|< Day Day Up >|| |
A RSM approach to e-commerce should build on the fundamentals of good management principles. The approach can be summarised as follows.
Is the approach effective for e-commerce?* Comprehensive: It must cover technical and business scenarios that are part of the various types of e-commerce (business-to-business, business-to-consumer), the phases of the e-commerce development (from planning to implementation) and the life cycle of operations (from ordering to supply and payments).
Inclusive: The approach must cover all assets, vulnerabilities and threats. They include technology and business assets, real and virtual, by themselves as well as their interactions.
Flexible: It must offer a variety of techniques that can be applied across some or all phases of e-commerce. Traditionally, anorganisation's assets and policies may have been static, but threats in e-commerce are mobile and mutable.
Pro-Active: The methodology must be flexible and promote proactivity to anticipate changes in the e-commerce environment. It should encourage pro-active behaviour that uses RSM to gain competitive advantages.
Relevant: RSM should lead to the identification and application of security measures relevant to e-commerce. Security techniques for e- commerce include the installation of firewalls, the use of digital signatures and certificates, encryption, etc. Will the approach provide a competitive advantage?
Value: The cost of RSM should be covered by the benefits realised from its use. In the real world, resources are limited and decisions about trade-offs have to be constantly made. RSM should be justified in terms of the advantages it provides.
Integration: With e-commerce it is imperative that decisions are made based on both business and technological considerations. Risks in the technological domain interact with those in the business domain, and RSM should cover both types of risk.
Can the approach be implemented readily?
Systematic: The processes of RSM should be structured and systematic to encourage organic management behaviour, transparency and open communications. Guidelines should be available for processes to be followed and the deliverables to be produced for each activity and phase.
Adaptable: RSM must be integrated into the existing ITS environment, organisational culture and resource constraints with the objective of making an uncertain environment more certain.
Timely: RSM must be carried out speedily because of the rapid changes that can occur for e-commerce. It must therefore define procedures, deliverables and timeliness that can be applied to small as well as major changes.
Tracking: With increased operational risk emerged the need to measure and monitor risk factors through risk indicators and metrics. Effective RSM should provide the system for this and ideally produce dollar-at-risk-type figures.
Sponsorship: It is generally accepted that projects fail if not supported by senior management. E-commerce RSM should therefore be an integral part of organisational risk and security solutions.
|< Day Day Up >|| |