Risk Management Holds the Key

Previous page
Table of content
Next page

A large middle ground exists between the extremes of avoiding e-commerce applications altogether, blithely launching unprotected systems, or burdening every application with prohibitively costly and user-unfriendly security measures. This middle ground is the area of risk management. The risk-management approach aims not to eliminate risk, but to control it. Risk management is a rigorous balancing process of determining how much and what kind of security to incorporate in light of business needs and acceptable levels of risk. It unlocks the profit potential of expanded network connectivity by enabling legitimate use, while blocking unauthorized access. The goal is to protect adequately to meet business needs without undue risk, making the right trade-offs between security and cost, performance and functionality.

For example, consider four different e-commerce users: an Internet Service Provider (ISP), a hospital administrator, a banker, and a military officer. Each has a different security concern.

  • The ISP is concerned primarily about availability—making services available to its customers.

  • The hospital administrator wants to ensure data integrity—that patient records are updated only by authorized staff.

  • The banker is most concerned about accountability—that the person who authorizes a financial transaction is identified and tracked.

  • The military officer wants confidentiality—to keep military secrets out of the hands of potential enemies[1].

The challenge is to implement security in a way that meets business needs cost-effectively, both in the short-term and as enterprise needs expand. Meeting the challenge requires a collaborative effort between corporate strategists and reformation technology managers. Understanding the business drivers for information security helps clarify where to focus security measures. Understanding the underlying application architecture (how components work together) clarifies the most practical approach for building system security. Distributed applications, in particular, require new ways of thinking.

Industrial experience in managing e-commerce information security is generally low. Security technology is changing rapidly, and corporate management is not well-equipped to cope with risk management changes caused by technology changes. New versions of interconnected e-commerce systems and software product versions continue to appear, and with each release a whole new set of security vulnerabilities surface.

Managing security risk in distributed e-commerce applications is daunting, but following some basic rules for building security into component-based applications lays the groundwork for a solid risk management approach. Although this chapter does not give detailed advice on security risk management, it does describe principles for building secure applications that are independent of any specific technology and will continue to be a guide for you as technologies evolve. This chapter provides basic principles for enterprise application integration, which are security integration themes that are repeatedly addressed by many enterprises.



Previous page
Table of content
Next page
Electronic Commerce (Networking Serie 2003)
Electronic Commerce (Charles River Media Networking/Security)
ISBN: 1584500646
EAN: 2147483647
Year: 2004
Pages: 260
Authors: Pete Loshin
BUY ON AMAZON
Software Configuration Management
Oracle Developer Forms Techniques
Data Structures and Algorithms in Java
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy