Information Security: A Proven Concern

Previous page
Table of content
Next page

Information security is a serious concern for most businesses. Even though reporting of computer-based crime is sporadic because companies fear negative publicity and continued attacks, the trend is quite clear: information security attacks continue to be a real threat to businesses. According to a recent Computer Security Institute Survey, 72% of interviewed businesses reported that they had been subjects of serious information security attacks in 2002. Seventy-four percent of the businesses reported that the attacks caused significant financial losses, such as losses due to financial fraud or theft of valuable intellectual property.

The threats to businesses are from both internal and external attacks. In the same survey, 61% of the businesses reported they were subjected to attacks launched from the Internet, and 83% of businesses reported that insider attack (by trusted corporate users) was a primary concern. This last statistic is very important—to meet corporate needs, a complete end-to-end security solution must address insider attacks.

Most e-commerce solutions today blur the line between the insider world containing trusted users and the outside world containing potentially hostile attackers. Furthermore, the primary purpose of multitier architectures is to open up the corporate network to the external world, thus allowing valuable corporate resources to be accessible to outsiders. Outsiders (such as business partners, suppliers, or remote employees) may have very similar data access rights to corporate information as many insiders. As a result, protection mechanisms must be in place not only at the external system boundaries, but also throughout the enterprise architecture.

According to a META Group survey, 72% of businesses view information security as critical to their corporate mission. Due to the continuing threat, many businesses are increasing their spending on security; large corporations are increasing their spending the most. Piecemeal security solutions can be worse than no security at all, because they result in:

  • Increased maintenance, training, and administration cost

  • Point solutions that don’t scale or interoperate

  • Redundant spending across the organization[1]

Applying security products without thinking about how they all fit together clearly does not work. Businesses should build and leverage a common security infrastructure that is shared across the enterprise. An integrated approach to security is the only way to address complex, multitier e-commerce applications, which will be explained later in this chapter.



Previous page
Table of content
Next page
Electronic Commerce (Networking Serie 2003)
Electronic Commerce (Charles River Media Networking/Security)
ISBN: 1584500646
EAN: 2147483647
Year: 2004
Pages: 260
Authors: Pete Loshin
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
A+ Fast Pass
Introduction to 80x86 Assembly Language and Computer Architecture
InDesign Type: Professional Typography with Adobe InDesign CS2
MPLS Configuration on Cisco IOS Software
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy