processes of older ITSs, those for e- commerce have become more complex and greater interdependencies have to be considered. Furthermore, the nature of assets to be protected has changed and business continuity has become critical. The changes are reflected in Figure 1.

click to expand
Figure 1: The Processes of E-Commerce Risk and Security Management

Security responses to the e-commerce risks identified here have also changed, especially when compared to traditional approaches. They are reflected in Table 1.

Table 1: E-Commerce Security Issues and Responses

Security Domain

Traditional Approach



Locks and keys, fences and walls

Firewall software


Limit physical access to documents



Letterheads, written signatures

Identification and passwords Digital signatures and certificates


Clerical checking and managerial control

Organization controls Application controls


Theft of goods

Computer viruses Computer crime


Manual processing and recovery

Electronic backup and recovery

As can be seen from the above table, a number of new technology- based security approaches are needed for e-commerce. They include firewall software which has the purpose of securing the internal 'trusted' network from the external 'untrusted' network through a highly monitored access point. The software provides essential protection against computer hackers. Other important technologies are encryption, where confidential and sensitive information is changed to protect content, and digital signatures and certificates which take the place of handwritten signatures and physical evidence of a person's credentials.

 < Day Day Up > 

E-Commerce Security. Advice from Experts
E-Commerce Security: Advice from Experts (IT Solutions series)
ISBN: 1591402417
EAN: 2147483647
Year: 2003
Pages: 106 © 2008-2017.
If you may any questions please contact us: